+ Reply to Thread
Results 1 to 12 of 12
  1. Senior Member
    Join Date
    Oct 2016
    Location
    NJ
    Posts
    472

    Certifications
    CISSP, PCNSE, CCNP R&S, CCNA(Security/Data Center), CySA+
    #1

    Default Security Manager

    I've been with my company a long time in different roles from Server Administration to Network Engineer (current). There is now an opening for a Security Manager and I'm up for consideration for it. My focus job wise has mostly been on network security and vulnerability management. It's not your typical security manager role though. This position will be hands on and responsible for everything from compliance, awareness, vulnerability management, and installing patches. The installing patches is a main responsibility.

    For my next role, I was leaning more towards a network security or security engineer role, but if this is offered to me, it might be good for my resume. My hesitation relates to the installing patches. Installing patches to resolve vulnerabilities is one thing, but just to install your typical windows updates or cisco IOS updates doesn't really seem like a security role to me. Also seems to go against some security principals by 1 person having access to all systems. The plus side is I can really focus on security.

    Any thoughts or opinions? I haven't been offered the role yet, but it's definitely a possibility.
    Reply With Quote Quote  

  2. SS
  3. Senior Member
    Join Date
    May 2013
    Posts
    1,513

    Certifications
    Cisco (3), CompTIA (2), EC-Council (2), GIAC (3), ISACA (1), ISC2 (1)
    #2
    Guessing this is a smaller company...best practice such as fully separating duties isn’t always possible...enter compensating controls like multiple accounts for example.

    Honestly it’s a decent chance to transition over to security...gotta take the chance if it’s right. Installing patches is kind of a meh task but you will get more exposure in the other areas too...hopefully they let you bring in people below you to make the position look even better.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Oct 2016
    Location
    NJ
    Posts
    472

    Certifications
    CISSP, PCNSE, CCNP R&S, CCNA(Security/Data Center), CySA+
    #3
    It's a mid-size (1000+ employees),but yes, full separation of duties wouldn't be possible.

    I'm thinking career wise, it's probably a smart move if offered
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Apr 2013
    Posts
    2,124
    #4
    The manager title is thrown around a lot, are you actually managing people or just a process? If you want to be a security engineer next, at least this gets you the word "security" in your title, but I don't see a ton of other benefits if the bulk of the job is just running windows patches. It's unfortunate that the patching of the network and servers doesn't fall on the actual network and server staff, logically it makes more sense for them to do it.
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    May 2006
    Posts
    2,159

    Certifications
    CISSP, CCSP, CCNA Cyber Ops, eJPT, ITIL,PA ACE,Qualys Certified Specialist, A+
    #5
    I'm doing exactly what you described as the job responsibilities at my current job with the exception I have a manager that is a local CISO and also we dont do the installs for the patches. We do however research and find how the fixes should be implemented and prioritize them. Testing and deployment is done by IT. If you going to manage a team do it, it will open many doors.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Oct 2016
    Location
    NJ
    Posts
    472

    Certifications
    CISSP, PCNSE, CCNP R&S, CCNA(Security/Data Center), CySA+
    #6
    Quote Originally Posted by Danielm7 View Post
    The manager title is thrown around a lot, are you actually managing people or just a process? If you want to be a security engineer next, at least this gets you the word "security" in your title, but I don't see a ton of other benefits if the bulk of the job is just running windows patches. It's unfortunate that the patching of the network and servers doesn't fall on the actual network and server staff, logically it makes more sense for them to do it.
    For now, it's a manager of a process, that may change. I need clarification on the "patching" requirements. From a network perspective, I never needed help patching anything. When I was a server admin, I always handled that with no problem either, so idk what the deal is. As TheFORCE said, testing and deployment should be done by IT.

    I'd be pushing to take firewalls with me. I'm thinking Endpoint products (like AV, CyberArk) will go to me. Overseeing pen tests. We did briefly look at Core Impact.

    The big thing for me is with "security" in the title, I'm hoping I'd be more eligible for security training
    Reply With Quote Quote  

  8. Senior Member LordQarlyn's Avatar
    Join Date
    May 2011
    Location
    Iraq
    Posts
    517

    Certifications
    PRINCE2, CISSP, ITILv3, CCNA, A+, Net+, Security+, Server+, MCP, MCSA 2003
    #7
    It sounds like a good move. Myself I would jump at it and make the most of out it.
    Reply With Quote Quote  

  9. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Posts
    3,669

    Certifications
    GPEN, GCFA, eJPT, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #8
    Take it if it comes, and slowly add more responsibilities as you see fit
    Goal: MBA, March 2020
    Reply With Quote Quote  

  10. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    404

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CPT+, CASP, CSAE, CNSP, CNVP, C|EH, OSCP, Splunk Certified Admin
    #9
    I would jump all over the opportunity to rack up some management experience in security if I were you. I also agree with UnixGuy, try to add more responsibility as you see fit.

    I have one comment about Testing and Deployment being handled by IT. Here those things are mainly handled by tier 2 BUT we (network security) do have a hand in the process due to our programs and software needing to be configured properly to play well with new deployments.
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Oct 2016
    Location
    NJ
    Posts
    472

    Certifications
    CISSP, PCNSE, CCNP R&S, CCNA(Security/Data Center), CySA+
    #10
    Update: After getting some clarification, I was offered and accepted the position of Cyber Security Manager.

    It's a really good opportunity for me career wise and the near 20% increase helped

    Since all my experience has really been network security, it's going to be a huge challenge, but I'm up for it.
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    May 2006
    Posts
    2,159

    Certifications
    CISSP, CCSP, CCNA Cyber Ops, eJPT, ITIL,PA ACE,Qualys Certified Specialist, A+
    #11
    Quote Originally Posted by MitM View Post
    Update: After getting some clarification, I was offered and accepted the position of Cyber Security Manager.

    It's a really good opportunity for me career wise and the near 20% increase helped

    Since all my experience has really been network security, it's going to be a huge challenge, but I'm up for it.
    Congratulations man thats a good deal. Try not to lose the technical skills now that you are going in all those meetings to present all those KPIs and KRIs.
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    Oct 2016
    Location
    NJ
    Posts
    472

    Certifications
    CISSP, PCNSE, CCNP R&S, CCNA(Security/Data Center), CySA+
    #12
    Quote Originally Posted by TheFORCE View Post
    Congratulations man thats a good deal. Try not to lose the technical skills now that you are going in all those meetings to present all those KPIs and KRIs.
    That’s the plan! I will remain hands on in some aspects, which was part of the negotiations.

    I will need to learn how to put together user awareness trainings. If anyone has some good resources to point me to, I’d appreciate it
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks