Re: What is your Job Role?

[Michal Zalewski <lcamtuf () coredump cx>]

> After speaking with Sarah, I found that there are many more
> specialities within Security then I ever thought!

There's really no unified hierarchy of security jobs, so the titles
you are likely to see are usually more an artifact of the company's
organizational structure, past hiring experiences, or a testament to
the creativity of whoever entered the requisition, than anything else
(say, "security evangelists" at Microsoft).

There are several common areas of technical expertise in which people
tend to specialize - say, OS kernels, cryptography, networking stacks,
web technologies - and also a handful of auxiliary abilities you might
posses - software engineering, writing, interpersonal skills.

Each company is usually looking for a unique combination of these
assets, depending on what they already have covered and want to cover
- so they come up with various grades of security analysts, engineers,
managers, specialists, architects, visionaries, bards, and janitorial
crews - but it really doesn't mean that much, and you probably
shouldn't seek any job title-based specialization if you want to
succeed. Just be good at a good selection of all-around skills.

/mz

PS. SInce we're on pen-test@, to be on topic, this trivial snippet of
code might be of some interest to web app folks:
http://lcamtuf.coredump.cx/unlocker.txt

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------