InfoSec and Security - not that glamorus of a field people - Wake up!
Comments
-
Gess Member Posts: 144 ■■■□□□□□□□Glory?
It put a roof over my head, food on the table, cars/motorcycles in my garage, and computers in my study. Who needs glory?
Anyone that signs up for an IT career for glory deserves what they get. -
pinkydapimp Member Posts: 732 ■■■■■□□□□□As stated. The reality of Info sec is its a huge area that has alot to it. That's also evidenced in how hard it is to actually protect an organization. You need strong processes, user training, governance and compliance, smart risk analysis, access controls, regular audits, trusted employees, management buy in, etc. It takes a lot. No one person is going to reap the rewards of a successful security program. it takes many. That also means that you can get into info sec many ways, and also do many things. As stated, its not just pen-testing. I think the same goes for IT in general as well. its mot just desktop, network and sysadmin work. Both are really broad terms.
-
SoCalGuy858 Member Posts: 150 ■■■□□□□□□□I'm in a unique position compared to most, in that I was able to jump into a dedicated security position after only a few years of being a sysadmin / help desk guy. Expressing an interest in security to my very security-minded boss paid off when he was lateral "promoted" from IT Director to Information Security Director. Since we're a new security department, and it's just the two of us, I've been able to get my feet wet in quite a bit of things, from authoring tons of policies; designing and running vulnerability scanning infrastructure; crafting mock phishing e-mails for security awareness assessments; and running gap analysis, auditing, implementing governance controls for ISO-27002, NERC-CIP, and PCI-DSS etc. I love it and drink it up, but I will say that given my fairly short time (compared to most) as a sysadmin, I feel that I am at somewhat of a disadvantage. Despite that, though, I just find myself continually identifying weak areas of knowledge and studying my butt off (as I think anyone should!).LinkedIn - Just mention you're from TE!
-
Mike-Mike Member Posts: 1,860SoCalGuy858 wrote: »I'm in a unique position compared to most, in that I was able to jump into a dedicated security position after only a few years of being a sysadmin / help desk guy. Expressing an interest in security to my very security-minded boss paid off when he was lateral "promoted" from IT Director to Information Security Director. Since we're a new security department, and it's just the two of us, I've been able to get my feet wet in quite a bit of things, from authoring tons of policies; designing and running vulnerability scanning infrastructure; crafting mock phishing e-mails for security awareness assessments; and running gap analysis, auditing, implementing governance controls for ISO-27002, NERC-CIP, and PCI-DSS etc. I love it and drink it up, but I will say that given my fairly short time (compared to most) as a sysadmin, I feel that I am at somewhat of a disadvantage. Despite that, though, I just find myself continually identifying weak areas of knowledge and studying my butt off (as I think anyone should!).
I am in a somewhat similar situation, although just starting. However I'm very excited and can't wait to dig into itCurrently Working On
CWTS, then WireShark -
Blackout Member Posts: 512 ■■■■□□□□□□People ask me all the time, Im not a security guy, but I always tell them get REALLY REALLY good with Linux. A lot of them will start to mess with Linux and it will kill their Drive lolCurrent Certification Path: CCNA, CCNP Security, CCDA, CCIE Security
"Practice doesn't make perfect. Perfect practice makes perfect"
Vincent Thomas "Vince" Lombardi -
SteveLord Member Posts: 1,717I call our security team the party of NO!
And as talented as they are, I've been around them enough to agree with what many posted here.WGU B.S.IT - 9/1/2015 >>> ??? -
itstudent10 Member Posts: 7 ■□□□□□□□□□I like this thread, because like SoCal a few posts above, I also came into it with relatively short experience as a sysadmin and even though I wasn't expecting the hacking that everyone else outside of IT thinks (trust me, I read the job duties before getting into it), I did expect to get more enjoyment out of it. I'm currently in a sec analyst/governance role and looking at spreadsheets is what I do most of the time sadly. I thought of it as a way to get into a more technical role (what that means, I'm still admittedly figuring that out - I do like vulnerability management somewhat - since as a sysadmin I enjoyed patching vulnerabilities, but being on the other side in an enforcer type role isn't a good fit for me either), but after reading other threads, I realized maybe I jumped too quickly.
-
ramrunner800 Member Posts: 238There are lots of positions available in infosec for those without much experience, if they are driven and really really want to be there. I love the fact that I make more money than most people can hope for to do things that I personally find very sexy and exciting. Sure, combing through logs and file systems for infection vectors may not be what everybody finds sexy, but I love the thrill of the hunt. I'm certainly not well rounded enough yet to go do this in a small organization where I'm the go-to guy, but in a large organization where I can be the padawan surrounded by Jedi Knights teaching me their ways it's perfect. There are lots of positions like that out there, and I think that the tone of this post is way to down on those who might be excited to get into this field.Currently Studying For: GXPN