Programming is different from what I am used to in technology, and I am not sure whether I should venture in that domain at all. I have a requirement though in my doctoral program to take this course in BIG DATA analytics – mostly unfair if you ask me, but I am finding it a bit fun… programming in R. I am finding that my PhD is akin to an employer looking for a CISSP who can do EVERYTHING! I am too far into this program to change course now, so that’s not an option. I remind my own students of this perilous path of cyber security guru – the expectations are out of this world once you’ve become a CISSP. So, I’ve decided that I’m not going to attempt to be EVERYTHING security anymore. Academia seems to suit me quite well, so I’ve found myself a home in which to live in the security space.
I was originally a packet geek, one of those strange figures that could look at an oscilliscope trace and decode the packet from the physical voltage changes. When I moved to security full-time in '96, I used this protocol knowledge to help with filters and perform incident response. (A system that has been compromised by a kernel-mode rootkit cannot be trusted to tell you anything truthful, but on the wire, if it's not addressed truthfully, it won't get there.)
Currently, my passion is the new boom in public and hybrid cloud systems. There are so many new security challenges for cloud computing, that I keep getting excited. So much of our cyber security work culture is based on concepts (like the border between trusted and untrusted systems) that just don't exist in the cloud - yet we are sold products to reinforce those ideas. It's such a cool time to be in this space.
Also, FWIW, I can't code worth crap, yet it's becoming more necessary to script odd jobs that it is raising the complexity bar nicely.
Lamont, I agree. There are so many areas of specialty now in Information Security that we cannot be experts in all 8 domains of the CISSP. I see it each term in my security class that I teach at a University. The students come in with varied backgrounds - risk, software, operations, network.
My passion is in cryptography and education. Perhaps because I am at heart a mathematician, I also like compliance perhaps because it seeks to impose a prescribed "order" on security controls.
I think it is so important to work in what you are passionate about!
I'm glad to read your posts.
That is an interesting question! And I also have no interest in programming, scripting, or database development. My family practically forced me into a Computer Science degree fresh out of high school. This was in the mid 90’s when entry level programmers were starting in the $80k-$90k range and getting recruited before they finished their degree. I dropped out a week before the finals for my first class (Programming in C+). I went back a year later, and dropped out a week before the finals of the first class again.
Today I believe that my passion lies within Security Operations. Specifically, the social-human impact of technology use. As part of my current duties in digital forensic investigations, I probably most enjoy the cat and mouse aspect of conducting an investigation that involves some creative method of using a computer to enable or cover up bad behavior. Discovering and recreating the activities of the user of a computer and deducing their intent is like anthropology. I love planning ways to prevent, detect, and identify inappropriate behavior in low resource environments such as without resorting to “automatic tools” like SEIMs and Dashboards. It makes the work much more personal.
My passion is computers. Growing up, I couldn't get enough of them. In high school I was the king nerd of BASIC programming. I was so good the teacher asked me how to do things and then used my explanations in their teachings the next day. I went to college and had the misfortune of getting a very bad teacher. He was very knowledgeable, but could not teach. He taught at such a high level that 13 of the 15 computer science majors taking his class admitted we were all lost. The other 2 were lying. And we were all geeks/nerds so it should have been evident to us what he was talking about. It was rumored that he was taking over the whole computer programming program, so I dropped out and changed my major to Auto Mechanics and Auto Body Repair.
I found a job with the government making good money painting aircraft. About 10 years in to that profession I come home one day and my wife said to me "What would you like to do for a job if you could do anything you wanted?" I said I wanted to get back in to computers/IT. She asked why didn't I just do it and I told her it would involve a 50% pay cut because I would have to come in at the entry level since I had been out of it for 10 years. She told me to go ahead and that we would manage. I did just that. It was a 40% pay cut but I was back to working in my passion.
That was 15 years ago and I do not feel that I have "worked" a day since. Not once did I dread going in to work. Not once did I ever regret making the move. I now make more than I ever could have in the painting field doing something I absolutely love. I have been wildly successful because what I am working on interests me. I have risen up the corporate ladder from a computer operator to an IT Specialist to CIO/Cyber Division Director/CISO.
Now I try to instill that spark in others. I implore people, "Find your PASSION!" Doing what you love is the best medicine you can take. I truly believe the old adage "Do what you love and the money will follow."