Comment on Mentorship Monday - Discussions for career and learning!

boatswain@infosec.pub ⁨8⁩ ⁨months⁩ ago

Hey all! I’m trying to figure out where I go next in this career. I’m working at a mid sized company that is owned by a company that is owned by another company. Started out as a software dev about right years ago and spent a lot of time as a security champion; finally moved to the InfoSec team about two years ago. It’s a small InfoSec team: three people total. So I do a lot of stuff: contact reviews, vendor security assessments, firewall log monitoring, code reviews, run security trainings, coordinate external pen tests, gather SOC 2 evidence, incident response… Lots of stuff.

I like most of the work well enough (though the GRC stuff is not my favorite), but recently my boss and my teammate quit, so our team of three is down to me. There’s some support available from the security team of the parent organization, and a very competent contractor, but it’s largely just me.

What I’m wondering mostly is: if I go elsewhere, what kind of role am I looking for? I feel like this Jack-of-all-security-trades thing I’ve got going on can’t be super normal, can it? And also, is my current situation something I should embrace, and take the opportunity to run the InfoSec team? Having someone with two years of security experience at the wheel seems suboptimal to me, but maybe it’s worth doing for the experience?

My ideal would be working with a team of five or six, with people I can learn a lot from; my concern is that right now, most of the learning I can do is from my own mistakes.

source
Sort:hotnewtop