August 30, 2021

GRC or Threat Intelligence as a career move

I need some advice and guidance…

I currently work in security with 15+ years background in Admin and Engineering. Generally speaking my role is more Security Admin, leaning towards GRC. More specificially I manage enterprise security solutions, push CIS standardsbenchmarkspolicyproceduresstandardization improvements and identify risk.

Progress is incredibly slow, at best. I am 100% capable of remediating just about every finding I’ve identified AND I have the time to do so but … separation of duties. The speed of change is too slow, I’m bored and losing my technical savvy. Submitting a ticket and waiting is not my thing.

I’ve been circulating my resume but not getting many hits. I’m fairly new to InfoSec (3 years) and lack certifications. That said, the SecOps manager (whom is much younger than I but has my respect) is attempting to recruit me for the primary role of EDR, threat intelligence and the like.. specifically because of my background and reputation.

Would accepting a position in operations (even though we’re not the classic 24/7/365 operations) with a focus in EDR be moving backwards? Is GRC generally a more lucrative position than Threat Intelligence? Should I wait it out in GRC and continue to “move the needle”? Is it okay to be bored and perhaps use that time to cert up? I’m definitely in need of advice.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.