Mentorship Monday - Discussions for career and learning!
from shellsharks@infosec.pub to cybersecurity@infosec.pub on 26 Feb 2024 05:10
https://infosec.pub/post/8900620
from shellsharks@infosec.pub to cybersecurity@infosec.pub on 26 Feb 2024 05:10
https://infosec.pub/post/8900620
Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!
threaded - newest
Hey all! I’m trying to figure out where I go next in this career. I’m working at a mid sized company that is owned by a company that is owned by another company. Started out as a software dev about right years ago and spent a lot of time as a security champion; finally moved to the InfoSec team about two years ago. It’s a small InfoSec team: three people total. So I do a lot of stuff: contact reviews, vendor security assessments, firewall log monitoring, code reviews, run security trainings, coordinate external pen tests, gather SOC 2 evidence, incident response… Lots of stuff.
I like most of the work well enough (though the GRC stuff is not my favorite), but recently my boss and my teammate quit, so our team of three is down to me. There’s some support available from the security team of the parent organization, and a very competent contractor, but it’s largely just me.
What I’m wondering mostly is: if I go elsewhere, what kind of role am I looking for? I feel like this Jack-of-all-security-trades thing I’ve got going on can’t be super normal, can it? And also, is my current situation something I should embrace, and take the opportunity to run the InfoSec team? Having someone with two years of security experience at the wheel seems suboptimal to me, but maybe it’s worth doing for the experience?
My ideal would be working with a team of five or six, with people I can learn a lot from; my concern is that right now, most of the learning I can do is from my own mistakes.
Im not sure if your situation is “normal”, but it may be less rare than you think. Chaos can be a ladder, but it can also result in you just being overworked and making no real progress technically or professionally. Given the situation I would probably just look for what else you can find and jump on anything that seems promising, but in the mean time keep your head down and get your job done and try to make the best of the situation. Do you feel your situation is stable in terms of job security?
I think I’m good as far as job security goes, so that’s a plus. I should ramp up the job hunt I suppose. Already trying to study for the CISSP after work though and I am a big fan of having down time to unwind.
On one hand, the market is such that it might be too much work / too depressing to passively hunt for a plan B. On the other, it’s probably good to have an idea of what a plan B could be…
Is the market actually bad at the moment, though? We’ve been trying to fill one of the vacant positions on my team, and the offers we’ve extended have been declined for other options. That makes it seem to me like candidates have plenty of options at the moment.
I haven’t been looking so I can’t speak with first-hand xp. From others accounts on socials it seems like it’s kinda rough but everyone has different experiences. Good to hear some potentially optimistic news for a change though so I’ll take it.