IA Roles and the Private Sector Equivalents?
ArabianKnight
Member Posts: 278 ■■■□□□□□□□
I have been working in the DOD space since birth doing mostly technical security ops roles such as CND Analyst (SOC analyst), CTI Analyst (threat intel) and such. I have been looking at IA roles such as ISSO, ISSE, and ISSM but I am having a hard time matching these IA roles to the private sector equivalents. I have been thinking about moving into a risk management related role in the private sector but still want to stay close to my technical side if possible. I have looked at some risk related positions online and they all appear to be primarily non-technical. Is there category of roles that I can do where I can still be kinda hands on doing a bit of technical stuff but still performing a primarily risk management role?
Comments
-
JDMurray Admin Posts: 13,090 AdminArabianKnight said:I have been thinking about moving into a risk management related role in the private sector but still want to stay close to my technical side if possible.
-
UnixGuy Mod Posts: 4,570 ModAs JD said, GRC isn't a technical role, but to be a good GRC pro (or a competent CISO) you do need technical background but your day to do is reporting and and evidence/planning/frameworks/etc , you wont be looking at firewalls or attacks or pentesting.if you want a bit of technical work, why are you looking at GRC/Risk?
-
scasc Member Posts: 465 ■■■■■■■□□□A few places do still offer audit based roles which are hands on in the sense you may have read only access to the platform to then obtain the data you need to deduce risk based on configuration/non-compliance etc. Pretty niche but it does exist. The only other thing is getting a first line role in the risk/consultancy team of an organisation and working with the techies but again this wont be hands on based more technical advisory.
Otherwise its all non-tech based in GRC and auditing.AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia... -
ArabianKnight Member Posts: 278 ■■■□□□□□□□I am seeing lots of job descriptions for IA roles that want knowledge of or exp with technical stuff. Quite frankly, I am tired of playing catch-up with the fat guy with the ponytail and flip-flops (Simpsons reference) that has 20+ certs and seems to know everything, no offense to anyone with lots of certs but I just dont have the capacity or desire for that level of learning. Looking for something less technical but still in the infosec space.
-
scasc Member Posts: 465 ■■■■■■■□□□No offence taken to the comic guy reference . Just trying to point you in the right direction based on your initial comment in wanting to still be hands on. However that doesn’t seem to be the case anymore.AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
-
JDMurray Admin Posts: 13,090 AdminArabianKnight said:Looking for something less technical but still in the infosec space.
-
UnixGuy Mod Posts: 4,570 ModArabianKnight said:Looking for something less technical but still in the infosec space.Then GRC is what you're after. Another option would be management. I have a video about GRC (youtube in my signature).I did consulting, then management, and now im back to consulting. I use my technical knowledge but my role isn't technical at all. I'm out and about talking to clients, presenting, building relationships, writing reports (70% of the job!), and I don't have enough hair to grow a pony tail.