Job roles in IT security

Job roles in IT security Register Help Remember Me? What's New Today's Posts Forum Actions Mark Forums Read Advanced Search Forum InfoSec Security Certifications Job roles in IT security + Reply to Thread Results 1 to 11 of 11 Thread: Job roles in IT security Thread Tools Show Printable Version Subscribe to this Thread… alexander77 Member Join Date Apr 2012 Location New York City Posts 36
Certifications Network+, Security+, Server+, CCNA 11-26-2013 07:04 PM #1 Job roles in IT security

I'm researching about different career paths in IT security and wanted to know from people that are already in the field what types of job roles do some of you currently have in the field?

Quote  
Login/register to remove this advertisement. emerald_octane Senior Member Join Date Feb 2012 Posts 340 11-26-2013 07:41 PM #2

hmm. you can do pen test, application sec, policy and planning, network sec, PKI , lots of different ways.

Quote   LarryDaMan Stop,Collaborate + Listen Join Date May 2008 Location DC Suburbs Posts 788
Certifications CISSP, CISA, PMP, FITSP-M, Security+, Network+, A+, (expired: CCNA, CCENT) 11-26-2013 08:20 PM #3

Google is your friend for this question, but there are many many different types of security roles and then even more specializations/quirks/deviations within those.

I'm currently doing FISMA compliance assessments/audits. So I go through NIST 800-53 controls and tell people what they need to fix and then we argue (negotiate) about how long it should take to fix, then I compile an extensive report/assessment, and then the CIO decides if the information system should be allowed to operate (or continue to operate).

Last edited by LarryDaMan; 11-26-2013 at 10:35 PM.

Quote   the_Grinch Stayed at a Holiday Inn.. Join Date May 2007 Posts 2,526
Certifications BS-CST EMT-B MPSC Security+ 11-26-2013 08:21 PM #4

I'm in auditing and regulation. It's actually a fairly interesting position because you still need the technical background (my agency is just realizing this), but get to learn knew skills as well (since I'm a regulator I get to shape the regulations). Lots of avenues you can go in security, just a matter of your background. Seems like you are geared up towards networking so a ton you can do in that realm. Always remember though, a strong foundation is needed before moving into security. If you can't set the device up, no way you can secure it.

WIP:
Changing everyday!

Blog:
http://havewire.blogspot.com/

Quote   JDMurray Certification Invigilator Forum Admin Join Date Jul 2003 Location Surf City USA Posts 9,733 Blog Entries50
Certifications GSEC, EnCE, CISSP, SSCP, CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec (CNSS 4011, 4013) 11-26-2013 09:07 PM #5

Right now I'm doing network defensive security. You try to get into my network and I try to detect and stop you. The entire Internet is a Red Team to me; some of my internals users seem to be on that same Red Team too.

Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
--
Blog: www.techexams.net/blogs/jdmurray
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray

Quote   samurai86 Senior Member Join Date Jul 2008 Location Tampa, FL Posts 100
Certifications A+, Security+, Cloud+, CCENT, GCIH, CISSP 11-27-2013 01:09 AM #6

That is a good one JD I feel the same way. I deal with auditing our network security and reviewing changes. I also play a big role in security awareness for our users. I manage our physical access for our data rooms.

But my main role and my favorite role is investigations, incident response, and forensics (these 3 things go hand in hand very often).

Bachelor's of Applied Science in Technology Management - Information Security Assurance (St. Petersburg College)
Masters of Science in Digital Forensics (University of Central Florida)

Quote   LionelTeo Member Join Date Jan 2012 Posts 60
Certifications GISP, GSEC, GCED, GCIH, GCIA, GPEN, CEH 11-27-2013 03:39 AM #7

I am working in a newly startup Global SOC at the moment.

Quote   paul78 Senior Member Join Date Feb 2012 Posts 1,735 11-27-2013 04:09 PM #8

@JD - all you blue team guys are so paranoid -

@OP - the roles in information security is quite diverse. A good place to see what the various areas are is to review the domains that are listed on the ISC2 web site - https://www.isc2.org/cissp-domains/default.aspx - My own role is in management - so it's more about oversight of risk, privacy, and infosec programs.

Quote   colemic Senior Member Join Date Apr 2010 Location Tejas, Baby! Posts 712
Certifications CISSP, CISA, GIAC 2700, MCSE:Security, CEH, CHFI, CCENT, Sec+, Net+, ITIL v3 Foundations 11-27-2013 08:45 PM #9

I deal with Ironport and firewalls. Good at the former, work in progress on the latter... I can't change a password on the device without having to go through a CCB so it's difficult to learn in real-time. A decent job, but I am really hoping to eventually leverage my MSISA, certs, and potentially even higher degree into more analysis/management than technical.

Quote   JDMurray Certification Invigilator Forum Admin Join Date Jul 2003 Location Surf City USA Posts 9,733 Blog Entries50
Certifications GSEC, EnCE, CISSP, SSCP, CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec (CNSS 4011, 4013) 11-28-2013 12:19 AM #10

Originally Posted by colemic I can't change a password on the device without having to go through a CCB so it's difficult to learn in real-time. Just do lots and lots of 'show' commands.

Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
--
Blog: www.techexams.net/blogs/jdmurray
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray

Quote   YFZblu Senior Member Join Date Nov 2011 Posts 1,012
Certifications A+, Network+, Security+, CCNA, CCNA: Security, GSEC, GCIH 11-28-2013 12:47 AM #11

I work in a SOC - We perform network security monitoring, and incident response on:

-Malware
-Recon / exploitation attempts on the network
-Look for exfil of sensitive data / signs of compromise
-Policy violations
-We also manage a CIRT mailbox which provides work to the SOC in the form of User emails - typical tickets have to do with a spam email someone received, social engineering, or any security-related event our Users think should be looked at.

Last edited by YFZblu; 11-28-2013 at 12:50 AM.

Currently Reading: Violent Python

Quote   + Reply to Thread « Previous Thread|Next Thread »
Social Networking & Bookmarks Bookmarks Digg del.icio.us StumbleUpon Google Tweet CompTIA Cisco Microsoft CWNP InfoSec Practice Exams Forums Blogs

Subnet Calculator Netpict Online Degrees Exam Vouchers Free Magazines Topsites

Home Forum Rules Contact UsSupport Us Archive Privacy Statement Top TechExams.net ? 2002 - 2013 - All times are GMT. The time now is 05:10 AM. - CSS version TechExams.Net is not sponsored by, endorsed by or affiliated with Cisco Systems, Inc. Cisco®, Cisco Systems®, CCDA?, CCNA?, CCDP?, CCNP?, CCIE?, CCSI?; the Cisco Systems logo and the CCIE logo are trademarks or registered trademarks of Cisco Systems, Inc. in the United States and certain other countries. All other trademarks, including those of Microsoft, CompTIA, Juniper ISC(2), and CWNP are trademarks of their respective owners.

Powered by vBulletin® Version 4
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0

View the original article here