Answer the question
In order to leave comments, you need to log in
I
I
Ivan Urgant2021-09-01 13:21:30
Ivan Urgant, 2021-09-01 13:21:30
What direction of work is more relevant in the field of information security?
Good afternoon.
Need advice on choosing a job for retraining from a system administrator to the field of information security. They offer:
1. work in a branch of a Russian bank - support of CIPF, crypto-pro, PAK Sobol and other equipment, conducting various pentests of their systems, investigating incidents.
2. work at the enterprise - implementation of Federal Law 187 on the security of critical information infrastructure - as I understand it, part of the work is paperwork, part related to procurement and investigation of incidents, part I don’t know with what, maybe with some kind of equipment, they don’t talk.
Everywhere they offer a small salary.
The question is - in order to make experience (year-2) and move further into IS, which of the options is preferable, since I have no experience in either one or the other?
What area of work in the labor market in the field of information security is more, so that later it will be easier to find a job, and what knowledge will be most valuable for a subsequent job search?
And also a philosophical question, in your opinion, the transition to information security from a system administrator who serves, for example, a medium-sized office, where there are 100 user computers, 10-15 servers on Windows / Linux, a Mikrotik network, telephony, etc. is he justified?
Why am I asking, I have been looking for a job as a system administrator in the city for half a year, they offer an average of about 40 thousand rubles, only everywhere there is a different level of hemorrhoids, it seems that the profession has depreciated, it is disgusting to walk around users and solve their problems, it is very difficult to find something adequate in terms of salary and functionality, or am I wrong?
2 answer(s)
@Protos
Well, it’s as if it has nothing to do with information security from the word at all, it’s like the work of an ENI / service engineer
But this is real security, but here experience is needed and an understanding of how to attack, know the methodology, something is clearly wrong with that bank, or at this point you meant to run a vulnerability scanner. In general, if you want to try yourself in this direction, why not, but you will run into the fact that the head security officers are in Moscow and they don’t care about you. At the same time, you will understand how hard it is to force admins to improve something, because they have the principle “don’t touch it” and don’t care that everything is in holes.
2. There will be tons of regulations, tons of documents to develop, and if you do everything right, then you will improve in analytics, but there will most likely be a lot of paper. If you are appointed responsible for the CII, then this cannot be mowed down, a prison may threaten if the system recognized by the CII object is hacked and it floats away.
@CityCat4
If you intend to work in banks in the future, you should work here. Banks are a very specific environment, they have a lot of their own requirements, knowledge that cannot be obtained anywhere except in another bank
Most likely, you will have to work more with papers - gnaw at the normative, read and write instructions. CII is such a very special thing to itself. Knowledge of the legislation in the adjacent area and even knowledge of the current political moment will be required - CII did not arise from scratch, it is directly linked to import substitution and other such things. If you are going to work in government agencies, in factories - you are here
U
Uncle Seryozha, 2021-09-01 @Protos
1. work in a branch of a Russian bank - support of CIPF, crypto-pro, PAK Sobol and other equipment
Well, it’s as if it has nothing to do with information security from the word at all, it’s like the work of an ENI / service engineer
conducting various pentests of their systems, investigating incidents.
But this is real security, but here experience is needed and an understanding of how to attack, know the methodology, something is clearly wrong with that bank, or at this point you meant to run a vulnerability scanner. In general, if you want to try yourself in this direction, why not, but you will run into the fact that the head security officers are in Moscow and they don’t care about you. At the same time, you will understand how hard it is to force admins to improve something, because they have the principle “don’t touch it” and don’t care that everything is in holes.
2. There will be tons of regulations, tons of documents to develop, and if you do everything right, then you will improve in analytics, but there will most likely be a lot of paper. If you are appointed responsible for the CII, then this cannot be mowed down, a prison may threaten if the system recognized by the CII object is hacked and it floats away.
C
CityCat4, 2021-09-01 @CityCat4
work in a branch of a Russian bank
If you intend to work in banks in the future, you should work here. Banks are a very specific environment, they have a lot of their own requirements, knowledge that cannot be obtained anywhere except in another bank
work at the enterprise - implementation of 187 FZ
Most likely, you will have to work more with papers - gnaw at the normative, read and write instructions. CII is such a very special thing to itself. Knowledge of the legislation in the adjacent area and even knowledge of the current political moment will be required - CII did not arise from scratch, it is directly linked to import substitution and other such things. If you are going to work in government agencies, in factories - you are here
Similar questions
P
S
K
B
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question