I've been the Systems Administrator for a small company since 2006, and I'm trying to make the transition from Systems Administrator to Security Analyst, and was hoping to get some insight to see if what I'm doing it right, or if there's anything I can be doing better.
Being the only tech professional for a small company has it good points and bad points.
On the good side:
- I'm involved with every piece of technology that comes through here.
- I've learned to adapt quickly and learn new technologies very rapidly.
- I have a basic knowledge of a wide variety of systems.
On the bad side:
- I don't have any help.
- I'm not an expert on any one of the technologies I deal with.
- I don't have any experience in a larger corporation.
I haven't had much to do with security for a long time, as I typically don't get to use it at my current job. That being said, I realized at a security competition that I attended last week, that my passion still lies in security. I can't remember a time that I've been more excited and motivated. This can even be seen with my activity in this forum. I was very active around the time I got my CEH, back in 2008, but it died off. I've become active again in the past couple of months, while preparing for this competition.
I'm now active in many local groups, including a Linux Users Group, InfraGard, ISSA, ISACA, 2600, and Def Con groups. I'm planning on doing my first presentation at the Linux Users Group next month. My goal is to become very active in the local community, presenting as much as possible (focusing on quality, not quantity). I'm hoping that this will open some doors for me and help me get into a Jr Security Analyst position, or something similar.
I've had a really difficult time trying to find a security related job in my area, but I know I need to keep expanding my network and hopefully get some good recommendations once people in the community are familiar with my work. I know it's going to still take a long time, but I wanted to see if anyone had some insight for me, or if this is a bad approach. I know I eventually need to finish at least my AA, and I'm planning on studying for the CISSP soon. I hear that CISSP is slightly less in depth than CEH, can anyone confirm or deny that?
Thanks in advance everyone, this is a fantastic community that I'm proud to be a part of.