July 16th, 2003 05:43 AM
Security Consulting Career
Anyone here do security consulting for a living?
Right now I'm working as a Sr. Network Engineer and the jist of what I do is design, impliment, and troublshoot routers, switches, L3 LAN, WAN, vpn (contivity), firewall (pix), IP telephony, and video conferencing. I love what I do but security is that one area of networking that I truly get off on, and I've been skimming the objectives of Cisco's CCSP and CCIE-Security, but I know that can only be a piece of the overall picture.
Enterprise networking usually mean the engineer gets their hands dirty on network devices/appliances, but no operating systems. System admins/engineers do the Win/Unix stuff. Security seem like it has to fit in that grey area because you need to have coverage of everything..whether it's Win2003, Exchange, IIS, or some Red Hat or AIX machine on the network. Am I right about this? Security experts aren't just systems or network specific.. Anything relating to security, appliance or server/os, ya gotta know it..
My biggest downfall is I don't know **** about Unix. Probably more than the average NT d00d, as I used to use FreeBSD faithfully, but never in a production environment. I've used NT and Win2k quite extensively (helping admins troubleshoot performance and application problems) and know quite a bit about MS server apps.. I've been messin with 2003 for the last month and my company's systems people have two (out of 79) servers now running 2003 in production.
anyway just wondering what the pre-requisites are for security consulting. don't know if one person is expected to know all, if it's more like a team and you have one network guy and one (or more) systems guys, working together. i've thought about jumping into it down the road..
July 16th, 2003 02:15 PM
I was a security consultant for several years, and to answer your question, no you don't have to know everything. Consulting definately exposes you to a wide range of environments and you will learn more and more just by being around different technologies, but you are getting paind for doing what you are good at, not for what you are not good at.
There are some consulting firms out there that do expect you to know everything (or pretty damn close to everything), but everyone soons realizes that this is not possible. It sounds to me like you probably have a solid background and could probably get into consulting fairly easily, but beware...unless you are prepared to work long hours and do lots of traveling, it might not be for you. Generally the $$ in consulting are a bit higher though because of what is expected from you.
I got out of it simply because I am starting to settle down in my life (aka got married) and plan to start a family. I wanted something a bit more stable and predictable, and I was tired of not knowing where I would be from one week to the next.
July 16th, 2003 02:38 PM
Indeed. I too, had a similar gig for KPMG consulting and I felt like the dude from fight club. I was always two weeks to a month behind on my credit card (reimbursements take time to process from payroll), I never could sleep right becuase I was crossing time zones every few days and as noted, my girlfriend (now wife) was alone about 85 - 90% of the time.
and I was tired of not knowing where I would be from one week to the next.
I don't think you can get away with not knowing *nix. Right now many enterprise environments are mixed between legacy mainframe environments, Windows, Novell and any number of *nix flavors. For instance, we have the entire Windows rainbow here along with RH, Solaris, FreeBSD, HPUX, AIX, etc. Small shops that have a single platform (such as W2K) usually rely on the net admin to handle security so there is no need for a security consultant.
I'd take a close look at the personal implications before diving into consulting. I burnt out in under a year. The lifestyle is not pleasant.
Anyway, that's my two cents on the topic.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
July 17th, 2003 07:44 AM
Yeah sounds like life is tough. I always wondered how rough it is to make sure you get paid and that you're not getting screwed by businesses. I suppose the only safe consulting is to work for a consulting firm and get assigned to a job.. but that isn't independent consulting.
90% of what i know is network related. where most Win2k/2003 admin would use microsoft load balancing to run a web farm, i say throw in a foundry server iron. where most microsoft admins would use their win2k/win2003 server for vpn, i say get a nortel contivity. for me it's all about making this simple, solid, and efficient.
i was considering getting some of my certifications renewed in the event i decide to start consulting. it's been a while, but they seem to carry a lot of weight in the consulting world. ccdp would be nice or maybe ccnp and ccie.. the problem i have with the ccie is that, even though it's tough, it gets focused on one area. routing/switching, wan/carrier, security, or voice over ip/avvid. i don't want to be just a full time ip telephony guy..or some route/switch support guy supporting legacy lat networks. i want to design newly engineered networks from the ground up or forklifting the old network. well i think you get the idea.. thanks for the feedback.