this post was submitted on 26 Jun 2023
16 points (100.0% liked)
cybersecurity
3249 readers
9 users here now
An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Community Rules
- Be kind
- Limit promotional activities
- Non-cybersecurity posts should be redirected to other communities within infosec.pub.
Enjoy!
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I've found the good $$ is finding just a good ol' "security engineer" title somewhere (most likely a tech company). If your title is "red teamer" or "pentester" and you're not at a well-paid boutique consultancy you're likely being underpaid compared to what you'd get on the engineer track. Where have you applied before/recently? Right now is a frustrating time to job hunt but better now than never, especially if you are bored or disgruntled in your current role. On the "security researcher" front, have you considered (or are you already doing) a blog or something? I've found that supplementing my day job with my own research and publishing it has the combined effect of keeping me interested in security in general as well as being good material to share with prospective opportunities.
So the thing is I can't really be bothered with blogging rn , not sure if I'd make a good blogger cause I usually have small tips and tricks and not full blown posts. Also I'm currently locked in my contract for atleast another 9 months then I'm free to go. What's the difference between a security engineer and security researcher?
I understand the obstacle to blogging. But that's where micro-blogging comes in! Twitter is out of vogue so I'd say use Mastodon (or similar Fediverse-ey microblogging platform, e.g. Calckey, etc..). You can post all your tiny tips and tricks and other thoughts there rather than having to pull together full-fledged blog posts. This will help you build a portfolio of contributions to the community as well as build a network.
As for sec eng, vs sec researcher? These are merely titles. A security engineer could certainly be a researcher as well. I'd say you have a lot of "independent" security researchers who day-light as engineers. In some cases you have folks who are researchers as their day job but to get these sorts of roles I would suspect you would need some history of published research (like CVE's, talks, papers, blogs, etc...).