The coolest jobs in information security
I just stumbled across the SANS list of The 20 Coolest Jobs in Information Security. Here's their list:
- Information Security Crime Investigator/Forensics Expert
- System, Network, and/or Web Penetration Tester
- Forensic Analyst
- Incident Responder
- Security Architect
- Malware Analyst
- Network Security Engineer
- Security Analyst
- Computer Crime Investigator
- CISO/ISO or Director of Security
- Application Penetration Tester
- Security Operations Center Analyst
- Prosecutor Specializing in Information Security Crime
- Technical Director and Deputy CISO
- Intrusion Analyst
- Vulnerability Researcher/ Exploit Developer
- Security Auditor
- Security-savvy Software Developer
- Security Maven in an Application Developer Organization
- Disaster Recovery/Business Continuity Analyst/Manager
The first thing that I noticed is that there seems to be a considerable overlap between the jobs on that list and the courses and certifications that SANS offers, but let's suppose that that's just a coincidence.
It turns out that I've actually done lots of those as a consultant and I'll admit that lots of them can be very interesting, but I also found that lots of them really weren't the sort of thing that I'd like to do for a long time. But that's probably true of most jobs. It would probably be fun to drive a forklift for a day or two, for example, but I probably wouldn't to do it for much more than that. On the other hand, there are also some of these jobs that I wouldn't want to do today unless I was getting paid way more than the positions usually get.
So I suppose that this probably poinnts out the biggest benefit of working as a consultant – you get to try lots of interesting things but you don't necessarily have to do any one of them for too long.