Research or Tools or Policy

[imation]

So this has been on my mind for a while now and its kinda related to where my career is going to go!

I wanna ask you lot what you prefer!?

Research: Looking at  technologies(old/new), finding vulnerabilities/exploits, writing white papers/presentations etc...

Tools: Coding new/better tools/code for known vulnerabilities/exploits, better ways of working, bug hunting etc...

Policy: Writing Publications/Papers on new Security Management plans, Disaster recovery/CISSP/ISO 27001.....

Myself, im finding im edging towards the Research route!

[atsuktuvas]

I think that Research and Tools are quite connected, and by doing one, you will do the other to some extent.

[ande]

If you are moving into the professional field of Information Security like myself, research and tools are every day things which you cannot skip, that is unless you are moving into a more manager/chief position. But even then research and tools is important.

Policy is more of a security countermeasure than something to do, unless you want to develop/write your own policies, plans and standards. But that is kind of non-productive as the ISO 2700n standards are okay, they are not perfect tho.

[imation]

Im already in the professional field, I will be sitting my CISSP and CREST certs at the end of the year! (Thank you employer)

But myself, i want to stay in the Technical side. Im really not interested in the compliance side of things! but no doubt as time/age goes on, i will move into a consultant/management role. Altho i have just done the ISO 27001 Lead auditors course.

I find a good 75% of my working day is covered by research! other 25 either consists of hands on in a lab environment or out on a job. obviously when out on a Job its hands on 100% of the time!