PaulDotCom mailing list archives
Re: Security career coaching, mentoring or suggestions welcome
From: Michael Dickey <lonervamp () gmail com>
Date: Tue, 14 Dec 2010 08:53:13 -0600
1- Absolutely keep up the blog! Even if few people use it, it serves *you* a great purpose to self-publish and organize thoughts. Or give people a place for trackbacks, linkbacks, etc. Nothing demonstrates your security geekness quicker than a blog/web presence. 2- Double-absolutely! I have found on my own site that how-to types of posts get by far the most interest. Plus they let you learn more and give you a place to return if, a year later, you forgot what you did and need your own refresher. I also tend to, myself, like posts that are how-to types. Most of us mean well when we want to post more how-tos (i.e. go over a BackTrack tool every week...yeah, that happened!)... If you want, I'd also suggest video tutorials to then post places like theacademy or securitytube. 3- This can be a slow burn, if a burn at all, unfortunately. For those assessments you do, as long as you can properly sanitize them, I would *potentially* suggest publishing them on your blog as well. They can act almost like an example of your work. And web assessment examples by someone who knows what they're doing...yummy! At the very least, this should help illustrate to yourself your work for when you rebuild your resume; that you've added value and done security stuff to the benefit of your company. There may not be a dollar-sign attached, but I think most will understand that not every company *can* put dollar signs to such activities. 4- If you qualify for the CISSP (and you can weasel those years of experience in many ways if you work at all in IT), I'd really suggest going for it. It can't hurt you other than in your wallet. (If you've been listening since episode 1, I'd bet a whole night's worth of beer you qualify.) 5- Organizing time...ack, I can't help you there! Security books are awesome, but definitely try to set aside a place and time to work along with some books. I would definitely take as much time reading security blogs, listening to podcasts, and watching con presos. My addition: If you have development background, feel free to find a really cool tool that you cover on your blog, and donate some time to create something to add/plug into it. On Thu, Dec 9, 2010 at 11:24 AM, Abraham Aranguren <elaabraham () gmail com>wrote:
Hi lads, I have been a listener of the show since podcast 1 and I love the show. I have decided to be more active and involved in the security community from now on. I would appreciate if (some of) you could coach me, mentor me or provide some suggestions regarding my security career, this is my draft plan, please let me know what you think: - Keep up with security news and maintaining http://securityconscious.blogspot.com. Background: I have been publishing this for over a year for my company internally, the main point is to educate users but it also sets my accountability high (i.e. "forces me" to keep up with the news and stay more or less current). Recently a colleague asked if it was ok to send this to a customer, because I was publishing it on the intranet that would not work so I started publishing this both internally (on the intranet) and externally (on http://securityconscious.blogspot.com ). - Use the blog to publish security research on different topics, in a similar fashion to what irongeek does (not that I will ever match him of course), try to research a topic relatively deeply, experiment with it, learn a bit about it and then publish a post explaining what I learned, steps, screenshots, etc. This would also keep me accountable and motivate me to research more (I think) and also perhaps be a bit more known in the industry if some of the posts gets relatively popular. - Try to keep pushing the business case for security internally at my company. Even though I am not happy with the security situation in my company and not being on security full-time I must admit I have performed quite a few vulnerability assessments mostly on web applications and web servers at this point. There has also been a lot of involvement in the internal security policy and general security advice for secure implementation solutions or other security related questions. So the situation is far from ideal but there has been significant improvement, my morale is a bit low because it has been more than 2 years trying to push the business case for security forward and to really work on security fulltime 100% (I am always back to development when "there is no security work") but it is very hard and slow to get management to do anything. Advice on this topic is particularly welcome. - Try to get some more certifications like OSCE (already got OSCP), which actually prove you can do something and not just answer multiple choice questions. - Try to make time to read security books more often (how often do you read security books? there is so much to do between watching conferences, reading news, researching topics, etc than advice on how to organise my time is welcome too!) Any other ideas or improvements? Thank you, -- Abraham Aranguren _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Security career coaching, mentoring or suggestions welcome Abraham Aranguren (Dec 09)
- Re: Security career coaching, mentoring or suggestions welcome Michael Dickey (Dec 14)