Job Change Questions.

imfrom51 · December 2009

Hoping to get a bit of advice. At the moment I am working as a Security and Privacy Analyst. Duties include monitoring for threats and attacks, Network Activity, Investigations, Security Education, some policy and procedure. A new job has come up within the dept which if for a Security and Privacy Engineer. Seems like a no brainer to go for. At least $15k more per year, for not much difference in work. But.

I just spoke to the VP about the job and they said they it's main focus will be on Policy and Procedure (NIST, ISO 27002 etc) and not much on the technical side. I really like my job at the moment. I would be on the same team, just a different role. So, here are my questions.

1) Would a role (of writing policies) be good for me in the long run? In the future, I would like to get into Consultant so I could see where this would help.
2) Is it worth doing something that I am a little passionate about (for $15k more) as opposed to what I am doing now, which I really like.

Look forward to your input.
Thanks

dynamik · December 2009

Policies and procedures come into play with everything we do. I wouldn't want to spend 100% of my time with that, but it sounds like that will definitely round-out your skill set. It's up to you to make the most of it and push yourself into a consulting role and not get stuck there.

tpatt100 · December 2009

I do it 50/50 my current and last security position. If I had to do it full time I would kill myself. I need some techy stuff to do to make sure I don't become some paper pushing "security" guy who cannot even setup IIS or FTP.

blargoe · December 2009

I think this potential promotion could stepping stone into something even bigger for you down the road. Think a few steps ahead... like chess.

imfrom51 · December 2009

Thanks for the advice. It's pretty much what I was thinking. And, just to put your minds at rest, I don't think that it will be 100% of the time. Just most. I don't plan to do it for long, just until I get it under my belt, then, it's move on time.

Turgon · December 2009

imfrom51 wrote: »

Hoping to get a bit of advice. At the moment I am working as a Security and Privacy Analyst. Duties include monitoring for threats and attacks, Network Activity, Investigations, Security Education, some policy and procedure. A new job has come up within the dept which if for a Security and Privacy Engineer. Seems like a no brainer to go for. At least $15k more per year, for not much difference in work. But.

I just spoke to the VP about the job and they said they it's main focus will be on Policy and Procedure (NIST, ISO 27002 etc) and not much on the technical side. I really like my job at the moment. I would be on the same team, just a different role. So, here are my questions.

1) Would a role (of writing policies) be good for me in the long run? In the future, I would like to get into Consultant so I could see where this would help.
2) Is it worth doing something that I am a little passionate about (for $15k more) as opposed to what I am doing now, which I really like.

Look forward to your input.
Thanks

Do it. For good roles in security you want to be defining policy as opposed to harvesting information through audits and pentests. The financial and career rewards for technical security specialists will diminish in the years ahead just as they have already done for support professionals. There are of course exceptions but will you be exceptional? Even so it's going to become increasingly difficult to land really good primarily technical roles in the years ahead as things become more automated. This work could potentially help you move along in the decision making security space as opposed to the purely technical, and going by the job boards alone that is where the money is. Customer facing, potentially board level work.

Job Change Questions.

Comments