I have been trying to stay in Wireshark most days if for no other reason then to see what traffic is supposed to look like and get comfortable with it. I have touched on forensics a little bit and that did seem to be the most interesting so far. Your reply did help, thanks for taking the time, I know it's a big question.

Forensics looks glamorous on TV, not so much in real life. You HAVE to have keen attention to detail; be able to perform the same steps over and over, in  a repeatable, predictable fashion; and know how to document what you find without putting your opinion in it. Unless you clearly state "That it is of the investigators opinion that such and such happened....."

 

It can be a fun position, just know the best people in it really love details and being able to provide facts.

OK so maybe not Forensics, lol. It did look interesting but I don't know how well I would do in a very detail oriented position. Not that I'm sloppy but it is not my best quality.

Don't get me wrong, I think IR people should definitely learn forensics at a basic level so they can be careful enough when performing the initial response as to not accidentally destroy or alter evidence.

 

You should try different aspects of information security to find out what you like. I like it all and that is why a CISO position suits me well. I would also learn some system administration stuff too. Knowing how something is supposed to work can help you determine why it didn't work as expected or was violated by someone who got it to perform in an unexpected manner.

 

The key is to find what YOU like to do.

Great advice, thank you.

> CISOScott (Advocate I) posted a new reply in Career on 11-14-2018 01:27 PM in the (ISC)² Community :

> Forensics looks glamorous on TV, not so much in real life.

Amen.

> Unless you clearly state "That it
> is of the investigators opinion that such and such happened....."

And not always then. If it ends up in court (and, in forensics, you always have to
assume that it *might* end up in court) you can't give an opinion unless you are
an expert witness. The rules vary: in the US the judge gets to decide who is an
expert (but you do have to prove your background and experience). In the UK,
for example, you can't be an expert witness if you are a cop, because there is an
automatic assumption of bias. (In the US, they don't care about bias in experts.)

Oh, and these rules are only for Common Law jurisdictions, for Civil Law other
rules apply ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
A teacher is one who makes himself progressively unnecessary.
- Thomas Carruthers
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

Great info and yes I plan to try and touch on everything out there in the cyber security field so that I'm not completely lost on any one thing.

> mustninty (Newcomer I) posted a new reply in Career on 11-19-2018 01:26 PM in

> Great info and yes I plan to try and touch on everything
> out there in the cyber security field so that I'm not completely lost on any one
> thing.

Basically, that's what the CISSP is all about ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
We are generally the better persuaded by the reasons we discover
ourselves than by those given to us by others. - Blaise Pascal
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB