An IT professional of nearly 20 years, I've worked mainly in small to mid-sized internal IT departments, with a small stint in a MSP. I've worked in the public and private sector, and now find myself working for a not-for-profit/charity. The last 11 years have been a combination of system administration roles, and as a very hands on IT Operations manager.
Because of the nature of the size of the IT departments I've work in, I very much developed a breadth of knowledge, rather than a depth. In my current workplace, I've done everything from SOE Development, Automation, Firewall and WAF implementations, Wireless roll-outs and multiple storage implementations including a 2.5PB HSM solution. This diversity is extremely interesting, but it also means I'm by no means an expert in any one area. Skilled enough to support and maintain the systems, but never with the time to truly become a subject matter expert in any one of them.
All that changed recently, when I became the sole member of the IT Security Team at my existing workplace. I've been responsible for the security as the Operations Manager anyway, but this new role has provided me with an opportunity to specialize. That said, security itself is incredibly broad, but my technical focus has narrowed significantly. Having the time and space to investigate, design and implement security solutions in the required detail has been incredibly refreshing.
I'm also enjoying learning about offensive security. That is certainly an area where I need to grow, but it's interesting, the only real issue is there isn't enough time in the day... and for some reason I decided to start this blog as well! Although to be fair, this is really just repository of documentation for my own benefit. If that is useful for someone else as well, excellent! And if it means someone with a deeper knowledge than I engages to provide more depth to the discussion, even better!
Thanks for reading,