I'm coming up on my 10th anniversary in Network Security, my 15th in Information Technology.
I moved, abruptly, from being the head of a desktop support team to NetSec, in a day. Probably not the usual path one takes to security. I think these days most start out in that area from college, or move over from Infrastructure or the Server Team.
There were no information security people on staff when I moved over. None, in any area. No one had any idea what I should do or even where to find out. So I became a generalist in every area, as well as having to build up each new area from the ground up, with no experience, no help and no training. I didn't get to my first training conference (SANS) until 2002, two years into my new duties.
I got IDS off the ground, then moved on to vulnerability testing, anti-virus, content monitoring, and centralized logging. I wrote policy, procedures on hardening servers and applications, did threat research, incident response and even a little end user awareness writing. Probably others I can't recall.
For all the negatives there are in never getting to specialize in one area (and consequently becoming a SME, at least to your company), I think all the exposure to different tools and technologies helped some too. Even though sometimes the "jack of all trades" gig gets old, it's instilled a confidence in me I'll never lose. I can dive head long into a new project, even if I know nothing about it at the outset, believing I can get myself up to speed eventually and accomplish what needs done. I've done just that many times out of necessity.
That role, for me, is quickly coming to an end. I'll soon be transitioned out of my generalist duties and into a more siloed position. My old company was bought by a new, much larger company and our migration to the new networks and ways of doing things are in full swing.
That said, if you're just getting started or will be soon, the way I see the industry going, my opinion would be to specialize. I don't see in the future how very many companies, except the very small ones will be able to get by with a generalist like I was. Find out what what really interests you, and hit it hard until you've mastered it. You'll make yourself very valuable to a team some where, and you'll go to work each day and do what you love and love what you do.
Diversification is great for stock portfolios, in my opinion. For network security people, not so much.
No comments:
Post a Comment