|
|
|
|
|
|
by WelcomeShorty
1694 days ago
|
|
|
Most comments seem to focus on active security testing. My experience is that this is just 20% of what companies call Security. 80% of the effort is compliance, regulations and getting "holes plugged". For one to be successful in corporate security, you better be good at PowerPoint and selling ideas / wishes. Currently my role is managing a bug bounty program for a largish company. Getting a service on-boarded (explaining the benefits and expectations) is 40% of the work, agreeing with the service owner on the CVSS scoring 10%, getting a service fix a finding about 20% and the rest of the work is the cool stuff (validating findings, communicating with the hackers & setting a bounty). So my "advice" to you would be, figure out what exactly you want to do "in Security". If you like to get your feet wet in the technical space, sign up to a Bug Bounty program and start searching. If you want to be administratively involved, by all means apply for any of the "looking for security officer / manager" job offerings. |
|
|