Ask HN: Splunk Engineer or CTI Gig?
I'm currently a SecOps Analyst, with the main focus being Splunk. We are a 95% on-prem enviroment so I deal with the watering/feeding of Splunk from the forwardering tier to the dashboard creation. There's some other security stuff thrown into my workflow but Splunk would be a big chunk of it.
I've been thinking about the next step career wise, and I'm stuck between two interests. I enjoy working with Splunk creating useful dashboards and overall dealing with data. A Splunk Engineer would be the logical progression from where I am now, but my concern lies on being a product guy. I'd for sure be working with other technologies (AWS, Azure, etc) at the next gig, but it's still a concern.
Apart of my job is applying (not gathering) cyber threat intelligence. I enjoy reading all about CTI, the intelligence side, as well as the geopolitical landscape and how that could affect cyber threats. I've been planning out setting up a honey pot in the cloud, writing about it, going deeper with MITRE/Kill Chain/Diamond Model, and building my skill set that way.
Ideally I'd like to move to the DMV area and work for/win the government since my area isn't super techy. CTI jobs can be remote/with the fed, and Splunk has a big presence in the public sector, so I've been going back and forth internally on what I'd like to focus on.
Any advice would be awesome, thanks!