14
Mentorship Monday - Discussions for career and learning!
(infosec.pub)
An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Enjoy!
After being a red teamer for nearly 5 years I'm not sure I want to continue doing the job, I feel like I could be amazing at IT but also that it isn't nearly as glamorous or pays enough.
I thought about DevOps but that also seems to not interest me enough... Maybe security Researcher? I dunno
I've found the good $$ is finding just a good ol' "security engineer" title somewhere (most likely a tech company). If your title is "red teamer" or "pentester" and you're not at a well-paid boutique consultancy you're likely being underpaid compared to what you'd get on the engineer track. Where have you applied before/recently? Right now is a frustrating time to job hunt but better now than never, especially if you are bored or disgruntled in your current role. On the "security researcher" front, have you considered (or are you already doing) a blog or something? I've found that supplementing my day job with my own research and publishing it has the combined effect of keeping me interested in security in general as well as being good material to share with prospective opportunities.
So the thing is I can't really be bothered with blogging rn , not sure if I'd make a good blogger cause I usually have small tips and tricks and not full blown posts. Also I'm currently locked in my contract for atleast another 9 months then I'm free to go. What's the difference between a security engineer and security researcher?
I understand the obstacle to blogging. But that's where micro-blogging comes in! Twitter is out of vogue so I'd say use Mastodon (or similar Fediverse-ey microblogging platform, e.g. Calckey, etc..). You can post all your tiny tips and tricks and other thoughts there rather than having to pull together full-fledged blog posts. This will help you build a portfolio of contributions to the community as well as build a network.
As for sec eng, vs sec researcher? These are merely titles. A security engineer could certainly be a researcher as well. I'd say you have a lot of "independent" security researchers who day-light as engineers. In some cases you have folks who are researchers as their day job but to get these sorts of roles I would suspect you would need some history of published research (like CVE's, talks, papers, blogs, etc...).