Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

  • Muddobbers@infosec.pub
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    So I’m planning for the future career move, right now I’m mostly overseeing a pentesting group with a little bit of participation during the tests. I’ve coded many projects over my time in many languages, but I really enjoyed doing reverse engineering of malware and various other things as they popped up years ago. I can’t imagine there’s a lot of that available, though. I have a GREM, GPEN, GCIH, and GASF from SANS (I wanted to get more but the company stopped paying for distance travel the last few years). I’m currently 100% remote in the US mid-Southwest and really enjoy it. I’ve got 13 years of a large variety of professional experience in the cybersecurity and general IT world, with a little bit of a dip into OT with some ICS classes. I’m also trained in digital forensics imaging and handling, as I’ve spent some time working for a law enforcement branch (that was a wild ride)

    My main question that I have these days is… what would I call myself, professionally? What types of jobs should I be looking to do. I can do management and leadership but I like getting my hands dirty and solving problems.

    Thank you.

    • shellsharks@infosec.pubOPM
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      With that background you can call yourself what you want. Really just depends where you want to go. At most companies you’ll end up either a “something” engineer or on management track depending on which path you wanna go. At 13 years experience though you are somewhere in the realm of Staff/Lead - Principal engineer I would imagine.

      • Muddobbers@infosec.pub
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Thank you! I guess the realization that I’ve hit the Lead experience area is still coming to me. Impostor syndrome is real.

  • Deflector7462@infosec.pub
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    What do you guys think about a projects section on a resume instead of a skills section for someone early in their career? The idea would be instead of just listing Python & Nessus you could list something like “Used Python to start a scan against a target system with Nessus API”.

    • ComradeKhoumrag@infosec.pub
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I am by no means a hiring manager. However software engineering is project based work , so I would be biased towards this as a good thing

    • shellsharks@infosec.pubOPM
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I think you would want to have both. Have a summarized section where you list skills you have still but if there’s something notable you know how to do, such as programmatically control Nessus using Python (as you have suggested), I think it’s worth making the connection in a separate section.

    • _zi@infosec.pub
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      That is generally what I’d recommend, and have liked seeing in a resume.

      My thinking is that seeing projects tends to showcase not just a particular skill like with a language you used, but shows an understanding of the problems facing some area that your project is trying to solve. I’ve never really been a fan of skills listings just because they offer basically no context. Whereas projects give me something to bounce off of in an interview, and hopefully get the candidate talking.

      I will say though that I wasn’t the person reviewing resumes deciding who got an interview, I’ve just been an interviewer after someone made it through the screening.