|
|
|
|
|
|
by SCHiM
1590 days ago
|
|
|
My view on this is that, unfortunately, blue team positions are seen as entry positions. In general blue team members have little autonomy. They don't chose the suite of tools, protocols and have little mandate in a company to change a single thing since they're a cost centre. The job is frustrating because many socs are beholden to central IT to fix even high severity issues, this generates a lot of friction. Most organizations have a big feed of alerts that trigger on everything from ransomware, to a user plugging in a razor mouse... This makes the job frustrating and boring. Contrast this to red team positions. If they're lucky they get to cowboy all through the network never asking permission after initial sign-of. And why would they? Nobody spots what they're doing anyway, as long as you don't create problems in prod. |
|
|
I work for a large multi-national in the entertainment industry with a really good work culture. We leave a lot of autonomy (we in fact expect people to become autonomous) and trust that we all know how to do our job. It has been very rewarding so far.
On the technical side, very few of our positions are entry level, some are but most are more advanced.
For example, we reached a maturity level where we don’t only build detection but we also build unit tests for them, either by making our own payloads or use and contribute to projects like Atomic Red Team. This requires excellent knowledge of OS internals, cloud security, system programming, etc.
Your comment makes me think we should try to reflect all of this in the job description to make the positions more appealing. There might be good candidates out there hesitating, thinking it’ll be like life in an MSSP SOC.