If you haven't read Volume 1 "The Beginning", check it out now.
So fast forward from that time where I worked in K-12. I had worked for the school system for a little over 4 years and it was time to move on. For those that have been in IT for a while, you know that the jobs can get stale which can cause you to burn out. I was there and it was time to go. I took a job with a consulting company which offered a nice pay increase as well as possible training opportunities (later I found this to be exaggerated a bit). The job was a love/like/hate relationship. I loved the amount of experience I was getting from all the different environments and systems. I loved that I had people above me that had much more knowledge than I did on a number of related topics. I liked most of the people I worked with. I hated the travel. Now I had an idea that I would be on the road a bit more than a normal 9-5 with a standard commute, but it does drain you and can cause you to make some poor decisions in handling your job. Now that being said, I still would not have traded that experience. I think 5 years doing the same job in IT is a pretty good run. Will I ever take on a job like this again? Certainly not, but I would still recommend that if you are new to the industry, a consulting job will be your best bet to gain a significant amount of experience. Just do your research on the company before hand. That is all I will say on the matter in this post. I may right something in the future on the topic.
Back to the story... So I was getting burned out and InfoSec was just starting to become a hot topic, at least in my world. We had one guy in the company that held a strong interest in the art of penetration testing. Sadly, at this time, there was little call for it. We mainly did vulnerability assessments since no one wanted to pay for the full penetration test and/or risk having their systems down if we succeeded in the test. This field of study fascinated me. So I began doing some heavy research in the topic. I provisioned some systems in my home lab to play with and started using twitter so I can follow some pros. I filled my iPhone with all sorts of security podcasts. I was really into it. After I learned that with good security, one can eliminate a number of the small day-to-day fires that Sys Admins have to deal with, I made a choice to pursue this as a career. So I updated my professional development plan and let my manager know this is what I want to do. And shortly after that, the lead engineer for Security Services gave his notice. Well I still tried to take on more security related tasks but eventually, it was time to look for something new.
Remember that thing about burning out? Due to a couple bad calls on my part, it was decided that the company and I were no longer a good fit. I was able to take a nice semi-paid 3 week vacation before going back to consulting. I took a job with another consulting company to pay the bills. But it was not the job I was looking for. If it wasn't clear, the choice I made was to pursue a career in Information Security. I really didn't know what that meant exactly. I did know what I didn't want to do, and that was to have to troubleshoot printer issues forever. So I was determined to find the job that would support my new goals. I wanted to find things before they became problems. I wanted to prevent the common day-to-day fires caused by improper anti-virus software installs and poorly configured firewalls. During that short stint with that other consulting company, I was presented an opportunity to take on a Security Administrator role in a local not-for-profit insurance company. So I jumped at! You have to do what is good for you. So you find that new job, write your resignation letter, and part ways...
Continued in Volume 3: Career Advice