Your Start in Security

As most of you know I've gotten my first start in a security (like) role. Initially, it was a lot of software testing and then it began to flow into auditing for regulatory compliance. The regulatory compliance side will be continuing for the length of my career. But now I am weaving into the actual hard security side of things (today I loaded Kali on a laptop, setup the wireless card, and started cracking a few wireless access points in the lab). My issue is, I'm being thrown into a lot of different projects at once all requiring slightly different skills (this isn't a complaint as each day is different and I've been made the head of two major projects at this point which is great). My question is, how do you specialize in an environment such as this? Each time I think I know what I should be studying/researching a new item presents itself and I need to switch gears.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

docrice

You're in the danger of being stretched thin under the possible assumption that security is a generalized, single-domain subject area that can be accomplished by one person, or the work has just lent itself to touching many different areas for which there typically are dedicated, specialized individuals. I would sort of coin this as a jack-of-all-trades security approach.

Which isn't a bad thing. You're essentially forced to dive into a lot of things simultaneously or serially and it shakes up your status quo, so you can relish this experience. But be wary if there's an expectation of what can be accomplished (and the depth) when the requirements to make it happen doesn't reflect the reality of your resource bucket.

CoolAsAFan

If I was you and I could handle it, I would just continue doing what your doing and learning as much as possible. It sounds like your gaining valuable experience. Also, it never hurts to ask for help if you need it.

the_Grinch

Excellent advice guys! I'm definitely in a position where if I can't do something or needed help I can let my boss (and several layers above him) know without it being an issue. Generally speaking they are fairly surprised I was able to handle what has been on my plate thus far. I guess my hang up, as docrice put it, is the jack of all trades in security label. I'm hoping things calm a bit and that we get the numbers to break things off into a separate group (basically, we are legally allowed to make an Office of Internet Gaming, but the numbers have to be there). If that happens then I think I could specialize and not be so helter-skelter. Thanks guys!

Mike-Mike

CoolAsAFan wrote: »

If I was you and I could handle it, I would just continue doing what your doing and learning as much as possible. It sounds like your gaining valuable experience.

this....

also, before long, you will know something about everything they do.. "hey Tom is sick today, who is familiar with Project XYZ? Hmmm... Just ask The Grinch, he knows everything"