PaulDotCom mailing list archives
Security career coaching, mentoring or suggestions welcome
From: Abraham Aranguren <elaabraham () gmail com>
Date: Thu, 9 Dec 2010 18:24:49 +0100
Hi lads, I have been a listener of the show since podcast 1 and I love the show. I have decided to be more active and involved in the security community from now on. I would appreciate if (some of) you could coach me, mentor me or provide some suggestions regarding my security career, this is my draft plan, please let me know what you think: - Keep up with security news and maintaining http://securityconscious.blogspot.com. Background: I have been publishing this for over a year for my company internally, the main point is to educate users but it also sets my accountability high (i.e. "forces me" to keep up with the news and stay more or less current). Recently a colleague asked if it was ok to send this to a customer, because I was publishing it on the intranet that would not work so I started publishing this both internally (on the intranet) and externally (on http://securityconscious.blogspot.com). - Use the blog to publish security research on different topics, in a similar fashion to what irongeek does (not that I will ever match him of course), try to research a topic relatively deeply, experiment with it, learn a bit about it and then publish a post explaining what I learned, steps, screenshots, etc. This would also keep me accountable and motivate me to research more (I think) and also perhaps be a bit more known in the industry if some of the posts gets relatively popular. - Try to keep pushing the business case for security internally at my company. Even though I am not happy with the security situation in my company and not being on security full-time I must admit I have performed quite a few vulnerability assessments mostly on web applications and web servers at this point. There has also been a lot of involvement in the internal security policy and general security advice for secure implementation solutions or other security related questions. So the situation is far from ideal but there has been significant improvement, my morale is a bit low because it has been more than 2 years trying to push the business case for security forward and to really work on security fulltime 100% (I am always back to development when "there is no security work") but it is very hard and slow to get management to do anything. Advice on this topic is particularly welcome. - Try to get some more certifications like OSCE (already got OSCP), which actually prove you can do something and not just answer multiple choice questions. - Try to make time to read security books more often (how often do you read security books? there is so much to do between watching conferences, reading news, researching topics, etc than advice on how to organise my time is welcome too!) Any other ideas or improvements? Thank you, -- Abraham Aranguren
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Security career coaching, mentoring or suggestions welcome Abraham Aranguren (Dec 09)
- Re: Security career coaching, mentoring or suggestions welcome Michael Dickey (Dec 14)