Choosing the path in IT Security

Security careers


I graduated last year from an Informatics and Security degree program. This program was taken in a Canadian college. It equipped me with the basic security knowledge in all fields; networks, systems including both Linux and Windows, web applications and so on. We had extensive hands-on experience on penetration testing, setting up services in Linux such as DHCP, DNSSEC, web servers and forensic tools. We also learned how to audit Windows environments and how to learn basically any tool that has security intentions. Technically, this program gave me the understanding of security, governance and the technology. 

Now I work in a company where I am the only security guy in the company. I hold the position of IT Security Engineer. This is what I generally do:

- develop and design Windows standards and GPOs upon best practices

- set up and manage web-filtering and proxy solutions

- implement and manage endpoint protection and spam filters

- write security policies and standards for everything (web applications, network, physical security, password, acceptable use ...etc)

- involve in designing the authentication mechanism via web, phone and in-person

- suggest design in secure automation of daily business processes

- helpdesk support when needed

As you can see, it is a wide-range fields that I am working with. I feel that I am being overloaded and I am losing focus on which path should I take. My manager sent me to ISO27001 LI/LA training and I passed both exams. Hence, I am ISO27001 Lead Implementer and Lead Auditor certified. This training has taken me into the governance side of Security. I love security and all of its part, however, I believe I am still young and would like to keep doing technical stuff, as I will get to the governance/managerial position later in my life when gaining possibly CISSP, CISM and so on.

Now I feel I can't be totally dependable in one major task. For example, I know how to build basic AD, DNS, Exchange, SQL, VM environments. I know how to perform basic penetration testing using Backtrack/Kali Linux and get the report done. I understand IPS/IDS technology but never had extensive hands-on with them. I am getting lost seriously. 

I don't believe I want to go with network security (CCNA > CCNA Sec > CCNP > CCNP Sec). I think I am also poor with Windows Security administration (PKI, Certificates, IIS Security ...etc).

I also believe I don’t have the skills to be system/security admin, software security or database security administration or analyst, and not even a network security engineer. I am getting lost!

The question; what do you recommend me to do? Which certification path would improve my skills? Do you believe what I am doing in my company now is healthy for my future and skills?

I feel that I am giving all what I learned from university, but I am not gaining knowledge,valuable knowledge.

Please provide suggestions.

Thank you.

Software/Hardware used:
windows, security, network, penetration test, linux, governance, iso 27001

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Discuss This Question: 1  Reply

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Kevin Beaver
    It's relatively simple...ask yourself:
    • What do I like to do?
    • What do I feel I'm great at?
    • What specialty seems to be the best/most appealing in the security field?

    It's critical to get hands-on experience regardless of which path you go down.

    Check this out for more info on getting started in security and these pieces as well. Best of luck!

    27,525 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: