Mentorship Monday - Discussions for career and learning!
from shellsharks@infosec.pub to cybersecurity@infosec.pub on 31 Jul 2023 11:09
https://infosec.pub/post/936973

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

threaded - newest

Muddobbers@infosec.pub on 31 Jul 2023 14:56 next collapse

So I’m planning for the future career move, right now I’m mostly overseeing a pentesting group with a little bit of participation during the tests. I’ve coded many projects over my time in many languages, but I really enjoyed doing reverse engineering of malware and various other things as they popped up years ago. I can’t imagine there’s a lot of that available, though. I have a GREM, GPEN, GCIH, and GASF from SANS (I wanted to get more but the company stopped paying for distance travel the last few years). I’m currently 100% remote in the US mid-Southwest and really enjoy it. I’ve got 13 years of a large variety of professional experience in the cybersecurity and general IT world, with a little bit of a dip into OT with some ICS classes. I’m also trained in digital forensics imaging and handling, as I’ve spent some time working for a law enforcement branch (that was a wild ride)

My main question that I have these days is… what would I call myself, professionally? What types of jobs should I be looking to do. I can do management and leadership but I like getting my hands dirty and solving problems.

Thank you.

shellsharks@infosec.pub on 01 Aug 2023 12:07 collapse

With that background you can call yourself what you want. Really just depends where you want to go. At most companies you’ll end up either a “something” engineer or on management track depending on which path you wanna go. At 13 years experience though you are somewhere in the realm of Staff/Lead - Principal engineer I would imagine.

Muddobbers@infosec.pub on 01 Aug 2023 13:26 collapse

Thank you! I guess the realization that I’ve hit the Lead experience area is still coming to me. Impostor syndrome is real.

Deflector7462@infosec.pub on 01 Aug 2023 00:46 collapse

What do you guys think about a projects section on a resume instead of a skills section for someone early in their career? The idea would be instead of just listing Python & Nessus you could list something like “Used Python to start a scan against a target system with Nessus API”.

ComradeKhoumrag@infosec.pub on 01 Aug 2023 02:06 next collapse

I am by no means a hiring manager. However software engineering is project based work , so I would be biased towards this as a good thing

shellsharks@infosec.pub on 01 Aug 2023 12:01 next collapse

I think you would want to have both. Have a summarized section where you list skills you have still but if there’s something notable you know how to do, such as programmatically control Nessus using Python (as you have suggested), I think it’s worth making the connection in a separate section.

_zi@infosec.pub on 02 Aug 2023 05:29 collapse

That is generally what I’d recommend, and have liked seeing in a resume.

My thinking is that seeing projects tends to showcase not just a particular skill like with a language you used, but shows an understanding of the problems facing some area that your project is trying to solve. I’ve never really been a fan of skills listings just because they offer basically no context. Whereas projects give me something to bounce off of in an interview, and hopefully get the candidate talking.

I will say though that I wasn’t the person reviewing resumes deciding who got an interview, I’ve just been an interviewer after someone made it through the screening.