I'm currently a Linux sys admin who is thinking of getting into security.  I spend a good deal of free time "playing" with security concepts because I find them interesting.  The problem for me though, is that I can't seem to pick a specialty.  I like forensics and find some of it interesting, but there's no way I'd want to do just that full time.  I enjoyed the Pentesting with Backtrack/OSCP course and would like to continue to develop these skills, but I'm not certain that I'd want to pentest all day every day.  (Or write the reports for that matter).  I don't mind researching vulnerabilities, but I wouldn't want a job fuzzing and looking through code for bugs.  And so on and so forth.

Is there any type of position that would allow me to be something of a security generalist, playing with all the various realms within security?  Would it be better to just focus on a particular field, work in it for a couple of years before moving on to another?  Are any fields more capable of handling what I refer to as my "intellectual ADHD" by being more variable and dynamic than others?

Maybe I'll get flamed for this, but what's wrong with Security Defense with a side of Incident Response?

Here's my thinking: Leverage the position you have as a system admin, and start tossing up some monitoring tools. Get centralized log servers, with automated scripts parsing the logs and emailing you the information you need. Set up a couple of packet capture devices on the network. My favorite was my linux box with wireshark connected to a span port watching all the internal traffic going out to the internet.

Use your pentest skills against those boxes. If you have company buy off on the monitoring systems, and you maintain them, you can test them. My argument was, these boxes capture all the data in the company, you don't want some random person to come along and abuse internal secrets.

On occasion, get a snapshot or other copy of a box in production, virtualize the copy, and then test against that. (Use the forensic skills to get a clean copy). Don't just try to pen-test it, do a full review of the copy to make sure it's not been popped.

The above was kind of what I was doing at my last job.

"Oh the network is slow? Hang on..." 30 minutes later "Network is slow because you have 15 people listening to Pandora, 5 watching the Laker's game from last night, 1 person torrenting something, and about 40 people on Youtube.  Plus a bunch of traffic going to the old 172.31 network because the Help Desk hasn't finished re-imaging, and the traffic is looping between us and the network provider and the edge system at the datacenter." < true story.

This is exactly my problem at my current position.  Because the company is so small, they don't see a need for security.

The thing I like about Info Sec is that there are so many avenues of interesting topics and skills to persue.  This is also the thing I hate most.  My biggest problem is focus.  I will be concentrating on one thing and then I come across something that leads me to branch off it and next thing I know I spent two days working that problem and almost completely forgot what I was working on. 

This time around I am in an Incident Respons position, but more on the investigative side.  Right now I am stuck looking at logs and answering to the mothership when they magically spot something and then it magically appears.  My old position I was a generalist, Security Admin and the responsibilities ranged from patching and AV to network configurations, firewall rule modifcations and a few other duties tossed in for good measure. 

Now I have settled on working on malware analysis, I find it interesting to know how some of these annoying little programs do their dirty work.  Hopefully I will focus on this for a while and in  between things I will work on pentesting skills.

But I would agree the best thing to do is get into a position where you are THE security guy for a SMB.  After you have the ability to play with everything then maybe you will find that one area that you excel in.  Good luck!!

I used to feel that way a long time ago. But I also learned a long time a go (not as long though), its not the work that fulfills, and thus satisfies you, it's what we do that is. Meaning the sum of our work.

I worked for a publishing company, focused on the MBAs, and other Master and higher classes. I felt like my work had no meaning, didn't make a difference in the grand scheme of things. Now, the people I work for, I spend most of my time setting up VPNs between Health Information Exchanges, hospitals, labs, and doctor offices so patient data can transfer around faster in a more secure manner. I actually feel like what I'm doing might help someone get treated faster or better. It's work below me, but I think this is the happiest I've been working in a long time.