Is penn testing a required skill of an Information Security Analysts or Engineer, or should it be a job profile of its own?
I know I would not do penn testing as an analyst or engineer.
I usually don't list Social Engineering on my resume, even though I have some training. It's not something that just any security position or role should be doing.
@bumponalog I would agree.
I am not in the DFIR security field, but was once asked why I have the training. It was so I know how to work with those that are in DFIR roles. Not because I or every Info Sec role does that kind of work.
I am having major concerns about some job profiles that had to been guided by individuals that don't really understand information security. And it is something I can not fix.
They have one main profile and tweaked it make it into two, an Analyst and Engineer role. They added various roles as required skills.
I just trying to internalize if I am in the wrong, or this was a mistake.
@bumponalog This I knew. I was a head HR Security Officer for about 10yrs. This is why I am internalizing this so much, I really understand HR. And that is what I plan to do in this specific situation. It's not something I can change.
I was just hoping for something more meaningful this time. Writing my own BISA job profile is cathartic and will help inform my professional crusade to advance the role of a BISA or Cyber Security Strategic Partner for the industry. I am in the middle of writing an article. Not sure what will come of it. I may never reach my goals, but I can pave the wave for others.
David Stucky
bumponalog