 |
|
20-04-2022, 10:29 PM
|
|
|
Quote:
Originally Posted by Unregistered
CSA deals w nation threat actors. Not many agencies do that. Its an interesting scope not found elsewhere.
|
govtech deals with state sponsored threat actors / apt groups also
c2 sector lead for sg govt is govtech
tension btw csg and csa when csa first launched over scope of work
|
20-04-2022, 10:30 PM
|
|
|
Quote:
Originally Posted by Unregistered
CSA deals w nation threat actors. Not many agencies do that. Its an interesting scope not found elsewhere.
|
this might be true but you cant deny govtech's branding to other tech firms and to other CS as well. maybe not all teams in GT but surely advanced cybersecurity capabilities in GT is quite renowned arguably more so than CSA or HTX.
|
20-04-2022, 10:37 PM
|
|
|
Quote:
Originally Posted by Unregistered
this might be true but you cant deny govtech's branding to other tech firms and to other CS as well. maybe not all teams in GT but surely advanced cybersecurity capabilities in GT is quite renowned arguably more so than CSA or HTX.
|
yes and top tier talent among whom is the infamous president scholar and top hackerone and top mindef bug bounty boy spaceraccoon
google him
|
20-04-2022, 10:43 PM
|
|
|
Quote:
Originally Posted by Unregistered
this might be true but you cant deny govtech's branding to other tech firms and to other CS as well. maybe not all teams in GT but surely advanced cybersecurity capabilities in GT is quite renowned arguably more so than CSA or HTX.
|
Heard ACC has quite a number of uni valedictorians there... crazy competition
|
20-04-2022, 10:47 PM
|
|
|
Quote:
Originally Posted by Unregistered
Heard ACC has quite a number of uni valedictorians there... crazy competition
|
Turnover at GT is also crazy. Obviously not a bed of roses.
|
20-04-2022, 10:52 PM
|
|
|
Quote:
Originally Posted by Unregistered
Turnover at GT is also crazy. Obviously not a bed of roses.
|
Yea but CSG is quite good already based on the stats at the last GTechCon
|
21-04-2022, 07:22 AM
|
|
|
Quote:
Originally Posted by Unregistered
Yea but CSG is quite good already based on the stats at the last GTechCon
|
Depends what an individual wants. No judgement. Pick the agency that you are keen. CSA has its pro too if the scope is what one is looking for. At least people are nice.
|
21-04-2022, 10:54 AM
|
|
|
Quote:
Originally Posted by Unregistered
seeing a lot of comments regarding the CSDP scheme, my 2c and general feedback
pros:
+basic salary 4.x
+training opportunities (good)
+occasional training with reputable organisations and strategic partners
cons:
-training opportunities (bad)
-free certs with that grant absolutely no recognition in places that are worth their salt (CEH is seen as a negative value for some orgs)
-honestly speaking you might be better off paying your own and getting better intro level certs, it's not that expensive
-no autonomy in training, you are sent for training without your consulation on your interests or based what you already know
-not much hands on as we are a regulator, no getting your hands on data (see below)
-usually no visibility into what other parts of CSA are doing
summary:
-might be ok to start, but don't stay here too long
general csa:
+either plenty of free time and work-life balance or very busy depending on department
+strategic partnerships with many organisations
+training opportunities
-for technical folks, total annual salary packages are below market rate and will never keep up with inflation, especially for technical farmers
-bonus takes up large % of total compensation, depends on your performance grade/rating
-grades are given out on a bell curve, but technical people are not valued here, scholars and eunuchs are and they get most of the good performance grades
-demographics and DNA of this organization's senior and middle management are heavily skewed towards ex-military personnel spending the bulk of their career in non-cyber domains
-people with actual technical cyber experience in private sector are in an minority-most that join do not stay long, you will most likely not be able to learn and experience technical mentorship and guidance
-as the regulator, it is by design that they do not own any assets, and this means you will not be able to do pentests, take concrete and measurable interactions on threat intel, perform threat hunting at will or investigate incidents with any meaningful frequency
-thus for those looking to do actual cyber work, your amount of hands-on experience/year here will be a fraction of what you gain while working in other firms
-your work duties here will include usually include 1 or usually several other miscellaneous tasks not related to cybersecurity, as with any other civil service job-there is no concept of a purely technical role
-knowledge management in most teams/departments is very poor and almost non-existent across teams/divisions
-knowledge exists mostly in email, and old-timers just keep all the information to themselves
-knowledge sharing internally is few and far between, culture does not reward and encourage the rare few that try to do this
-they are in cybersecurity but they have little to no software dev capability internally, large reliance on external vendors and being at their mercy
-significant % of middle management and permstaff are happy to coast and farm the salaries here and show no drive to innovate
-the average tenure here is less than 2 years but they conduct employee surveys less frequently than that, and draw flawed conclusions about sentiment and effectiveness of policies
-new joiners are increasingly forming a large % of the organisation via the CSDP program, some departments have also given up hiring people from private sector
+new joiners are inexperienced but enthusiastic compared to the average permstaff
-WFH % will only decrease as COVID eases up, management tends to like to see staff in office
-internet surfing separation means that you will have to carry 2 laptops everywhere you go to work effectively, you will not be provided a separate internet machine-source your own.
