full image - Repost: Is MSSP consultancy more sales than I was expecting (or hoping for)? (from Reddit.com, Is MSSP consultancy more sales than I was expecting (or hoping for)?)
Mining:
Exchanges:
Donations:
I'd like to get a different perspective/sanity check as to whether I've joined a shitty MSSP, or the MSSP life just isn't for me.I have 10 years of in-house experience in IT, Sysadmin -> Network Engineer -> Security Engineer -> Information Security Officer route. I was frustrated in my last company because they had zero cloud ambition, which was a gap in my resume I wanted to fill. I was also constantly getting pulled into helpdesk escalations as I knew the network better than anybody there, so I wanted to move somewhere I could specialise in cybersecurity. So I joined an MSSP/consultancy as security engineer, my first time working for a managed service.If I compare my first 9 months at this MSSP to any 9 months in my last company, it is night and day in terms of impact and significance of work. In my last company I led initiatives around awareness training, incident response, policy improvement, patching improvements, firewall upgrades, EDR rollouts, vulnerability management, adversary emulations, board security reports etc. Compared to this MSSP, I actually struggle to list anything I'm proud of. I've done a couple of IDAM engagements and a few ad-hoc best-practice consultancy requests, all for large/well known clients, but I'm embarrassed to say I'm a "security engineer", I've done absolutely nothing of the sort in the past 9 months. The IDAM engagements have been framed as advancing me to architect level, but as far as I can tell "architecture" amounts to ridiculously vague high-level hand waving and bullshitting infront of clients. I suspect multiple times that design decisions are being made for commission purposes. The thing is…it works. As much as I completely disagree with what a senior architect is putting together, as much as it goes completely against the clients initial wishes, as much as they get caught out glossing over details, these guys seem to be able to sweet talk their way to the end of the project and have the client like putty in their hands. These guys are bringing in big money into the company, on a continuous basis. I can't argue with that from a business perspective. But the in-house technical side of me that just can't stand it. I've been on the receiving end of this kind of sales/promises bullshit many times, and if I was getting a design like this handed to me after already paying a substantial amount, I'd be livid. I see now the often chaotic way these projects are resourced and organised, lots of last minute stuff, lots of "it'll be fine, just throw it in there, nobody will read it" sections to reports. I'm at least thankful for the insight into that for when I'm dealing with MSPs in the future. Last week I spent 3 days writing a proposal to a client. 3 days with my head stuck in MS Word, trying to translate the thoughts of 3 different senior architects, all with different opinions and views, trying to keep everybody happy. The end result is an absolute mess. Yes, it's good to get experience writing a proposal to a big client, it's something new for me, but it's still a really frustrating experience that couldn't be further from what I thought I would be doing.The pay is great. It's 100% remote. I won't be able to get this pay and WFH combination anywhere else at the moment. But for the first time in my career work is feeling like a complete drag, not a challenging puzzle to solve.So…is that it? Is this what a consultancy architecture role is? You make high level designs with apparently little regard for actual technical feasibility, and you make sure you've always got one eye on the commission and future work, regardless of whether it's in the client's interests or not? Is it more sales than I was expecting?
Social Media Icons