EvilZone
Community => General discussion => Topic started by: imation on February 20, 2012, 07:37:21 PM
-
So this has been on my mind for a while now and its kinda related to where my career is going to go!
I wanna ask you lot what you prefer!?
Research: Looking at technologies(old/new), finding vulnerabilities/exploits, writing white papers/presentations etc...
Tools: Coding new/better tools/code for known vulnerabilities/exploits, better ways of working, bug hunting etc...
Policy: Writing Publications/Papers on new Security Management plans, Disaster recovery/CISSP/ISO 27001.....
Myself, im finding im edging towards the Research route!
-
I think that Research and Tools are quite connected, and by doing one, you will do the other to some extent.
-
If you are moving into the professional field of Information Security like myself, research and tools are every day things which you cannot skip, that is unless you are moving into a more manager/chief position. But even then research and tools is important.
Policy is more of a security countermeasure than something to do, unless you want to develop/write your own policies, plans and standards. But that is kind of non-productive as the ISO 2700n standards are okay, they are not perfect tho.
-
Im already in the professional field, I will be sitting my CISSP and CREST certs at the end of the year! (Thank you employer)
But myself, i want to stay in the Technical side. Im really not interested in the compliance side of things! but no doubt as time/age goes on, i will move into a consultant/management role. Altho i have just done the ISO 27001 Lead auditors course.
I find a good 75% of my working day is covered by research! other 25 either consists of hands on in a lab environment or out on a job. obviously when out on a Job its hands on 100% of the time!