I had some further thoughts on my post about lions and lambs, but most of that was drowned out by my current thoughts on my job and how my coworker tells me that they will yet again try enforcing the 'work from the office' rule (which I've pointed out before I think is a truly terrible idea. Why are so many companies acting so stupid about this?)
This weekend I was reminded again of my original wishes when I studied computer science - to get into cybersecurity - and some of my further thoughts on it.
Namely, that I realized I don't really care for the CISSP material, and trying to calculate exposure factors or memorizing the CIA triangle.
I've realized, in DevOps at least, that I like just quietly figuring out things. Like, let me dig into the documentation or the logs or try to track down the root cause of some issue or write some script to make our jobs easier or figure out how to create a dashboard to make monitoring easier...
I can communicate effectively and can do the bigger picture meetings and the like, but honestly I'd rather just dig into the details.
Which is why I think I'd do better as a malware researcher.
Except...
Well, I don't have a lot of practical experience with assembly. And I've been using Linux at work far more than Microsoft, so I only know a bit about Microsoft Internals.
I have a good overview of the skills I need, I think. But I need practical experience, and just haven't really felt like trying to create a sandbox where I can play around with it. Not when I've been mentally exhausted from my full time job.
Bug bounties seem... a little easier, in the sense that you can get started whenever. But it looks like that requires a lot more knowledge about the front end. About javascript and tools to test for things like SQL injection or cross site scripting or all the OWASP things.
Again, I kind of have an overview of the topic but not a lot of practical experience. Again, however, there are a TON of tools online and I can probably get that. I could do things like Hack the Box.
The bigger concern there is that even though some people are able to make quite a bit of money, it also sounds like the average bug bounty hunter doesn't make as much. I don't really want to take a pay cut...
I could also consider just freelancing in general.
Idk. I'm confident that given the time and a task I can figure out just about anything, but I'm less confident in doing so in a way that will lead to a financial security.
The thought of going fully independent is thrilling - and also terrifying.
To be honest, I'd probably be content to just quietly stick with DevOps for at least a few more years, if the company wasn't being so persistent in enforcing such a terrible idea. It's like they care more about obedience than actual skill, and if that's how they really are then I guess we're not a good fit.
(I could also look for another DevOps position, fully remote. Stick with what I know and all that.)
I haven't yet been told I'm fired for this btw, but I don't see myself going to the office like they want so it's probably just a matter of time. Maybe this is a good time to try to transition into what I really want...
But is it better to focus on the malware analysis and try to find a job there? Or to learn more about bug bounty hunting? Or explore some other options?
Meh. I guess it'll just have to play out the way it will.
It makes me wish I had the money to ignore all that and focus on the malware research side of things. I think if I took a couple of the courses online, got a certification or two, and then went job hunting I could probably make the transition just fine. (SANS courses sound so cool. And yet they're horribly expensive, and I think the costs are meant to be paid for by the companies hiring people. And yet most of the positions for those sorts of companies look like they expect you to already have experience in that specific area, so trying to get hired on as a beginner seems like a bit of a long shot unless I get those certs).
I'm not really sure how this will go, but I guess it's not an immediate issue.Yet.
But enough about that. Since I'm already online I'll start that follow up post next.
No comments:
Post a Comment