Information Security career professionals are nominally more the type ‘A’ personalities. They are the “alpha dogs” of the technology profession. As such, one must always have their leadership shoes on, always. You will find yourself in expert power positions. Senior managers will rely on your expertise. The answers that you provide for incident response must be from a position of confidence, knowledge and strength. Your arrival on the scene should provide instant comfort. If these things are not happening, then there is a problem – A HUGE PROBLEM! When you find yourself doubting yourself, it means that you took too long of a break from learning, which may result in you not being able to take control of a situation, and worse, that your understanding of information security technology has gone stale.
Your arrival on the scene should provide instant comfort. If these things are not happening, then there is a problem – A HUGE PROBLEM!
@Lamont29 You got this part 100% correct. I am still seeing some IT security people who when they walk in the room, you can see the eye rolls and hear the groans. Security should mean comfort not hate or disrespect.
If you are being met with hate and disrespect you may want to grab a mirror.
I often talk to people who have a sudden desire to break into 'security' usually with no real idea as to what the field entails outside of a paycheck. What fascinates me is to not only be good at security you really need to be better at troubleshooting technology from your prior life/career than your peers but combine hard won business sense to the problem set as well. Yes we can fix it for a price but is it worth the expense to do so?
You really only need to explain one concept to who are not security people. When support desk, administration, operations and engineering all fail at solving a problem - it invariably ends up in security's desk to fix.
The problem with security is that we see everything. The problem for security is that we see everything.
@Beads "The problem with security is that we see everything. The problem for security is that we see everything."
Stunning that I had expressed this very sentiment a couple of weeks ago. Senior management are now starting to demand more of the CISSP / CISM to 'get things done,' and the sad thing is that they want you to also tackle things at the lowest level as though you are a technician. This situation is untenable. The CISSP / CISM credentials are high-level security management certifications. One will effectively be a great senior security professional or senior technology solutions architect. It boggles my mind as to how one can effectively do both in an enterprise organization.
Someone once tried to poach me for an Incident Response role that boiled down required 1)incredibly deep technical acumen coupled with 2) the ability to present absolutely perfectly to Fortune 500 boards. I wasn't looking and felt very able to inform them I wasn't the droid there were looking for, but it is a common ask in forensics.
Failure mode your smooth talking IR person can't find anything and the out and out technical savant can't tell anyone about it...* Probably best to pair them up.
* In actual fact incident responders I know of are(generally) really good at both detail and boiling that down.