Security career coaching, mentoring or suggestions welcome

[Abraham Aranguren <elaabraham () gmail com>]

Hi lads,

I have been a listener of the show since podcast 1 and I love the show. I
have decided to be more active and involved in the security community from
now on.

I would appreciate if (some of) you could coach me, mentor me or provide
some suggestions regarding my security career, this is my draft plan, please
let me know what you think:
- Keep up with security news and maintaining
http://securityconscious.blogspot.com. Background: I have been publishing
this for over a year for my company internally, the main point is to educate
users but it also sets my accountability high (i.e. "forces me" to keep up
with the news and stay more or less current). Recently a colleague asked if
it was ok to send this to a customer, because I was publishing it on the
intranet that would not work so I started publishing this both internally
(on the intranet) and externally (on http://securityconscious.blogspot.com).
- Use the blog to publish security research on different topics, in a
similar fashion to what irongeek does (not that I will ever match him of
course), try to research a topic relatively deeply, experiment with it,
learn a bit about it and then publish a post explaining what I learned,
steps, screenshots, etc. This would also keep me accountable and motivate me
to research more (I think) and also perhaps be a bit more known in the
industry if some of the posts gets relatively popular.
- Try to keep pushing the business case for security internally at my
company. Even though I am not happy with the security situation in my
company and not being on security full-time I must admit I have performed
quite a few vulnerability assessments mostly on web applications and web
servers at this point. There has also been a lot of involvement in the
internal security policy and general security advice for secure
implementation solutions or other security related questions. So the
situation is far from ideal but there has been significant improvement, my
morale is a bit low because it has been more than 2 years trying to push the
business case for security forward and to really work on security fulltime
100% (I am always back to development when "there is no security work") but
it is very hard and slow to get management to do anything. Advice on this
topic is particularly welcome.
- Try to get some more certifications like OSCE (already got OSCP), which
actually prove you can do something and not just answer multiple choice
questions.
- Try to make time to read security books more often (how often do you read
security books? there is so much to do between watching conferences, reading
news, researching topics, etc than advice on how to organise my time is
welcome too!)

Any other ideas or improvements?

Thank you,

-- 
Abraham Aranguren

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com