I'm now at an electrical utility working in information security. Official title is 'Senior Security Specialist'. You may remember me posting about getting my CISSP in 2009. That is what really launched me into trying to obtain my current position.
Moved to this company in 2007 as a temporary security administrator, mostly doling out access to network shares. Moved into this permanent position in April 2010.
I'm our security awareness guy, so I look after policy compliance for things like acceptable use of corporate IT assets, removable media abuse, virus infections, e-mail forwarding rules, etc. That's my ad hoc day-to-day bullshit.
The fun stuff is dealing with consultations and projects. Our group performs threat and risk assessments on any new IT service being stood up at the company, resulting in recommendations that need to either be followed or signed off as a risk acceptance. Right now we are pushing for what we call IT/OT (operational technology) convergence. This means that we will be more involved in the power production/transmission & distribution side of IT. Up until recently, those groups acted autonomously with no unified corporate direction regarding implementation of power plant control systems and transmission & distribution SCADA systems. Operational IT systems scare the hell out of me, especially from security and external connectivity perspectives, so it should be interesting to start learning more about them.
We also do structural assessments of IT implementations, meaning basically doing vulnerability assessments of the products and services, penetration testing, and general architectural reviews. I haven't been too involved in the structural side of things yet, but I'm going to be one of the prime resources from our department on our IP telephony (VoIP) implementation. I just got back from Vegas two days ago where I did a 6-day SANS course on VoIP security. I can't wait to start hacking that shit (can anyone say covert channels using RTP for data ex-filtration? Oh, or steganography over RTP? Weeee).
I basically landed in this job where I had no business being in it, as I only had 3 years of security administration before this, but my boss and a guy I work with (really acts as my mentor) both saw that I was willing to learn and do anything thrown my way, and I haven't disappointed them as of yet.
So yea, career is going well. I'll have 7-years government service starting in January (my previous job at the government insurance company applies), so hello 4th week of vacation!
Your place for discussion about RPGs, gaming, music, movies, anime, computers, sports, and any other stuff we care to talk about...
Work
- Somehow, we still tolerate each other. Eventually this will be the only forum left.
Still at the hosting company I was at in 2008. Just hit my 4 years here. When I started I was just a lowly MCSA, now I'm an MCITP: Server Administrator (2 tests away from Enterprise Admin) and Citrix Certified Advanced Administrator for XenApp 5. Doing a lot more XenApp 6 work lately so it will soon be time to ramp up in that and get certified as well. A lot more of our customers are asking for more Citrix products as well so I'll be learning a bunch more about other applications soon. Also went from being on call 24/7 back in 2008 to a weekly rotation that now has 4 people in my team and in Nov we'll add a 5th so I'm very excited about that.
Still awesome benefits, free cellphone (Bionic! w00t), wear what I want to work, parking reimbursement, off hours comp-days. Just transitioned my quarterly maintenance duties to another engineer so I don't have to eat up 8 weekends a year for that now and he'll appreciate that we're transitioning back to the once a quarter maintenance scheme as well, like it was when I first took over those duties.
I'm content where I'm at, could always use a little more money to go see a hockey game, have a night out, or take a pretty girl on a date but I can't complain.
Still awesome benefits, free cellphone (Bionic! w00t), wear what I want to work, parking reimbursement, off hours comp-days. Just transitioned my quarterly maintenance duties to another engineer so I don't have to eat up 8 weekends a year for that now and he'll appreciate that we're transitioning back to the once a quarter maintenance scheme as well, like it was when I first took over those duties.
I'm content where I'm at, could always use a little more money to go see a hockey game, have a night out, or take a pretty girl on a date but I can't complain.
"An old man dies, a young girl lives, fair trade." - Bruce Willis from Sin City.
[url=http://profile.xfire.com/imakeholesinu][img]http://miniprofile.xfire.com/bg/bg/type/0/imakeholesinu.png[/img][/url]
[url=http://www.myspace.com/atmosphere][img]http://rhymesayers.com/promo/banners/youcant-banner.gif[/img][/url]
[url=http://profile.xfire.com/imakeholesinu][img]http://miniprofile.xfire.com/bg/bg/type/0/imakeholesinu.png[/img][/url]
[url=http://www.myspace.com/atmosphere][img]http://rhymesayers.com/promo/banners/youcant-banner.gif[/img][/url]
