The only constant is change

-

"I'm leaving next week. I'll change to company Y."

This comment from my coworker caused quite many feelings and put my thoughts in motion. "Company Y.... Umm... I have heard it few times, and I know persons who have joined them, but I have no clue what they actually are doing. Let's see what their website shows. Oh. They seem to have an open position, which would be a direct match for me."

At this point I had been in my position a little less than three years. Those years had been absolutely incredible, from the experience (and also CV...) point of view. When you are working in a global enterprise as the product security engineer/cyber security architect for a product line whose products are used globally in critical infra related use cases, it's quite unique place to gather experience and hopefully also knowledge & know-how. 

There were multiple really interesting projects going on, which would give even more experience around how to secure 40 year old software, and I had not even considered that I would look elsewhere. But my career planning has followed the method 'If there is an open door in front of me, and no visible fire can be seen through it, it is worth to step in'. 

So, I decided to send my application and check if the new lines in my CV would have actual real life value. I noticed that they had value, and surprisingly fast I got a job offer which I accepted. 

Now it was time to step again in totally new shoes, jump in the deep end of the pool and learn to swim. And learn it fast. 

My career path during my M.Sc studies and after graduation had jumped here and there, but when looking back, it has really guided me to my current role. I graduated from RF engineering, but have worked in that field only during one summer in Nokia, playing around with mobile phone antennas. 

As a friend of mine once said "It doesn't matter what education you will forget at work." But, yes, the career path: Sysadmin -> project manager with operational responsibilities & sysadmin duties -> sysadmin/team lead/ICT manager -> product security engineer -> cyber security consultant. I am a sysadmin by heart, but still the project manager position was quite far from normal sysadmin world, and the jump to product security engineer from ICT manager was not very much forward in the career ladders....

I've been in projects where an external consultant was brought in to solve some issue. And now I would be the person, who should have answers for every questions. Yikes!

But I've learned that great consultants are usually generalists, especially in my field. Of course you need to understand the topic in hand really well, but if you don't have wide domain level understanding, you will fail. And most probably you will fail fast. 

I've also get used to the fact that I'm a generalist. I won't ever be the best expert in some (really) narrow field, but I've said for years that "I know absolutely too much about some things, and something about absolutely too many things."

This profile is described quite well in the following picture, which is generated by Bing using its Dall-E 3 stack. I just thought to try out few pictures for my upcoming local security meetup presentation.  This T describes that you know few topics really well and your understanding goes deep. And then many, many more topics you don't know so well, but you know enough to understand how they are connected to each other.

So, what next? I have no idea. Oh well, as a consultant I should never say that. I still have things to learn! 

“I have never tried that before, so I think I should definitely be able to do that.” - Pippi Longstocking

When I joined the previous company, I made a self-commitment for three years. But I failed it, as I left two weeks before the three years were full. Now it seems that I have finally found a place where I can trust the nearest leaders and managers to actually be there to help me. This has been one of the biggest issue for me in most previous roles. I have not had such a manager which I would have needed. Of course I don't yet have long experience in this latest (and greatest?) company, but let's say that I have gathered 'some experience' during my years, and for now things feel really good. Not perfect, of course, but if you want to find a perfect place, you will be disappointed....

But anyway, my days will be spent around IEC62443 in the nearest future, and hopefully also with something else in the long run. I definitely need something concrete, so only writing stuff in the Powerpoints is not my thing at all. But now I can learn multiple domains and business areas. And I can hopefully utilize my wide background when solving those issues our customers are facing. 

And if I have some IT issue, I know who to contact. This comment may be based on some not so great experiences in the previous global enterprise, where IT is definitely not helping business units to perform as well as just possible. 

Let's see where this door finally will lead me. I'm as eager to see it as you probably are, but at the moment I don't wait any new changes. I'm happy where I am now.

Comments

Post a Comment

Popular posts from this blog

Passion is a fruit

-
 "What if we educate them and they leave?"  "Well, what if we won't and they won't leave?" "Hi, there will be a big security conference in Helsinki next February. I'm going there. Can I use work hours for that or should I use my vacation days?" This is how I presented the trip to Disobey to my boss last autumn.  Disobey is quite a unique event, and presentations are not The Thing(tm) for this event, even though they are also awesome. Meeting people and discussions with them are among the reasons to go there.  This year the following presentations were nominated to my top list. Not all of them will be released on Youtube, but I can recommend any of those which will be released. Antti Kurittu: Story of Vastaamo (Keynote) Juho Jauhiainen: Losing My Mental Health in Cyber Security Jussi Eronen: Vulnerability Handling for the Masses Helinä Turunen: Cyber Comms 101 - What to Say When Cyber Hits the Fan (workshop) Lea Viljanen: Hacking the Audit Int...
Read more

Hack the Box, CTF, challenges, and ethical hacking (+ some thoughts about courses)

-
During last few years I've bought some Udemy courses when some person has suggested them. Mostly they are related to security and hacking, because that's the high level topic in ICT which interests me most. Yes, I've bought them. And hadn't started any. Until this summer. In the past if you wanted to learn some new skill in the ICT world, you usually attended some 3-5 day long course which normally costs some thousands of euros. Quite costly, too much information in short time span, and it required many days off from work + traveling. Then came the online courses. They cost less, you can follow the videos as you wish with your own schedule and you'll get community reviews for courses before buying them. I'm not fully sure but I suppose that the instructors get some amount of money for every attendee and no one wants to use their money (or time) to poorly made course. Thus every instructor has an incentive to make their course as good as just possible. At the mo...
Read more