I have a general security question. Its not related to any OS but about the security field. I would like to know the following.

Whats it like? What is a typical day like?

How did you get your job?

What is the best way to get into the field?

I was told by the head of security of the University I worked for that the security guy has all the responsibility but none of the power. He made it sound like he could recommend a policy that the higher ups don't want to enforced. So it doesn't get enforced. If that is the case I think I will stick with being an admin. Any help you all can provide would be great.

Every company is somewhat different, but what you describe is generally the case. Security is almost like hardware to a system admin. It has costs associated for the company. Just as you have to get approval to purchase items that exceed some value, security practices need approval because they cost the company time and/or money. The security guy's job is not to assume risk on behalf of the company, but rather to identify issues and determine if correcting them is cost effective (like creating a proposal for a hardware upgrade). Where a correction isn't cost effective, a risk mitigation strategy needs to be developed.

In both cases (admin/security), a better knowledge of the business is very useful. The more you understand the realities of cost/benefit/risk to the organization, and the better you document the practices, procedures and issues, the more your executives will trust your recommendations. At some point, that trust can translate to responsibility - you get to make the decision, without approval. At that point, your documentation with clear and concise communication becomes more important. It covers you when things go bad (and they will).

Thanks for the reply.

So you are saying some type of business degree/experience would help me get in the field. I have a BS in Information Engineering. I was thinking of a MBA. I would like to do penetration testing but I think that is a rare job.

Whether an MBA is useful depends on your company and you as an individual. The issues that drive your business are not that hard to understand. Look beyond the scope of your job, and understand the jobs of those around you.

If your company allows it, rotate through as many positions as you can. Make sure you have up-front agreements on time frames; you don't want to be dead-ended in a role you don't want. Tier 1/2/3 support, project management, team leader - as many in your surrounding areas as feasible. The more exposure you have, the more you understand, the more you see. And more importantly, the more you are seen.

When you decide to rotate into security (or any other position), you will have the support, trust and respect of those in the surrounding areas. You will be able to make better decisions, because you will better understand the impacts of those decisions. You also become a very valuable employee.

It's not for everyone. Most people are happy with collecting their paycheck, and doing their thing. To me, work was 33-60% of my life; I aimed to make it as rewarding as possible.