To summarize, I currently work as an ethical hacker (with about 4 years of experience) for a bank. The bank is currently making a transition to the AWS cloud and they are looking for Cloud (security) engineers to set up the entire cloud infrastructure for the organization. This includes security monitoring, IAM, encryption, etc. The focus is to develop, design, build and maintain the environment, so basically, I will probably be one of the main guys regarding security, but will also need to assist in maintaining the environment. Basically, we need to set up a environment that can be used by DevOps teams, so they can easily use the building blocks we will provide. It will be a temporary project for the most part (for about a year probably), but they will need people to stick around to keep maintaining the environment. Tbh, I’m not really thrilled about the whole ‘maintaining’ part (did that enough in my time as a system administrator), but being able to say that you helped set up the cloud environment for a bank and helped making it secure as possible might be interesting.
Basically, I’m a bit 50/50 on this one. I do think that having Cloud Security on your resume in addition with ethical hacker skills would make a great combination. Makes it possible to become more of an allrounder, granting more allround knowledge and will probably give me more possibilities job wise. I recently had a job offering due to my security knowledge, but due to my lack of cloud security knowledge I wasn’t the best contender for the job.
I do think it’s a good time to invest a bit more in gaining cloud skills and knowledge, seeing as more and more organizations are making a transition to the cloud. Adding security on top of that will probably create more possibilities (and a more interesting paycheck at the end of the month). However, there is a possibility I might be overestimating this.
So my question is, should I take this opportunity, or do you think it’s wise to stick with being the hacker? If it makes any difference, I currently have the following security related certifications: CISSP (Certified Information Systems Security Professional), eCCPT (eLearnSecurity Certifified Professional Penetration Tester), eWPT (eLearnSecurity Web Application Penetration Testing), ISO 27001 (Provisional Implementer) and AWS Cloud Practitioner.
Aside from that, there might actually be a possibility for me to go the Information Security route, so basically, less hacking, but more on the other side of risk. Might also be a good opportunity for me, although this route is less certain than the other. Will probably need to do quite a bit to get a footing there and even then nothing is certain.
EDIT: Another option would just be to do this project for a year, then hop back to my job as an ethical hacker. According to my manager, it is always possible to ‘hop back’ so to speak.