Originally Posted by Unregistered
(Post 214544)
seeing a lot of comments regarding the CSDP scheme, my 2c and general feedback
pros:
+basic salary 4.x
+training opportunities (good)
+occasional training with reputable organisations and strategic partners
cons:
-training opportunities (bad)
-free certs with that grant absolutely no recognition in places that are worth their salt (CEH is seen as a negative value for some orgs)
-honestly speaking you might be better off paying your own and getting better intro level certs, it's not that expensive
-no autonomy in training, you are sent for training without your consulation on your interests or based what you already know
-not much hands on as we are a regulator, no getting your hands on data (see below)
-usually no visibility into what other parts of CSA are doing
summary:
-might be ok to start, but don't stay here too long
general csa:
+either plenty of free time and work-life balance or very busy depending on department
+strategic partnerships with many organisations
+training opportunities
-for technical folks, total annual salary packages are below market rate and will never keep up with inflation, especially for technical farmers
-bonus takes up large % of total compensation, depends on your performance grade/rating
-grades are given out on a bell curve, but technical people are not valued here, scholars and eunuchs are and they get most of the good performance grades
-demographics and DNA of this organization's senior and middle management are heavily skewed towards ex-military personnel spending the bulk of their career in non-cyber domains
-people with actual technical cyber experience in private sector are in an minority-most that join do not stay long, you will most likely not be able to learn and experience technical mentorship and guidance
-as the regulator, it is by design that they do not own any assets, and this means you will not be able to do pentests, take concrete and measurable interactions on threat intel, perform threat hunting at will or investigate incidents with any meaningful frequency
-thus for those looking to do actual cyber work, your amount of hands-on experience/year here will be a fraction of what you gain while working in other firms
-your work duties here will include usually include 1 or usually several other miscellaneous tasks not related to cybersecurity, as with any other civil service job-there is no concept of a purely technical role
-knowledge management in most teams/departments is very poor and almost non-existent across teams/divisions
-knowledge exists mostly in email, and old-timers just keep all the information to themselves
-knowledge sharing internally is few and far between, culture does not reward and encourage the rare few that try to do this
-they are in cybersecurity but they have little to no software dev capability internally, large reliance on external vendors and being at their mercy
-significant % of middle management and permstaff are happy to coast and farm the salaries here and show no drive to innovate
-the average tenure here is less than 2 years but they conduct employee surveys less frequently than that, and draw flawed conclusions about sentiment and effectiveness of policies
-new joiners are increasingly forming a large % of the organisation via the CSDP program, some departments have also given up hiring people from private sector
+new joiners are inexperienced but enthusiastic compared to the average permstaff
-WFH % will only decrease as COVID eases up, management tends to like to see staff in office
-internet surfing separation means that you will have to carry 2 laptops everywhere you go to work effectively, you will not be provided a separate internet machine-source your own.
this place is what it is, if you feel like you are stagnating or not growing just leave.
infosec roles are in major shortage right now at all levels
|
