September 23, 2021

GRC vs. Security Ops?

Hey Everyone – I’m a solo security admin for a medium-sized (over 400) organization. I apologize if this breaks the rules. I’d love to expound more, but you’ll see the reasoning for my hesitancy in the next paragraph.

To be honest, I came into my position from the helpdesk (only 2 years) with WAY below any measure of competency in the security realm. I recognized the… lacking skillset of the prior admin before they left, and leaned HARD on my soft skills to aquire it. For the record, my predecessor couldn’t even explain their organization methods on the file server before they left, let alone explain PCI-DSS to our management. I had to do dozens of enterprise-admin password resets for our vendors if that enlightens you at all.

I tried my best to learn the profession from a base level: I passed the CISSP exam in 3 months from taking the position… but considering I still need 4 more years of experience, that feels like a huge waste of money (paid out of pocket for everything).

Anyways, the bulk of my concern here is that I feel like I’m now coasting… I’ve automated our security awareness training and phishing simulations. I’ve convinced my leadership & 2 person network engineer team to acquire and learn a vulnerability scanner and SIEM product (although they won’t allow me to access the SIEM??). Our infrastructure team is… trying their best.

It probably doesn’t need to be said but I don’t have a formal risk management background. I’ll be honest: I don’t even see the 3×3 grids or w/e to be particularly useful. I use my open-source threat intelligence streams (like Twitter??) to alert my teams as issues come up publicly. I don’t know a single programming language… but I’m expected to resolve conflicts between the dev team, the infrastructure team, and the network team on every project in the technical minutiae.

I have a machine dedicated to REMnux (so I can submit decent phishes to CISA) & learning Python in my off time, but that’s about it. I can *kinda* read code & pcaps, but not with any real confidence…

I envy you folks that have confidence in your skills in this area… I’m not just suffering from imposter syndrome; I’m absolutely the imposter you’re all afraid of being: I more or less don’t know anything useful at all.

I don’t want to tank my enterprise… but I’ve already written up a resignation letter. Do you all have any suggestions? I’ve been provisionally accepted to the SANS bachelor-ish program, but my enterprise is currently migrating to Azure, so I’ve got my AZ-900 and am working on my SC-400(?) and the like. I’m just so tired of feeling like a fraud in everything I do.

I kinda want to drive one of those quarry-size dump trucks and give up on InfoSec.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.