Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!
I understand the obstacle to blogging. But that’s where micro-blogging comes in! Twitter is out of vogue so I’d say use Mastodon (or similar Fediverse-ey microblogging platform, e.g. Calckey, etc…). You can post all your tiny tips and tricks and other thoughts there rather than having to pull together full-fledged blog posts. This will help you build a portfolio of contributions to the community as well as build a network.
As for sec eng, vs sec researcher? These are merely titles. A security engineer could certainly be a researcher as well. I’d say you have a lot of “independent” security researchers who day-light as engineers. In some cases you have folks who are researchers as their day job but to get these sorts of roles I would suspect you would need some history of published research (like CVE’s, talks, papers, blogs, etc…).