Re: Security Jobs

[Jeffrey Walton <noloader () gmail com>]

>  I have used vulnerability scanners and feel I have a strong
>  understanding what the results mean not only from a technology
>  perspective but a business impact perspective as well.
I've always felt that the difference between a average/good tester and
great tester is that the great tester can find vulnerabilities. He/she
does not need others to find a vulnerability and then wait for someone
to write a Nessus/MetaSploit/<favorite framework here> plugin.

Jeff

On 6/2/09, Curt Shaffer <cshaffer () gmail com> wrote:
> Thank you all for your input. I am going to attempt to include points from
>  each in this response:
>
>  I do have experience and exposure to a lot of security pieces. I have done
>  firewall installations of many varieties for small companies to ISP level
>  services. I have done the same with IDS/IPS deployment from SNORT to
>  TippingPoint. I have dealt with email security, again from small businesses
>  to ISP level services including AntiSPAM/AntiVirus and encryption. I have
>  worked with AntiVirus/IPS clients in the same arenas. I have used
>  vulnerability scanners and feel I have a strong understanding what the
>  results mean not only from a technology perspective but a business impact
>  perspective as well. I have assisted in getting a Microsoft partner higher
>  levels by contributing security competencies with an implementation of
>  wireless that included certificates and RAIDUS using Microsoft's version of
>  each of those. On top of all of that, no matter what I have done in the
>  sysadmin role, it has always been based on security best practices.
>
>  All of that said, in addition to my recent training in penetration testing
>  from SANS and upcoming training for the CISSP, I think I have done what a
>  lot of you have recommended. This is all on my resume but as Stephen
>  mentioned, maybe I need to spin it a little more than I have. Obviously not
>  lying but focusing even more on these things I have done and leaving off
>  some of the other. I have always reiterated these things in the interview,
>  but again it would come across like "great we need a system guy that is
>  security focused", but again not what I would consider a true security job.
>  The security job I seek is one that is about security in one way or another
>  all day long as it is my passion.
>
>  Someone mentioned doing auditing. I cannot see myself just doing audits. I
>  feel penetration testing is more of an appeal to me. Either that, or being
>  the security input on many pieces of the network like VoIP, network, and
>  systems or both :) Someone else mentioned Jr. Security Analyst. I know I
>  don't deserve the ultimate security job right off the cuff and I must pay
>  more dues, but I would like to think after the experience I do have, I am
>  worth more than they would pay for that and should deserve a little higher
>  entry than that. Also, I live in the DC metro area so a huge pay cut
>  wouldn't make life very easy as some of you may know it is pretty expensive
>  to live around here.
>
>  Overall I think I will attempt to modify my resume a little more and repost
>  it in the usual places. I think I will also try to make it more of a point
>  to attend conferences and such related to security to get my network built
>  up there as well. Thank you all for your input and ideas, you all have given
>  me a lot to think about!
>
>  [SNIP]

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff! 

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------