Home > Career > Your InfoSec Dream Job?

Your InfoSec Dream Job?

Assuming you were going to stay in the "Information Security" industry, what would you do if you could pack up your office tomorrow and move into shiny new digs in your dream job?  What would that be?  With whom?  Doing what?

I’ll start:

  • On the vendor side: I’d go to a start-up/up-start (my 5th?) again where I can make a huge difference.  I’d do something with virtualization, information-centric security survivability and converged enterprise architecture.  I’d find my next Crossbeam.
  • In the Enterprise, I’d go to a mid-sized progressive services-focused company who understands and "appreciates" the management of risk and investing in security that can be used as a strategic differentiator for the betterment of the business.
  • Venture Capital: I’d love to work in some capacity for a fund with a large and diverse portfolio that would allow me to evaluate technology for investment potential.
  • Research/Analysis: I’d look into a DARPA/NSF-funded long-term research project focused on next generation networking with an integrated security services layer, working to solve long term event-horizon survivability/assurance problems and delivery modality constructs.
  • Independent Consultancy:  I’ve done it before and it became a 7 year rollercoaster ride that was fantastic.  More and more companies need objective "executive steering assistance" for business-aligned, long term strategic risk management, business resilience, information assurance and infrastructure protection guidance.  Just ask Mogull.

You can thank the fine people at St. James’s Gate Brewery for this one.

Your turn.


Categories: Career Tags:
  1. January 4th, 2008 at 12:27 | #1

    This is an easy one. The company itself would be populated by smart, driven people who are truly passionate about security. Two things I'd be happy doing there would be:
    1. Pentesting, but in a smart way. As in not just running some automated tools and producing a pretty report. The ideal would be really digging in to try to find the unique holes for a given project. I wouldn't want to waste time coming up with a big report that basically just said "apply the following vendor patches."
    2. Research, ideally studying and inventing entirely new vulnerabilities and attacks. Random fuzzing, not so much. (Though I'd take "fuzz until it breaks/write an exploit" work in a second.)
    Makes me wonder why I'm not actively pursuing this.

  2. January 4th, 2008 at 14:52 | #2

    I would be someplace where I can tyrannize even more people than I am now.

  3. January 4th, 2008 at 16:08 | #3

    Any place where information security is more than a check box next to a compliance questionnaire.

  4. January 5th, 2008 at 08:21 | #4

    Get money from NSF or DARPA for something visionary? Forget it. The government keeps cutting funding for long term research. Factor in inflation and increased competition for resources, and the amount spent on research now is actually dropping and the timeline for focus continues to shorten. Success rates for very good proposals is under 10%, limited in size, and usually allocated to small, incremental projects. This is true across all the STEM areas, actually. Industry isn't helping, either — where they used to provide some funding to support long-term research. many are now restricting that to only funding specific projects where they expect to hire the students and capture the research as proprietary products…assuming they are funding anything at all.
    Just thought I would point our from the front lines of academic research that "dream" applies not only to the job description in that aspect of your essay.

  5. January 5th, 2008 at 10:36 | #5

    Join us, Hoff. 🙂

  6. January 5th, 2008 at 10:45 | #6

    I treasure your advice here, but there exists at least one very cool project that *is* funded. 😉 I met with the team last week as one of my old friends, Aaron Falk, is the architect and lead system engineer:
    > With support from the National Science Foundation (NSF),
    > researchers are working together to design a bold new research
    > platform called GENI, the Global Environment for Network
    > Innovations. As envisioned, GENI will allow researchers
    > throughout the country to build and experiment with completely
    > new and different designs and capabilities that will inform
    > the creation of a 21st Century Internet.
    > Today, NSF announced that BBN Technologies, under the
    > leadership of Chip Elliott, has been selected to serve as the > GENI Project Office (GPO). The office will work closely with
    > broad networking communities to create and develop the GENI
    > design.
    > The creation of a project office, which received an award of
    > $2.5 million per year for up to four years, is a major step in
    > the NSF process to build major research facilities and marks a
    > key step toward making GENI a reality.
    You can read more here: http://www.geni.net/office/office.html http://www.nsf.gov/news/news_summ.jsp?cntn_id=109

  7. January 6th, 2008 at 00:36 | #7

    My dream jobs are:
    1- To work in an the R&D of an IPS vendor, where I will be responsible for studying the new attacks and write signatures to detect them etc.
    2- I'm not sure if such job exists, but I like doing penetration testing and test products to see if they are vulnerable and what possible exploits can affect them. What I am talking about here is penetration testing for new products using code analysis and fuzzying and not the script-kiddie like penetration testing as a service.
    3- Have my own start-up that introduces a new technology or product to the security market.

  8. Chris
    January 9th, 2008 at 12:39 | #8

    If you can get Spaf to post a blog comment, you can land that dream job!

  9. January 9th, 2008 at 18:57 | #9

    >> If you can get Spaf to post a blog comment, you can land that
    >> dream job!
    Well then, I'm golden. He's commented here before on other topics. He's one of the folks I admire greatly so dream job or not, I'm happy 😉

  1. No trackbacks yet.