Solid read. I think what I'm missing here is an acknowledgement of uncertainty. When you're just starting out, it's extremely hard to map out all the different types of security roles that can exist, let alone what a typical day job might look like.
I started out as 100% wanting to be a pentester. Then I figured that I enjoyed detection engineering, because it has a building/DevOps-ish aspect to it. Then I gained exposure to incident response. Then security engineering, etc.
I guess my message would be "strong opinions, weakly held" about what your career goal is. It's totally normal to pivot, and it tends to create amazing profiles, such as a security engineer who's done some pentesting before and has been a software engineer too.
Solid read. I think what I'm missing here is an acknowledgement of uncertainty. When you're just starting out, it's extremely hard to map out all the different types of security roles that can exist, let alone what a typical day job might look like.
I started out as 100% wanting to be a pentester. Then I figured that I enjoyed detection engineering, because it has a building/DevOps-ish aspect to it. Then I gained exposure to incident response. Then security engineering, etc.
I guess my message would be "strong opinions, weakly held" about what your career goal is. It's totally normal to pivot, and it tends to create amazing profiles, such as a security engineer who's done some pentesting before and has been a software engineer too.
Very true, there are a lot of domains within Security! Many that folks just starting out might not know exist.
Here's a post about this if you're interested,
https://zendannyy.substack.com/p/the-umbrella-of-cybersecurity-d8a
Yes, that’s a good saying I have read and can apply here.