whats it like working in IT security?

moneymad · 18-05-2014 4:42pm #1

Is it interesting?

Blowfish · 18-05-2014 9:07pm

It's a difficult question to answer as InfoSec is broad and is involved not just in every aspect of IT, but in some areas outside of IT also. The jobs are incredibly varied, do you have any idea which aspects you find appealing?

On a personal level, I do find my own role interesting, though I know it's not for everyone and there are other parts of InfoSec that I wouldn't really be interested in working in.

Kinet1c · 18-05-2014 10:16pm

A company I worked for had several security teams, as follows:

1. Security review of code created internally (requires good coding skills)

2. IT process security along with release management (higher level view, cert like CISSP would suit)

3. Threat management including malware analysis etc. (more suited to OSCP type stuff or CEH

)

industrialhorse · 19-05-2014 9:22am

Kinet1c wrote: »

A company I worked for had several security teams, as follows:

1. Security review of code created internally (requires good coding skills)

2. IT process security along with release management (higher level view, cert like CISSP would suit)

3. Threat management including malware analysis etc. (more suited to OSCP type stuff or CEH )

Dont forget Business Continuity & Disaster Recovery and a hell of a lot of firefighting!!!

thomas anderson. · 19-05-2014 9:27am

Its great.

I stand outside the Comms Room door with a bat and tell people to move along.

Keyzer · 19-05-2014 9:48am

thomas anderson. wrote: »

Its great.

I stand outside the Comms Room door with a bat and tell people to move along.

You hear that Mr. Anderson?... That is the sound of inevitability...

syklops · 19-05-2014 6:01pm

I work with people who do risk and compliance which to me sounds as dull as dishwater but they love. I do Pen Testing and SIEM deployment, which means I always have my head in a shell, which they can't imagine anything worse which I love.

Pen testing has its dull days as well. Lots of paper work and lots of customer interaction. Plus most people around you dont really understand what it is you do(including your managers).

I'd say its on a par with almost any other IT job to be honest.

19-05-2014 8:16pm

syklops wrote: »

Pen testing has its dull days as well. Lots of paper work and lots of customer interaction. Plus most people around you dont really understand what it is you do(including your managers).

It's funny to hear the conversations about pen testing, vulnerability scanning, incident handling and security auditing... apparently it's all the same

timmywex · 19-05-2014 8:31pm

Deleted User wrote: »

It's funny to hear the conversations about pen testing, vulnerability scanning, incident handling and security auditing... apparently it's all the same

Pen testing and VA are two terms that are used fairly interchangeably really :eek:

syklops · 19-05-2014 11:05pm

timmywex wrote: »

Pen testing and VA are two terms that are used fairly interchangeably really :eek:

Used interchangeably by them that don't know one end of a mule form the other.

trout · 20-05-2014 2:16pm

timmywex wrote: »

Pen testing and VA are two terms that are used fairly interchangeably really :eek:

not in my earshot ... and not for long

zweton · 26-12-2014 10:50pm

any of ye guys working within the grc field?

Blowfish · 27-12-2014 12:13am

zweton wrote: »

any of ye guys working within the grc field?

I suppose technically my job (Information Security Analyst) is kind of in GRC, but it's a suprisingly difficult question to answer as InfoSec is just one small part of GRC as a whole and GRC is only one part of my job as a whole.

Armistice · 27-12-2014 12:19am

Also remember there is another side to IT security which is Networking - Access lists, Firewalls ASA/PIX , intrusion detection, VPN's etc.

whats it like working in IT security?

Comments