Ask Lesley From Ops to DFIR, a Tough Transition piratesccru, track2shopcc

Lesley,I am having the hardest time getting my foot in the door in an investigative role. I have spent almost 4 years at the same job, in the same role, and cannot find a way to transition out of the operations side of the house. I went into operations with the intent of doing the dirty work and putting in my time to show I was reliable and willing to work. I wanted to parlay that into a role that better suits my way of thinking. Well, after numerous management changes, all the sweat equity and work I put forth is now lost in the various changes in management that have taken place and I am just another security engineer working in operations.How do I make that leap to threat hunting or forensics? My workload is not relevant to that kind of work so I am missing the experience that every single one of those jobs requires. How do you get a job that requires experience when you cannot get that experience without that job? I’ve been warned about getting too much alphabet soup in certifications, that it can actually be a strike against you if you have too many. I’m so frustrated that I am still in the same position I was 4 years ago. That the certifications I worked to get just before getting this job and the resulting skills I learned in them are no longer fresh in my mind as the job I have does not utilize any of those skills.I’m back to looking for a job that I have most of what they are looking for but not enough to get a second look. What advice do you have for folks that are in my position. There are hundreds of thousands of roles open in security but it is still so hard to get a foot in the door. Thanks,
– A Frustrated Tech
Dear Frustrated Tech,
I’m concerned about the organization you are currently working at. Here are the main reasons why:
My first inclination is that it is time to start seeking employment elsewhere. However, you do have some responsibilities to fulfill if you have not done so already:
If you have already done these things, then my gut feeling is probably correct that you are either in an organization that is mismanaging junior security operations talent due to program deficiencies, does not have a sufficient training pipeline from junior to senior, or simply has no interest in doing these things as they are only concerned with ticket metrics. At that point, there’s not a lot you can do except “get while the getting is good” and move to a more conducive environment ASAP before your skills and certifications lapse.
I wish you a ton of luck in your career progression,
piratesccru track2shopcc