Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
I'm currently going from dev to infosec.
It's lots of learning in the beginning. Infosec is large, so you'll want to choose what to specialize in after getting to know all the topics a little (or, as I say, excel in one, dabble in many).
I chose to specialize in securing the human factor (aka user education, Security Awareness Training and so on). Security is a large field and you'll have to work as part of a team.
In the end, prepare to read lots. If you can't speed read, learn it. It will come in handy.
Also, depending on your field, you'll want a beefy machine for running large VM networks (I learned most of it in my free time, on my own equipment).
You'll be asked questions outside of your field of expertise. Be prepared to answer them, get your feet wet in some of the other fields (for example, I can perform a penetration test, even if it's not my best quality).
I don't know about devops, but I'll assume it's a similar game with different names.
I agree with you, I am aware of all the branches of security, what I'm experiencing is, that pentests are sometimes boring. You are looking for a needle in the haystack, and I don't like searching for things. I call this the hackers mindset. But I have a builders mindset. I like doing technical things, but infosec didn't quench my tech thirst. Does it get better/fun later?
Hahaha, yeah security is cool to follow. So many things happening in this space everyday. Why I was initially attracted towards it. Also everyone was getting on the coding train, I thought there would be too many Devs, or would not be paid enough because of the availability.
@siliconchips Yeah... The problem is, there aren't many standards in infosec yet, so everyone and their mother do "security" - for some, that only means installing OS patches and thinking up password complexity guidelines and they never even heard about anything related to cryptography.
The thing is, security done well is a rare commodity.
In general, you may want to dabble in as many fields, even non-technical, as possible - reading something about lockpicking or manipulating a mechanical tachograph may give your brain another context on a tech problem. I've had more of those moments than I can count ever since I started reading on unrelated topics (finance, economics, warfare, lockpicking, politics, CSI techniques, medicine, psychology)...
Yup, it's too broad of a domain. No two people in infosec would ever have the same experience. Some might work on crypto, some might just run scanners the whole day and call it a day.
It is not rewarding professionally, when I'm putting my heart and soul on a sec project and others are lazing around. It's difficult to stand out even.
@siliconchips I know. I'm not a cryptography expert myself, but I can explain the basic workings of modern cryptosystems, I know when to use them and how to implement them.
Unfortunately, in a world where the average civilian (noncombatant/end user/muggle/customer) can't even tell the difference between transport encryption and end-to-end encryption, there's a lot of room for marketing and other bullcrap spitters.
It's easy to get what I call the "Hawkeye syndrome" (Like the surgeon from M.A.S.H - everything I do is pointless, so I might as well get drunk on the job. Watch the series if you haven't - it's very good) - every way we find to protect users, the bad guys find three new ones and at least one exploits a user's natural stupidity/lack of knowledge. There's no real interest in SecEd anywhere, because it's against the doctrine that most governments teach.
So yeah... the quickest way to depression.
I'll check the series out for sure. I believe in work should be fun. Unfortunately my fun is kinda Dev/sec together.
Anakata4On a serious note, what is the solution to this problem ? Leave and Join a smaller company ? Or give the boss ...
buonzz6Why management people thinks that a career path for any senior developer is to be a "leader" and be good in bu...
AdrienITTS8Web, Desktop, Mobile, Front, Back, Ops, Data, etc. Why is there so many cool possibilities ? ! I can't decide.