Options

Its Quiet At My New WorkPlace!! I work in Security - WTF?!?!

egrizzlyegrizzly Member Posts: 533 ■■■■■□□□□□

It's Quiet At Work - What To Do??

So I started this new job at a Fortune 500 company.  I'm one of the senior endpoint guys there however, after I login every morning, there doesn't seem to be stuff to do or even messages being communicated by my boss (or co-workers) through email or IM.  My previous workplace was completely opposite as their was chaos everyday.

So has any of you all in cybersecurity experienced this type of environment?  ...is it typical of Fortune 500 companies?  As far as employee count goes we have approx. 6000 employees.

If this is the norm at some Fortune 500 workplaces what are my options on what to do?

1.) Should I find a second job to fill in some of the dead time?
2.) Should I chase down my manager or manager of other departments and ask for work?
3.) Any other "best" line of action to take?

A dozen thanks to all of you for suggestions, comments, or overall participation.
B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+

Comments

  • Options
    UnixGuyUnixGuy Mod Posts: 4,566 Mod
    Not uncommon at all, use the time to learn about all sort of things, build relationships at work, automate/improve things, work on certs
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • Options
    chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    edited August 2022
    If things are quiet, I would recommend to start pulling up stats and reports you can use to relay to management. Perhaps start putting together a list of top 10 tips and guides you can put in a company sharepoint or security news letter. A little infosec end user education. At the very least get some reports and stats going. Data will help you see any glaring holes in the protection stack. 

    The other tips that UnixGuy mentioned were great as well. Start building relationships, communication, looking to help other teams. 
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • Options
    xagreusxagreus Member Posts: 116 ■■■■□□□□□□
    If it's not overstepping, you could make recommendations for security improvements.

    You're probably familiar with the Center for Internet Security. You could look into using their benchmarks if applicable to your responsibilities and/or see if other groups (such as network operations) are using them:

    https://www.cisecurity.org/cis-benchmarks/
    A+, Net+, Sec+, CySA+, CCNA, ITIL 2011 Foundation, AWS CCP, ISC2 CC, MS SC-900, MS AZ-900
    2024 goals: AZ-900, Cloud+, Palo Alto PCNSA, CyberOps Associate, DevNet Associate, Project+
  • Options
    JDMurrayJDMurray Admin Posts: 13,041 Admin
    Find out how the performance of workers in your role is measured in your org. How do they know that you are doing a quality job and are pulling your weight? This will indicate if you are being properly utilized or not.
  • Options
    E Double UE Double U Member Posts: 2,232 ■■■■■■■■■■
    If you were hired to be a senior, you manager may be expecting you to create work. I recommend regular dialogue with mgmt to be sure you are doing what is expected of you. When that box is checked, I like to use my downtime to study for certifications. 
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • Options
    Tekn0logyTekn0logy Member Posts: 113 ■■■■□□□□□□
    egrizzly said:

    It's Quiet At Work - What To Do??

    2.) Should I chase down my manager or manager of other departments and ask for work?

    Not a good idea unless water cooler banter suggests everyone else has spare cycles.

    Possible that most end users are WFH and not using a VPN. Does your company use MDM?
    What visibility do you have into security events? Are all endpoints up to date with patches, AV?


Sign In or Register to comment.