From 'Admin'>INFOSEC
TNT143
Member Posts: 33 ■■□□□□□□□□
Does anyone have any advice on how to 'merge' from an administrative (not a SysAdmin type, but a paper pusher type) to INFOSEC? I'm looking to be somewhat administrative for the INFOSEC (not the nitty gritty)... here's a bit about my background...
Mailroom>Admin Assistant>Problem Management/Testing/Help Desk>Operations Dispatch/Help Desk>Systems Support/Help Desk>QA Engineer for a Help Desk
The security experience I do have comes from 'round about' experience securing information, training, and process/procedural documentation and implementation. Have I actually had 'security' in my title or duties no, but security is everyone's responsibility and I have gone above and beyond currently to ensure we meet the FISMA guidelines. I've helped with C&A on several projects and things of that nature.
I'm also working on Sec+ to get me looked at, but I'm not sure how to get involved in a position that will help me grow into the role I ultimately want...
Thanks in advance for any insight!
Mailroom>Admin Assistant>Problem Management/Testing/Help Desk>Operations Dispatch/Help Desk>Systems Support/Help Desk>QA Engineer for a Help Desk
The security experience I do have comes from 'round about' experience securing information, training, and process/procedural documentation and implementation. Have I actually had 'security' in my title or duties no, but security is everyone's responsibility and I have gone above and beyond currently to ensure we meet the FISMA guidelines. I've helped with C&A on several projects and things of that nature.
I'm also working on Sec+ to get me looked at, but I'm not sure how to get involved in a position that will help me grow into the role I ultimately want...
Thanks in advance for any insight!
WIP
Project+
MS: Info. Sys Mgt/Info Security
:thumbup: Achieved
Security+
ITIL Foundations v3
Project+
MS: Info. Sys Mgt/Info Security
:thumbup: Achieved
Security+
ITIL Foundations v3
Comments
-
powerfool
Member Posts: 1,666 ■■■■■■■■□□
Well, you will probably want to gear your certifications and education towards the policy side, then. Also, focusing on compliance will be a good niche for you. Before you asked this, I really would not have thought about this transition, but it seems very doable. You will want to get very familiar with regulatory requirements, as well. Depending on your area of work, federal requirements may not be a big deal, but it would never be a bad idea to at least have cursory knowledge of them. FISMA, DIACAP, NIST, PCI-DSS, FIPS, SOX or SarbOx, etc.
Best wishes in your efforts.2024 Renew: [ ] AZ-204 [ ] AZ-305 [ ] AZ-400 [ ] AZ-500 [ ] Vault Assoc.
2024 New: [X] AWS SAP [ ] CKA [ ] Terraform Auth/Ops Pro -
TNT143
Member Posts: 33 ■■□□□□□□□□
Well, you will probably want to gear your certifications and education towards the policy side, then. Also, focusing on compliance will be a good niche for you. Before you asked this, I really would not have thought about this transition, but it seems very doable. You will want to get very familiar with regulatory requirements, as well. Depending on your area of work, federal requirements may not be a big deal, but it would never be a bad idea to at least have cursory knowledge of them. FISMA, DIACAP, NIST, PCI-DSS, FIPS, SOX or SarbOx, etc.
Best wishes in your efforts.
Aside from reading up on them and becoming involved on the processes, are there any actual 'certification' in the requirements? I will also be working on my ITIL v3 (not sure which route within that yet). I'm also attempting the "FSO" tests and whatnot from... oh man, I can't remember the site...
Thanks for the wishes.WIP
Project+
MS: Info. Sys Mgt/Info Security
:thumbup: Achieved
Security+
ITIL Foundations v3 -
powerfool
Member Posts: 1,666 ■■■■■■■■□□
There are various graduate programs that focus on the policy side of things. As far as certifications go, those exist as well, but they typically have technical aspects in addition to policy, like the CISSP.2024 Renew: [ ] AZ-204 [ ] AZ-305 [ ] AZ-400 [ ] AZ-500 [ ] Vault Assoc.
2024 New: [X] AWS SAP [ ] CKA [ ] Terraform Auth/Ops Pro -
TNT143
Member Posts: 33 ■■□□□□□□□□
I'm in a Graduate program name for Information Systems Management with a concentration in Information Security hoping that'll help.WIP
Project+
MS: Info. Sys Mgt/Info Security
:thumbup: Achieved
Security+
ITIL Foundations v3 -
dynamik
Banned Posts: 12,312 ■■■■■■■■■□
Where do you want to go in security? You could probably transition into risk assessments, auditing, security program development a lot easier than if you were looking for something like becoming a penetration tester. -
Turgon
Banned Posts: 6,308 ■■■■■■■■■□
Does anyone have any advice on how to 'merge' from an administrative (not a SysAdmin type, but a paper pusher type) to INFOSEC? I'm looking to be somewhat administrative for the INFOSEC (not the nitty gritty)... here's a bit about my background...
Mailroom>Admin Assistant>Problem Management/Testing/Help Desk>Operations Dispatch/Help Desk>Systems Support/Help Desk>QA Engineer for a Help Desk
The security experience I do have comes from 'round about' experience securing information, training, and process/procedural documentation and implementation. Have I actually had 'security' in my title or duties no, but security is everyone's responsibility and I have gone above and beyond currently to ensure we meet the FISMA guidelines. I've helped with C&A on several projects and things of that nature.
I'm also working on Sec+ to get me looked at, but I'm not sure how to get involved in a position that will help me grow into the role I ultimately want...
Thanks in advance for any insight!
Security employs many people days and the field is very wide. You are most probably looking at opportunities in the softer side of security as opposed to the technical elements. Check out any potential junior auditor roles.
