I haven't written much lately. Partly, I haven't had the time. As I've alluded to, I've been busy on a huge project; working to help certify applications that are moving from the local fort to wherever they are going. It is very time consuming because there just are not enough resources to run the project smoothly. My manager decided to hire a bunch of employees to help with the workload. Not a bad idea, except they are all new to the security field. (One guy has his CISSP, yet has never worked in a security domain, and has ZERO security experience.) I believe it is just a case of the company bidding on a contract that would bring in much revenue without really thinking about how we would accomplish it. (And, one of the tools that is central to our testing is not the best; I almost say it's not ready for prime time; and it is not one of ours.)
So, we're continuously behind the proverbial eight-ball. Working long hours. And dealing with clients that are less than enthusiastic to have us there.
But then, I've been thinking of going in a different direction. Forensics has been the siren song in my head for a very long time. It's part of the reason that I left the old company; I wanted to work in computer forensics on my own. (To say nothing of the LACK of security at my old job.) Where I'm at now does not have a forensics group. They don't have an incident response group. Besides the IA we perform, there is a small group that does commercial testing, more of a pen-testing group.
What to do? What to do?
If I move towards forensics I could attempt to push forensics into the company. But, are their DoD engagements where they would need CF? Or, do I push to create a forensics group that would be internal to the company and only serve the company? Is there even a need? (I suspect "yes", but would it get funded? The ultimate question.) Or, do I start casting an eye elsewhere?
And, further at issue, I should really make a push for the CISSP. I'm not really a huge fan of it. Not that it is a bad certification. If I stay in the company I'm at, I'll probably need it sooner or later as the DoD somewhat worships it. But does it align with MY goals? I'm not sure. It certainly wouldn't hurt.
You could say I'm Lost In The Flood. At least Bruce has been putting on some great shows.
Writing is therapeutic. I might scribble some more in order to clearly think about my options, goals, and ambitions.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment