I've always tried to maintain this list as ways one can boost their resume/overall credentials. Maybe there's some stuff on there you can do or add to your own resume. But since you already work there and are trying to move laterally into that position, I'd say your most powerful tool is to just network with the folks on that team. Reach out to them now and ask what they're looking for. Ask if you can help in some way now. Get to know them. Become buddies. Though competency/experience should be king when it comes to hiring, that social/culture fit on the team is usually pretty important too. If the folks on that team like you, think you're a hard worker and are willing to listen and learn from them, they'll be that much more keen on bringing you onto the team 👍
Let me first say. I don't really know. I haven't been looking for jobs (thankfully) and I'm not entry-level. That said, I've heard it's pretty rough 🤷♂️. That said here's some stuff I've written about in the past that could be useful/interesting for you...
- My take on the current infosec job market
- Thoughts on a career in infosec
- How to get into infosec
- Some commentary on how breaking into infosec can be hard
- On the subject of gatekeeping in this field
- A big resource on my path into infosec and reviews of certs/trainings I've taken.
- My caution on those who would give you stale career advice. To be clear, this means from me too.
Good luck out there!
Doesn't needa be cyber-related tbh. Just sound off on whatever you're up to! 🤗
Be comfortable not knowing things and delegating, don't report to the CIO (bcuz usual conflict of interest stuff), invest in people (training, career progression stuff), don't follow the industry herd (i.e. salivate over AI just because every other E-level type is). I'm an IC, always have been, so there's a lot im sure I don't know in terms of effective management among managers but from my perspective this is what I would perceive as efficacy and proficiency at that level. That and Ill throw in that traditional ways of measuring "success" or output rarely applies to infosec teams. It's hard to measure "how secure are we" or "how many things did we block this month".
Not really actively doin' any certs or training. But have been learning a bit more about threat modeling recently 🤷♂️
Working on all manner of stuff for my site, trying to figure out how to SAFELY eradicate poison ivy in my back yard, and working on some work-stuff related to AI, Recall, and other general assessment/testing stuff.
These days, sometimes it's just enough to survive. Stay sane out there folks.
Not particularly. Though I wouldn't blame many of us in security / IT-in-general for having hobbies that involved getting OUT of the house. We look at computers too long each day 😅
The RSS feed should be full content now. I figured it out!
Thanks!! 🙏
You're not the first to ask about a full-content RSS feed. I can probably figure that out, but I do think the best way to "experience" the newsletter/my site in general is directly on the site 😅. Thanks for taking a look though! 🧡
Ah, the ol' security through obscurity trick... (not recommended) 😁