Upsides and Downsides – Finding Your InfoSec Home
There are dozens of great talks that will show you why you should be get a job in a cool infosec niche, with spectacular selling points. Every job has downsides and challenging days, though, especially for specific personalities and learning styles. This talk digs into nine cool infosec roles, then suggests why you might enjoy or dislike working in them based on the elements that aren’t camera worthy or talked about gleefully. There’s a cybersecurity job out there for everyone, and it’s important to find the one that makes you happy and successful!
Importance: People advertise the fun parts of cybersecurity roles pretty well, but professionals are often asked how to narrow down the pool of potential jobs by mentees. It’s important to talk about the exciting aspects and the more mundane aspects to people get a full picture of what the roles really look like!
Rough outline: For each of the nine roles listed below, attendees will be presented with a description of the role’s typical prerequisites, desired skills, and daily responsibilities. This overview will be primarily positive. Then, focus will move to the aspects of the role that are rarely spoken about, such as customer-facing work, project management, report writing, excessive travel, non-standard hours, repetitive data processing, and methodological analysis. Finally, the talk will suggest why this role may be a particularly good or poor fit for specific learning types (visual, auditory, or kinesthetic), and personality types (across common team dynamic models such as A-I and Belbin).
The roles we will discuss are:
– Security Operations Analyst
– Incident Responder
– Digital Forensics Analyst
– Malware Reverse Engineer
– Penetration Tester
– Application Security Specialist
– Security Engineer
– Cyber Threat Intelligence Analyst
– Governance, Risk, and Compliance
I have selected these roles because I have personal experience working in them directly, or managing people in them.
Lesley Carhart (@hacks4pancakes) is a Digital Forensics and Incident Response principal at the critical infrastructure cybersecurity company Dragos, with over a decade of experience in the field. A prolific tweeter, Lesley also speaks, teaches, and volunteers in cybersecurity, and runs a virtual InfoSec conference.