Job change

I currently work as an information security officer where I do get to do some tech stuff; mainly in AD and DB security areas. I have an offer to move into IT audit; they are looking for an internal auditor with security background. Although not yet decided but from the looks of it the pay raise could be anywhere 30-50%.

I am only concerned with the fact that I won't be able to get hands on experience on devices, not that I do in this job but there is opportunity available to get some Cisco experience in future.

My long term goal is to end up in information security management.

My my goal, this opportunity sounds pretty good since it gives you a good insight into management as well/

My question, what would you do in this situation, would you take it up?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

imfrom51

I had been on the technical side for a number of years, when a job in Information Security came my way. I took the job and have not looked back. I love it. I am sure some of that has to do with my workmate, but nonetheless, it's great. I don't do to much technical work anymore, but my knowledge in that area has really paid off. Especially when meeting with I.T, vendors etc. I have learned about NIST, ISO, HIPAA (I am in Health care), which is invaluable in this day and age. If you love the technical side, and couldn't live without it, then you might want to look someplace else. Otherwise, go for it. It can't hurt. My duties include, audits, investigations, Threat analysis and detection, policy and procedure writing, training and education and then some.

As you say your long term goal in Infosec management. If this is truly your desire, then you will have to "give up" some of the technical aspects and follow the paper pushing track. It sounds boring, but, I love it. I feel it gives me more understanding of the WHY instead of the HOW. I may not know how to do something (set up a firewall with the appropriate settings), but I know why they should have those settings.

Hope that helps.

coffeeking

imfrom51 wrote: »

I had been on the technical side for a number of years, when a job in Information Security came my way. I took the job and have not looked back. I love it. I am sure some of that has to do with my workmate, but nonetheless, it's great. I don't do to much technical work anymore, but my knowledge in that area has really paid off. Especially when meeting with I.T, vendors etc. I have learned about NIST, ISO, HIPAA (I am in Health care), which is invaluable in this day and age. If you love the technical side, and couldn't live without it, then you might want to look someplace else. Otherwise, go for it. It can't hurt. My duties include, audits, investigations, Threat analysis and detection, policy and procedure writing, training and education and then some.

As you say your long term goal in Infosec management. If this is truly your desire, then you will have to "give up" some of the technical aspects and follow the paper pushing track. It sounds boring, but, I love it. I feel it gives me more understanding of the WHY instead of the HOW. I may not know how to do something (set up a firewall with the appropriate settings), but I know why they should have those settings.

Hope that helps.

Yes it does and thanks for the reply and advise, actually it is almost like this is what I wanted to hear because I have told the same thing by one of my Infosec managers that if I want to end up in infosec management then you have to start questioning the WHY instead of HOW. This guy is not a techi either but has a in-depth understanding of Infosec and is managing it very well. I myself am not a techie by heart but need to have some experience in this domain before I can move to management side of it. But, whoever I have spoken to about this has said to move on since I have spent more than 2 year at my current job and should make a move now.

Appreciate your response.