surfing on the web since several months, it seems that finding remote job opportunities for EU citizens is a dream. USA offers several Remote Security Job Positions while in EU, Companies still require presence in the office. I do not understand why Companies still have this approach specially in EU and if someone here has some experience or knowledge on how to find remote job opportunities.
Working for a US Company can be a problem as the time zone is different.
"Come with me, if you want to live"
(sorry- I saw your user name and just had to do it!)
In all seriousness, I recently started a new job where I work "Remote, with up to 80% travel". So although I need to travel a fair amount (it's closer to 40-60% travel), I usually fly on a Monday and back on a Friday. The rest of the time, I work from home and almost always spend my weekends at home. I'm in the US though, so I'm not sure if this is common in the EU.
In a way, it's the best of both worlds because I can work from home and live anywhere in the US, so long as it's near an airport with at least one major airline. Might be worth seeing if there is something like that in your area (if the travel isn't an issue for you).
Depends on what in InfoSec that you want to do. Personally, I spend a good amount of time talking, discussing and understanding what my organization needs from InfoSec. This generally requires a large amount of face time.
If you are in a back office type of profile testing application code and never interacting with people then yes, there are plenty of pentesting positions out there. We recognize people who are extraordinarily good at what they do only to be seen at small cons and the large ones like DefCon as well. We used to refer to them as the "green hairs" because as a group they were known to be a bit out there.
Otherwise, most InfoSec positions require us to be in the office and interact with others on a regular basis.
By the way, I am being quite serious about the choice of hair color.
Thanks Bead for your response. I do not have this point of view. Being a Security Architect/Consultant or Security Manager does not require to be in the office every day. Managers in the Organizations have to change their mind because world is changing. Nowadays, we have so many mechanisms and ways to work remotely and interact with other people. Being in the office as the "police man" does not make sense. Organization and everyone in the Organization needs to know what to do in terms of security and interact with the Security Consulant/Manager as required. Policies/Procedures and Guidelines exist.
Anyway this is acceptable in USA while in EU zone....not a big deal. In addition, Organizations are moving to the Cloud, so most of the assets are in the Cloud (even if Organization must be regularly protected).
Anyway my question is simple? Why this kind of job in USA is accepted and in other part of the world is not?
The problem you will have with any kind of remote position is this: How can management be sure that you are actually doing work and not just goofing off and getting paid? The big "joke" around telework or remote work is "Yeah, but are you REALLY working?" People imagine you sitting around in your pajamas watching TV munching on snacks and occasionally checking email on your work phone.
I think this stigma is changing, but not rapidly enough. The reason that you want some face time in the office is that if you just call me up and say "I am Robert Jones. I work in security. I need to look at your X,Y, or Z." I don't know who you are. How can I vouch that you really are who you say you are. Without established methods for verification you could run into issues.
In the places I have seen this work (100% telework) there were daily goals that had to be met, you were expected to be reachable and respond quickly at any time during the workday, and you occasionally had to go into the office to pick up new paper files and return the completed ones.
It can happen and does exist, but you have to look really hard to find them.
I agree with your point that metrics need to be in place in order for remote work to even reasonably feasible. Add to that remote work requires two things: someone else has to be in the office at sometime as I have never seen a 100 percent remote organization and that organization needs to be quite mature to pull the whole remote thing off in the first place.
I don't think its impossible but most organizations simply do not have the maturity to pull this off yet. Personally, my organization is clearly not ready for a mostly virtual workforce. Much of how we do business is still very much face to face. For the record I am the first security person here in house.
I agree with you partially. As we know the weakest point of security is people and if you need to see each other everyday otherwise Companies feel that the people are not working, trust each other is missing. How can you even keep an employee if you do not trust it? Metrics should be into place whatever people are in the office or not. Tracking tickets, checking KPI/KRI and other metrics are calculated without interacting with the people but only what come out from them during the analys period. That's a shame!
I worked for an important customer in my country where security was a concern and I worked better from home with no phone ringing, during the night where you can write documentation (some music on), checking and VA systems and so on because half of the employees were not in the office and I had planned everything (even possible mistake)....
At the moment I work from home but in EU I do not see that this is popular because Managers are just old and they think like Sceriff.
I think is that Managers do not want to allow remote jobs because they are afraid that Companies do not need anymore but they have to think that Management in this way works in another manner.
Security is achieved by analyzing, sharing, comparing and planning. Interaction can be achieved by using so many tools nowadays.
Companies should think about the life quality of their employees and the money they save by reducing office costs and so on.
Maybe I am too strange and too much a dreamer to see work in this way.
Using the Sceriff approach is a sign that the Company has a a lot of management and security creeps!
Totally agree. I like how you proved your worth to the company and that is one of the ways to battle this. I would definitely highlight that in your resume if you are seeking these positions. I am working remotely today and I am working just as hard as if I was in the office and I turn in reports to my boss to show what I worked on. She doesn't ask me to, but I don't want her to doubt it for one second. When I am in the office I work hard to prove my value and build that trust. The problem comes in when you have one or a couple of people who abuse the system and it ruins it for everyone else. I have been blessed to earn the trust of my management and I work really hard to keep that. It is ironic that I had to investigate another employee who claimed to be teleworking but who had never logged into the vpn system all year. He was just responding to emails from his phone and delegating his work to others. He thought that was "working remotely".
And I know some of you are saying "You are working remotely and yet posting on a blog/forum website?" Yes part of my daily activities is monitoring information security websites and contributing to the cyber community and for my knowledge enrichment. I have always encouraged my employees to continue to enrich themselves through education while at work. As a part of my daily duties I scour websites to see what the latest cyber trends, breaches, or emerging threats are.