Started By
Message
Anyone else do cyber threat intel or cyber security?
Posted on 1/7/23 at 11:53 pm
Posted on 1/7/23 at 11:53 pm
If so, ever think about exiting the field? What’s your experience with it?
3
Posted on 1/8/23 at 9:08 am to Silverback911
Very marketable skill. Need you to keep up on your certications.
Posted on 1/8/23 at 10:08 am to tigerbacon
I have CISSP, ccsp, gsec, cism, crisc, cdpse, AWS-cp, itil, and ccrp
Posted on 1/8/23 at 10:18 am to Silverback911
I have Crisco in the pantry. Makes me feel pretty secure.
Posted on 1/10/23 at 3:28 pm to Silverback911
Have a relative in the field for about 10 years now. 
Posted on 1/10/23 at 8:13 pm to Silverback911
It can be infuriating. I'd just teach Cloud and Info Sec auditing full time if I could. I did that for ISACA for years via a Big 4. Much more rewarding. I did keep an IT manager in Brussels from killing himself due to stress, that might be a close second in terms of rewards though.
I put a presentation together to train a PaaS cloud provider on how not to fail a SOC2 and PCI DSS audit I still use, I wrote it in under two hours six years ago. I've had to change one line twice (It was a SSAE15/ISAE3402 SOC2, then it was an SSAE18/ISAE3402 SOC2, then it was just SOC2.) That's what I've changed.
Everything, everything, that jammed people up 25 years ago, THEY ARE STILL DOING. Small, large, international, retail, doesn't matter. An energy generator/transmission company in TX I consulted for had an SLA with their IT provider which dictated the rate at which patches would be deployed. If no more patches were released, it would take them close to 20 years to have closed their current patch backlog. This is critical infrastructure, involving ICS. One update for Redhat became 13,000 tickets, one for each system, rather than... One update. And they thought this was OK.
However, I'm in consulting precisely for the reason that I can shake my head in wonder at one client for two months, and then go to another client with a Dutch chief architect who insists, in the Dutch way, that things WILL BE DONE RIGHT! That kind of accountability and clarity is refreshing.
But my current company can jump off a cliff. I've never, ever, seen a company be so unresponsive to direct customer questions during orals in my life.
What gives me peace, over nearly entire professional life, is that I (as a consultant) generate revenue. I'm not a cost center. Therefore, I keep earning, I'm not at risk. A ton of IT and Infosec is not like that. If you work in a SOC, or similar, the conversation about your future boils down to something akin to, "They just need to take two weekend shifts a month instead of one." That is a bad, bad place to be.
There's an old saying from one of the classic Big 4 reading lists... "The client tells you what they want to buy, it's up to you to listen." Nobody at my current company understands this, which makes me feel useless. I quote stuff, on screen, from the RFP which supports my stance, and I get told from other internal folks, "that's not what they mean."
If you're quitting, let me know where you work, so I can see if I can move. It can't be much worse than where I'm at.
I put a presentation together to train a PaaS cloud provider on how not to fail a SOC2 and PCI DSS audit I still use, I wrote it in under two hours six years ago. I've had to change one line twice (It was a SSAE15/ISAE3402 SOC2, then it was an SSAE18/ISAE3402 SOC2, then it was just SOC2.) That's what I've changed.
Everything, everything, that jammed people up 25 years ago, THEY ARE STILL DOING. Small, large, international, retail, doesn't matter. An energy generator/transmission company in TX I consulted for had an SLA with their IT provider which dictated the rate at which patches would be deployed. If no more patches were released, it would take them close to 20 years to have closed their current patch backlog. This is critical infrastructure, involving ICS. One update for Redhat became 13,000 tickets, one for each system, rather than... One update. And they thought this was OK.
However, I'm in consulting precisely for the reason that I can shake my head in wonder at one client for two months, and then go to another client with a Dutch chief architect who insists, in the Dutch way, that things WILL BE DONE RIGHT! That kind of accountability and clarity is refreshing.
But my current company can jump off a cliff. I've never, ever, seen a company be so unresponsive to direct customer questions during orals in my life.
What gives me peace, over nearly entire professional life, is that I (as a consultant) generate revenue. I'm not a cost center. Therefore, I keep earning, I'm not at risk. A ton of IT and Infosec is not like that. If you work in a SOC, or similar, the conversation about your future boils down to something akin to, "They just need to take two weekend shifts a month instead of one." That is a bad, bad place to be.
There's an old saying from one of the classic Big 4 reading lists... "The client tells you what they want to buy, it's up to you to listen." Nobody at my current company understands this, which makes me feel useless. I quote stuff, on screen, from the RFP which supports my stance, and I get told from other internal folks, "that's not what they mean."
If you're quitting, let me know where you work, so I can see if I can move. It can't be much worse than where I'm at.
This post was edited on 1/10/23 at 8:23 pm
Posted on 1/10/23 at 8:18 pm to Silverback911
quote:
CISSP, ccsp, gsec, cism, crisc, cdpse, AWS-cp, itil, and ccrp
Where is your A+ son?? Talk to me about laser printer fusers!!! :D
About 2009, the certification shite got out of hand. ISACA won't let me claim information security consulting as CPEs unless I pay hundreds to take another one of their certs besides the CISA I've had for almost 20 years.
I do name drop my Windows NT MCP on my CV. I don't know why, recruiters have no idea what they're doing. I worked for a staffing company in South Carolina in 2001, and when I told her I got a Cisco Certification (CCDA), she replied, and I'm not kidding, "I didn't know restaurant food suppliers had certifications." (SYSCO.) She was a TECH RECRUITER.
I also met a stripper in Austin around the same time that told me that she quit recruiting to start serving drinks a strip club, because she though the work was more honest.
Page 1 of 1
Popular
Back to top
Follow SECRant for SEC Football News