Sunday, May 3, 2009

A Security Career

I have been thinking more about the future career options I have. I don't want to move now, but I want to make sure I am ready for whatever I do want to go in the future. It is a common problem in any field: Once you get near the top you have a harder time advancing further.

Some career paths are obvious. If you want to go into a specific operation security area, like network security or related things, you should probably focus on enhancing the skills that help you be better at whatever you are doing.

Unfortunately, I didn't come to security from the sysadmin route. I had over 20 years of software development (and general analysis) before I started full time in information security. This may be placing me really well for working in the growing area of application security, but even that has a lot of possible different focus areas.

I am also very interested in risk, compliance, policy and security awareness. While these all could relate to development security, they are not necessarily tied to that. Figuring out the route is my challenge now. I want to know everything, but I can only learn so many things.

This is not as refined as I would like, but I wanted to put out some thoughts to build on later. I plan on writing about this more and I have thought of working in this area with either the local ISSA chapter or OWASP.

Brad

2 comments:

Security Retentive said...

Are you actually looking to move more into Application Security work? I might know of an opening in Austin.

Brad said...

While I am always open to an offer that is "too good to refuse," I am not really looking right now. In fact, I expect to be getting even deeper into some parts of application security now at the great place I already work! :)

I am mostly interested in the issue at a more general level now. I don't think this area is really well dealt with and I would love to see some more thoughts and guidelines on career paths, how to prepare for them, etc.

Part of this is selfish. I want to know what I should be doing to continue to enhance myself, but I think it would also benefit others who are thinking about their own career!

Brad