Options
Adjusting the career trajectory...
RoyalRaven
Member Posts: 142 ■■■□□□□□□□
That was a good term from one of my grad professors. Sometimes we need to do things that alter the overall career path that may be challenging or go against the grain in the short term.
The issue I'm running into is breaking free of the past trajectory to accommodate the new one. Have been down the Microsoft sys admin path for over 10 years, have a few years of direct security experience (primarily compliance/analyst skills) and lots of training/schooling behind me (done with masters!). Problem has been that almost everything I've worked on over the last decade has been at a university (as a FT staff employee) AND I've been pretty much pigeonholed as a Windows admin. I just don't get the work pressure or opportunities (locally) to keep advancing beyond that. I could go work for many places here doing Windows work...but security roles are still typically sparse/require quite a commute. Most co-workers are settled in and plan to stick things out for the long-haul, so it's creating too relaxed of an environment, less worry about competition. Just not getting flack from coworkers like I use to as they're not really into the continued training/certs anymore.
I'm trying to determine if I should stop keeping up with the MS certs (or better yet, trying to convince myself to stop pursuing the next version!). Most people keep putting me in Sys Admin roles, MS-centric and that's usually what everyone expects I should be doing. I have this passion to keep up the MS certs, but it's becoming something that the ROI isn't necessarily showing anymore...and now that I have a really good taste of security, I don't see myself going deeper into day-to-day management of the Windows platform. On the other hand, MS items are still relevant to what's primarily out there and taking a lot of forensics classes has kept me interested in a deep understanding of the Windows platform.
Anyone else have advice about trying to go full-throttle in IT security and keeping up the technical edge? Or is it healthier to drop the continued advancement of past achievements and only focus on what's on the horizon?
Just looking for some opinions on how to keep myself engaged and moving forward instead of stalling out.
The issue I'm running into is breaking free of the past trajectory to accommodate the new one. Have been down the Microsoft sys admin path for over 10 years, have a few years of direct security experience (primarily compliance/analyst skills) and lots of training/schooling behind me (done with masters!). Problem has been that almost everything I've worked on over the last decade has been at a university (as a FT staff employee) AND I've been pretty much pigeonholed as a Windows admin. I just don't get the work pressure or opportunities (locally) to keep advancing beyond that. I could go work for many places here doing Windows work...but security roles are still typically sparse/require quite a commute. Most co-workers are settled in and plan to stick things out for the long-haul, so it's creating too relaxed of an environment, less worry about competition. Just not getting flack from coworkers like I use to as they're not really into the continued training/certs anymore.
I'm trying to determine if I should stop keeping up with the MS certs (or better yet, trying to convince myself to stop pursuing the next version!). Most people keep putting me in Sys Admin roles, MS-centric and that's usually what everyone expects I should be doing. I have this passion to keep up the MS certs, but it's becoming something that the ROI isn't necessarily showing anymore...and now that I have a really good taste of security, I don't see myself going deeper into day-to-day management of the Windows platform. On the other hand, MS items are still relevant to what's primarily out there and taking a lot of forensics classes has kept me interested in a deep understanding of the Windows platform.
Anyone else have advice about trying to go full-throttle in IT security and keeping up the technical edge? Or is it healthier to drop the continued advancement of past achievements and only focus on what's on the horizon?
Just looking for some opinions on how to keep myself engaged and moving forward instead of stalling out.
Comments
-
Optionspaul78
Member Posts: 3,016 ■■■■■■■■■■
Great analogy...
I don't really have an answer. I have always avoided any type of technology specialization so I can stay nimble with my interests.
Maybe to shake things up, make a change and look for a job. Try to find a small company where you can be the joat and diversify your work. It would be easier to get into IT security is you have broader experience. -
Options
docrice
Member Posts: 1,706 ■■■■■■■■■■
I'd say specialize in Windows security from both a forensics, hardening, auditing, and compliance perspective. Since you have a rich background in the subject area, it's a good place to start and really dig in. Then you can branch out to networking and learn all the types of tools used to attack / pivot against Windows domains.
Maybe part-time consulting might be a good way to get your feet wet and with your university background, you'll probably look good on paper due to exposure to large campus environments.
I started in the Windows realm as well but eventually took on networking tasks and also put some effort into learning a bit of Linux. I work in security, but still as a generalist. It has its rewards and downsides. We all have to start somewhere.Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/ -
Options
f0rgiv3n
Member Posts: 598 ■■■■□□□□□□
If I were you I would also go over my resume/linkedin/social networking and tweak it so it's more security-centric. You have a lot of certs from Microsoft land but you also have your CISSP. I would just be sure to emphasize the correct experiences and certifications when talking about yourself. -
OptionsRoyalRaven
Member Posts: 142 ■■■□□□□□□□
I've adjusted resume/online profiles to be primarily security-centric, so I should be in good shape keeping up in that regard.
I was reading a few other recent threads in this forum and I do see a general trend that moving to another organization after many years in the same place has revitalized the IT drive or passion. I'm come to the realization that just having new scenery, new projects, and new co-workers would do wonders for me. Burnout symptoms? Yes...heavily.
I've turned down a LOT of Windows admin positions over the last year or so that would fix the new organization thing (most are about equal on pay/benefits)...but I keep going back to the thought that it's a super-comfortable move and I'd likely fall back into the same situation where I’d rather be doing Infosec work as my primary role. A lot of it also has to do with being completely done with my grad school program that I was working on for a long time. I was around a lot of like-minded classmates and that energy really helps motivate you to do your best and push the limits.
That’s where the trajectory part comes into play – can always find stable work as a Windows admin, however, there’s definitely a ceiling with that and I think I’m near it. I’m finding the Infosec area has a much greater potential, even if it takes learning a lot of new areas I have sort of ignored for a while. Consulting, as mentioned, is something I’m also considering if I run across the right opportunity.
I'm not in a position where I have to leave the current job immediately...I do have that luxury and keep searching for a well-off Infosec job even though the organization I’m in is getting pretty toxic. I also recently realized I should be focusing more on what my perceived weak areas are...such as Linux, understanding basic programming codes, getting into technical items on firewalls, IDS, SIEM, etc. instead of re-learning the latest version of Active Directory or OS. I'm definitely not weak on networking or some of the other related areas...but I don't work on them enough to keep up with the guys who do it daily, nor plan on getting “that” far down the path…knowing enough to have a meaningful conversation and a sense of how it all works, but not at the bit level.
I do have the experience and exposure to get a CISM (and have been a ISACA member for a long time, so I should have that!) and I have considered the CEH as a way to branch into new areas and still touching lots of tech. The SANS certs are also right up my alley and would be a way to keep in touch with things I know while diving into others. I like keeping cert goals regardless of how many I have as it keeps me pursuing learning and keeps me fresh.
I’m sure most of the trouble I’m going through now is short-term and it won’t be long before I’m on that proper path moving forward