Security Basics mailing list archives
Re: Security Jobs
From: Jeffrey Walton <noloader () gmail com>
Date: Wed, 3 Jun 2009 18:03:32 -0400
I have used vulnerability scanners and feel I have a strong understanding what the results mean not only from a technology perspective but a business impact perspective as well.
I've always felt that the difference between a average/good tester and great tester is that the great tester can find vulnerabilities. He/she does not need others to find a vulnerability and then wait for someone to write a Nessus/MetaSploit/<favorite framework here> plugin. Jeff On 6/2/09, Curt Shaffer <cshaffer () gmail com> wrote:
Thank you all for your input. I am going to attempt to include points from each in this response: I do have experience and exposure to a lot of security pieces. I have done firewall installations of many varieties for small companies to ISP level services. I have done the same with IDS/IPS deployment from SNORT to TippingPoint. I have dealt with email security, again from small businesses to ISP level services including AntiSPAM/AntiVirus and encryption. I have worked with AntiVirus/IPS clients in the same arenas. I have used vulnerability scanners and feel I have a strong understanding what the results mean not only from a technology perspective but a business impact perspective as well. I have assisted in getting a Microsoft partner higher levels by contributing security competencies with an implementation of wireless that included certificates and RAIDUS using Microsoft's version of each of those. On top of all of that, no matter what I have done in the sysadmin role, it has always been based on security best practices. All of that said, in addition to my recent training in penetration testing from SANS and upcoming training for the CISSP, I think I have done what a lot of you have recommended. This is all on my resume but as Stephen mentioned, maybe I need to spin it a little more than I have. Obviously not lying but focusing even more on these things I have done and leaving off some of the other. I have always reiterated these things in the interview, but again it would come across like "great we need a system guy that is security focused", but again not what I would consider a true security job. The security job I seek is one that is about security in one way or another all day long as it is my passion. Someone mentioned doing auditing. I cannot see myself just doing audits. I feel penetration testing is more of an appeal to me. Either that, or being the security input on many pieces of the network like VoIP, network, and systems or both :) Someone else mentioned Jr. Security Analyst. I know I don't deserve the ultimate security job right off the cuff and I must pay more dues, but I would like to think after the experience I do have, I am worth more than they would pay for that and should deserve a little higher entry than that. Also, I live in the DC metro area so a huge pay cut wouldn't make life very easy as some of you may know it is pretty expensive to live around here. Overall I think I will attempt to modify my resume a little more and repost it in the usual places. I think I will also try to make it more of a point to attend conferences and such related to security to get my network built up there as well. Thank you all for your input and ideas, you all have given me a lot to think about! [SNIP]
------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
Current thread:
- Security Jobs Curt Shaffer (Jun 01)
- Re: Security Jobs Chris (Jun 01)
- Re: Security Jobs Drew Brown (Jun 02)
- Re: Security Jobs Stephen Mullins (Jun 02)
- Re: Security Jobs Peter Odigie (Jun 03)
- RE: Security Jobs Curt Shaffer (Jun 03)
- Re: Security Jobs Stephen Mullins (Jun 03)
- RE: Security Jobs Curt Shaffer (Jun 03)
- Re: Security Jobs Stephen Mullins (Jun 03)
- Re: Security Jobs Jeffrey Walton (Jun 03)
- Re: Security Jobs Chris (Jun 01)