.

What type of security job would suit my personality?

<<

Cuddles

User avatar

Newbie
Newbie

Posts: 2

Joined: Thu Mar 03, 2011 3:48 pm

Post Thu Aug 11, 2011 9:14 am

What type of security job would suit my personality?

I'm currently a Linux sys admin who is thinking of getting into security.  I spend a good deal of free time "playing" with security concepts because I find them interesting.  The problem for me though, is that I can't seem to pick a specialty.  I like forensics and find some of it interesting, but there's no way I'd want to do just that full time.  I enjoyed the Pentesting with Backtrack/OSCP course and would like to continue to develop these skills, but I'm not certain that I'd want to pentest all day every day.  (Or write the reports for that matter).  I don't mind researching vulnerabilities, but I wouldn't want a job fuzzing and looking through code for bugs.  And so on and so forth.

Is there any type of position that would allow me to be something of a security generalist, playing with all the various realms within security?  Would it be better to just focus on a particular field, work in it for a couple of years before moving on to another?  Are any fields more capable of handling what I refer to as my "intellectual ADHD" by being more variable and dynamic than others?
Last edited by Cuddles on Thu Aug 11, 2011 9:17 am, edited 1 time in total.
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Thu Aug 11, 2011 10:21 am

Re: What type of security job would suit my personality?

Be the security guy for a small to medium sized organization and that's exactly what you will be doing. In a larger organization you will likely have to specialize.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Thu Aug 11, 2011 10:25 am

Re: What type of security job would suit my personality?

Maybe I'll get flamed for this, but what's wrong with Security Defense with a side of Incident Response?

Here's my thinking: Leverage the position you have as a system admin, and start tossing up some monitoring tools. Get centralized log servers, with automated scripts parsing the logs and emailing you the information you need. Set up a couple of packet capture devices on the network. My favorite was my linux box with wireshark connected to a span port watching all the internal traffic going out to the internet.

Use your pentest skills against those boxes. If you have company buy off on the monitoring systems, and you maintain them, you can test them. My argument was, these boxes capture all the data in the company, you don't want some random person to come along and abuse internal secrets.

On occasion, get a snapshot or other copy of a box in production, virtualize the copy, and then test against that. (Use the forensic skills to get a clean copy). Don't just try to pen-test it, do a full review of the copy to make sure it's not been popped.

The above was kind of what I was doing at my last job.

"Oh the network is slow? Hang on..." 30 minutes later "Network is slow because you have 15 people listening to Pandora, 5 watching the Laker's game from last night, 1 person torrenting something, and about 40 people on Youtube.  Plus a bunch of traffic going to the old 172.31 network because the Help Desk hasn't finished re-imaging, and the traffic is looping between us and the network provider and the edge system at the datacenter." < true story.
OSWP, Sec+
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Thu Aug 11, 2011 10:26 am

Re: What type of security job would suit my personality?

tturner wrote:Be the security guy for a small to medium sized organization and that's exactly what you will be doing. In a larger organization you will likely have to specialize.


The problem is convincing the company they need you. Small to medium company, why do we need a security person, no one will want to attack us. (was the guy at a small company, mainly I got to do security because I had nothing else to do, and they didn't like it).
OSWP, Sec+
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Thu Aug 11, 2011 10:49 am

Re: What type of security job would suit my personality?

chrisj wrote:
tturner wrote:Be the security guy for a small to medium sized organization and that's exactly what you will be doing. In a larger organization you will likely have to specialize.


The problem is convincing the company they need you. Small to medium company, why do we need a security person, no one will want to attack us. (was the guy at a small company, mainly I got to do security because I had nothing else to do, and they didn't like it).


This is exactly my problem at my current position.  Because the company is so small, they don't see a need for security.
GSEC, eCPPT, Sec+
<<

WCNA

User avatar

Full Member
Full Member

Posts: 187

Joined: Wed Mar 02, 2011 8:05 am

Location: Florida

Post Thu Aug 11, 2011 11:58 am

Re: What type of security job would suit my personality?

Would it be better to just focus on a particular field, work in it for a couple of years before moving on to another? 


How about this for a completely unexpected answer?

It doesn't matter.

If you are anything like me (and I expect there are a lot of people here like me), no job will ever satisfy you. I'm an information junkie and a person that loves to learn. Once I've mastered a skill, I usually get bored and move on to something else. Recently, I've been racking up certs (4 in the last year). Before that, even though my job is in IT, I went off on a completely different tangent- macroeconomics (due to the crash and recession).

Before I was in IT, I was a telecom tech....topped out in that field in 3 years and moved to IT. Before that was a bunch of different professions.  I'm in my 50's now and I have realized that no one job will ever satisfy me. At least with computer technology there is always something new right around the corner.
http://www.ted.com/talks/harald_haas_wireless_data_from_every_light_bulb.html

I took some of those psychological career path tests you see online once and found them completely useless. So my suggestion is go just with your gut and see where it takes you. Only you know what suits you best. And if it doesn't work out then move on. One day you may find out that you're like me and that the journey is the best part of life.
ISC2 Associate, WCNA, CWNA, OSCP, Network+
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Thu Aug 11, 2011 12:12 pm

Re: What type of security job would suit my personality?

The thing I like about Info Sec is that there are so many avenues of interesting topics and skills to persue.  This is also the thing I hate most.  My biggest problem is focus.  I will be concentrating on one thing and then I come across something that leads me to branch off it and next thing I know I spent two days working that problem and almost completely forgot what I was working on. 

This time around I am in an Incident Respons position, but more on the investigative side.  Right now I am stuck looking at logs and answering to the mothership when they magically spot something and then it magically appears.  My old position I was a generalist, Security Admin and the responsibilities ranged from patching and AV to network configurations, firewall rule modifcations and a few other duties tossed in for good measure. 

Now I have settled on working on malware analysis, I find it interesting to know how some of these annoying little programs do their dirty work.  Hopefully I will focus on this for a while and in  between things I will work on pentesting skills.

But I would agree the best thing to do is get into a position where you are THE security guy for a SMB.  After you have the ability to play with everything then maybe you will find that one area that you excel in.  Good luck!!
Certs: GCWN
(@)Dewser
<<

Cuddles

User avatar

Newbie
Newbie

Posts: 2

Joined: Thu Mar 03, 2011 3:48 pm

Post Thu Aug 11, 2011 3:38 pm

Re: What type of security job would suit my personality?

Thanks for the responses.  There's a lot of good stuff here for me to consider.

Unfortunately, this response is probably going to be the closest to the mark:
WCNA wrote:It doesn't matter.

If you are anything like me (and I expect there are a lot of people here like me), no job will ever satisfy you.
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Thu Aug 11, 2011 9:01 pm

Re: What type of security job would suit my personality?

Cuddles wrote:Thanks for the responses.  There's a lot of good stuff here for me to consider.

Unfortunately, this response is probably going to be the closest to the mark:
WCNA wrote:It doesn't matter.

If you are anything like me (and I expect there are a lot of people here like me), no job will ever satisfy you.



I used to feel that way a long time ago. But I also learned a long time a go (not as long though), its not the work that fulfills, and thus satisfies you, it's what we do that is. Meaning the sum of our work.

I worked for a publishing company, focused on the MBAs, and other Master and higher classes. I felt like my work had no meaning, didn't make a difference in the grand scheme of things. Now, the people I work for, I spend most of my time setting up VPNs between Health Information Exchanges, hospitals, labs, and doctor offices so patient data can transfer around faster in a more secure manner. I actually feel like what I'm doing might help someone get treated faster or better. It's work below me, but I think this is the happiest I've been working in a long time.
OSWP, Sec+
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Thu Aug 11, 2011 10:28 pm

Re: What type of security job would suit my personality?

I used to work in a company that they said that they were very small so secuirty was not important. I did not care.

I learnt a little bit nmap and metasploit so I begin to scan every server and machine I was working on. Later begin to turn on firewall in the machine and closed ports that we did not need, at the same time I was working with my Microsoft exams, everything begin to make sence.

I moved to another company (IT provider) and now all the experiments I did a basic testing give me more confidents and when we got a problem like a phone/server sistem is hacked or is working very bad they send me...... It is a way to learn and open doors.
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/

Return to Career Central

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software