this place is what it is, if you feel like you are stagnating or not growing just leave.
infosec roles are in major shortage right now at all levels
|
Let's not forget that there are specialisation cert given as well after the foundational phase.
Many went on to acquire OSCP, CREST, CRT, CISSP, CRISC n Cloud Certs at the end of the programme.
|
21-04-2022, 01:21 PM
|
|
|
Quote:
Originally Posted by Unregistered
seeing a lot of comments regarding the CSDP scheme, my 2c and general feedback
pros:
+basic salary 4.x
+training opportunities (good)
+occasional training with reputable organisations and strategic partners
cons:
-training opportunities (bad)
-free certs with that grant absolutely no recognition in places that are worth their salt (CEH is seen as a negative value for some orgs)
-honestly speaking you might be better off paying your own and getting better intro level certs, it's not that expensive
-no autonomy in training, you are sent for training without your consulation on your interests or based what you already know
-not much hands on as we are a regulator, no getting your hands on data (see below)
-usually no visibility into what other parts of CSA are doing
summary:
-might be ok to start, but don't stay here too long
general csa:
+either plenty of free time and work-life balance or very busy depending on department
+strategic partnerships with many organisations
+training opportunities
-for technical folks, total annual salary packages are below market rate and will never keep up with inflation, especially for technical farmers
-bonus takes up large % of total compensation, depends on your performance grade/rating
-grades are given out on a bell curve, but technical people are not valued here, scholars and eunuchs are and they get most of the good performance grades
-demographics and DNA of this organization's senior and middle management are heavily skewed towards ex-military personnel spending the bulk of their career in non-cyber domains
-people with actual technical cyber experience in private sector are in an minority-most that join do not stay long, you will most likely not be able to learn and experience technical mentorship and guidance
-as the regulator, it is by design that they do not own any assets, and this means you will not be able to do pentests, take concrete and measurable interactions on threat intel, perform threat hunting at will or investigate incidents with any meaningful frequency
-thus for those looking to do actual cyber work, your amount of hands-on experience/year here will be a fraction of what you gain while working in other firms
-your work duties here will include usually include 1 or usually several other miscellaneous tasks not related to cybersecurity, as with any other civil service job-there is no concept of a purely technical role
-knowledge management in most teams/departments is very poor and almost non-existent across teams/divisions
-knowledge exists mostly in email, and old-timers just keep all the information to themselves
-knowledge sharing internally is few and far between, culture does not reward and encourage the rare few that try to do this
-they are in cybersecurity but they have little to no software dev capability internally, large reliance on external vendors and being at their mercy
-significant % of middle management and permstaff are happy to coast and farm the salaries here and show no drive to innovate
-the average tenure here is less than 2 years but they conduct employee surveys less frequently than that, and draw flawed conclusions about sentiment and effectiveness of policies
-new joiners are increasingly forming a large % of the organisation via the CSDP program, some departments have also given up hiring people from private sector
+new joiners are inexperienced but enthusiastic compared to the average permstaff
-WFH % will only decrease as COVID eases up, management tends to like to see staff in office
-internet surfing separation means that you will have to carry 2 laptops everywhere you go to work effectively, you will not be provided a separate internet machine-source your own.
this place is what it is, if you feel like you are stagnating or not growing just leave.
infosec roles are in major shortage right now at all levels
|
So are u still there?
|
21-04-2022, 02:21 PM
|
|
|
Quote:
Originally Posted by Unregistered
Let's not forget that there are specialisation cert given as well after the foundational phase.
Many went on to acquire OSCP, CREST, CRT, CISSP, CRISC n Cloud Certs at the end of the programme.
|
How is it that this is your only takeaway from what the above poster said? At this point its less about the actual certs obtained (as above OP mentioned u can take up more relevant ones yourself) and more about the agency and brand equity as a whole.
Dont miss the forest for the trees my friend.
|
|
|
Posting Rules
|
You may not post new threads
You may post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
» 30 Recent Threads |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
