Looking for Career Advice

I am looking for some long range career advice. Currently I work as a security analyst and make in the high 50s. I have a liberal arts bachelors and a lib arts masters. I have always been technical, and worked odd ball IT jobs for some time. I got my current position due to my sys admin experience in academia. Also my employer was looking for a relative neophyte to security, so they could be molded to the type of work we do better.

Part of my continued employment was contigent on my passing of the GSEC before my 2 year mark, just to show that their trust in my technical aptitude was not misplaced. I passed the GSEC with a 94% last March. I am also in talks with my boss to pursue other certs, namely the GCIH and SSCP. My employer also requires I attain CISSP by 6 years of employment.

I love my job and all the hands on learning. InfoSec is really a great field to be in. My only complaints about my job is that I don't get my hands dirty with networking. I don't manage a firewall and do not get experience with any networking equipment, mainly because a separate group handles that stuff. I want to become a more well rounded InfoSec guy who really knows the ins and outs of enterprise level networks. I have thought of doing certs in that direction, but a cert without real world experience has limited value. I mainly handle email filters, internet usage logs, Nessus scanning and SIEM management.

My ultimate goal is to expand my knowledge, commensurate with that of most experienced InfoSec professionals, who typically have a more diverse IT background than I do. Also a bigger salary would be nice too.

Find more posts tagged with

Comments

paul78

It sounds like you have an employer that is willing to invest to nurture the careers of their employees. That management culture can be very valuable if you are interested in growing with your current employer.

From your description, it sounds like you are already gaining experience that would be valuable in an infosec career. SIEM management (assuming that you work for a decent size enterprise) can give you great insight into the threats against an enterprise. And if you are also performing and analyzing vulnerability scanning results. That experience will give you insight into weakness in an enterprise.

I actually feel that those 2 job roles are much more valuable and important than any hands-on experience that you could get working with firewalls or networking. Firewalls and networks are only one small dimension.

Assuming that your job involves scanning multiple types of devices and applications - that would give you much more exposure to understanding how a total security posture of an enterprise from - patch management, bad configurations, application vulnerabilities. And if you are performing SIEM analysis, you undoubtedly are exposed to DLP events, application scanning, network probes, bot traffic, and IDS events.

I think you are actually in a pretty good place if you are interested in technical aspect of infosec. A well-rounded infosec professional would also need to have an understanding of legal and privacy matters, governance, and risk management - not as sexy but also important if you have long-range thoughts about management or senior-level leadership.

laughing_man

Thanks for the encouraging words Paul. I would like to help my company get more value out of our SIEM and vuln scans. We are migrating to a new SIEM, so that should provide me the impetus to really hit the books and make sure I can do exactly that. Any training anyone could recommend to help me in that goal? Like I said before, incident handling seems to be the way to go. We are not a very large company, but we are already talking of formalizing an incident response team, and I want to be in the thick of it when that happens.

Again any training/reading material that any one can recommend?

paul78

I see you have the GSEC. Have you explored the SANS reading room. There are usually some quick peer research papers which can be interesting. I also enjoy listening to the Defcon presentations on Youtube. And although, I haven't actually had the time to do so, the courses on Coursera.com have some interesting infosec classes.

All of the above are free resources and very high quality imho.

JDMurray

DEF CON Media Archives Portal

the_Grinch

What exactly is your end goal? You appear to be doing it backwards. I tend to believe most people who begin in infosec start off as a jack of all trades and then begin to specialize. In your case you are already specialized so why take the step back? Also, is there a chance you can move to the team that handles the network related stuff? Just seems like a waste to jump to learn networking stuff and then not be able to utilize it everyday.

laughing_man

Thanks gents for the info.

Grinch -

I guess I am trying to get more general knowledge. Our department is interesting in that while each member of our team has specialties, we often are called into projects to offer a more general security perspective, and a lot of these projects deal with networking to a level of detail that I am not competent at. Granted, my focus on log analysis and vulnerability management is my bread and butter and I do not want to back off that. So to rephrase things I want to gain some more general knowledge that will be helpful in those situations where it is needed, but not to the level that would be required of a network engineer.

Your post helps put this into perspective for me that really I just need to study up on these subjects and not necessarily pursue advanced training or certification in those areas, as I will have little to gain from doing so. Thanks!