OPST, OPSA, CISM ... Nearing the end of the road...

[sexion8]

Welp, held off on CCIE Security studies. Got bored and was sidetracked by Netscreens and Stonegate's, see latest additions to the frankenstein lab http://www.infiltrated.net/AugDeskPix/ Right now the following is on my plate... NSA IAM, CISM (December seat confirmed), OPST and OPSA. Sadly, the industry is sort of boring me, I'm unsure which way I want to go at this point. Management (CISM, CISSP) is not my cup of tea as politics bore me and I can't have industrial music flaring from an office, wear my Seven for All Mankind jeans and baseball caps...

Currently reading the CISM Review Manual 2008 (ISACA), Security Assessment - Case Studies for Implementing the NSA IAM, Enterprise Security Architecture - A Business Driven Approach, too many NIST, PCI/DSS, Sox stuff to mention. I've been asked to assist with the creation of the OWASP certification, declined SANS' paid invitation to assist with creating VoIP security offering being done by. Dr. Eric Cole, and am in the process of a penetration testing patent...

Where do I go from here... Keatron maybe you can advise... I don't do things for money so I'm not asking "where can I make uber dollars!@" I'd rather my jeans and baseball hats for a corner office anytime British Telecom is offering me a pentesting (Tiger Team) position for a lot of money I intend on turning down... Besides, sometimes I make more doing my own thing outside of work...

So, after 10+ years heavily into security, almost 17 years professional IT experience, what shall I do with myself. I feel like a dinosaur considering I still remember my ColecoVision Adam computer... And if you have to ask what that is... ! ... Should I write a book? Teach courses, Retire from security into something altogether different? ... Ramble on? Is it just me or do others with 10+ years get bored with security nowadays... Nothing surprises me, shocks me, makes me think twice. Not Dan Kaminski's attack, not Kapela's rehashed BGP hijack... Anyhow, what are some interesting, fun, difficult certs to get... I started CCIE studies looooooooong ago, but got bored with them too. I also became puzzled after correcting many a CCIE...

Maybe its the equiv of a 7even year itch or something...

[dynamik]

What are your thoughts on teaching and writing? You participate here, so you seem to have some interest in sharing knowledge.

It sounds like you want to be challenged more. Have you ever thought about starting your own business? That should give you plenty to do, and you set the dress code and music policies

[sexion8]

It sounds like you want to be challenged more. Have you ever thought about starting your own business? That should give you plenty to do, and you set the dress code and music policies

I debated on opening up my own business, but alas the politics of quarterly taxes, benefits, etc., made me nauseous... I debated about teaching but I have an inkling of dealing with certain companies. For example, a good friend of mine rivals Keatron and Scott Morris in the certs and knowledge arena and he tried to push me into it while sounding off about the politics of going all over the US, having to wait for companies to stop trying to penny pinch, etc.

I thought about going the CBT Nuggets route on an all inclusive network+security+systems all in one combo to give people enough to go either route for certs (CCNA, Security+, CEH, etc.) but I don't think I have the patience to sit and listen to myself ramble on. Challenges are fun, I started teaching myself robotics out of boredom, but as far as the industry goes, to me its becoming less and less fun. I do heavy pentesting and because we have no de-facto CSO/CISO guess who became the CSO/CISO...

Pentesting is fun, but all the regulatory requirements (SOX, GLB, HIPAA, PCI/DSS) make it boring. Security design/architecture is fun, but how long before I've dabbled with x amount of firewalls, ID/Ps', etc... Right now, seriously, I don't think there is a firewall on the market I haven't touched, and if I haven't, its not being used by corporate America. RFID is interesting, but the market is a tad bit small right now to be taken seriously.

I just like learning, hard to explain my demeanor. I would be doing it for fun if I could, I actually get a paycheck to do what I enjoy. Maybe I'll look into getting back into programming and become a security researcher or something. I thought about the auditing route, but after reading CISA material and going through those CBT's I quickly got bored too. OPST seems like its a lot of fun which is why I want to take it, my company pushed for the CISM and after 2 years of sidestepping the issue, they forked out for Vigilar's classes...

I think after this year I will do something either entirely new, or try to teach somewhere. Unsure if I can qualify for that though... All my experience has been hands on, most who go the teaching route have the college behind them... Me? I'm from the dotcom daze(days) where I was making twice as much as my professors, I dropped out three times in a row. Arrogance I guess... Classes bored me.

[darkerosxx]

I just like learning, hard to explain my demeanor. I would be doing it for fun if I could, I actually get a paycheck to do what I enjoy. Maybe I'll look into getting back into programming and become a security researcher or something.

Get your Ph.D. and get paid to research.

[UnixGuy]

I think this is normal after all this interesting experience you have. Only you can find your own new passion(s), be it professional or non professional. I'm sure a guy with your experience will soon find new interesting thing to enjoy