Been spitballing my future career options and I'm curious on what someone else thinks.<p>I'm currently a SecOps Analyst, with the main focus being Splunk. We are a 95% on-prem enviroment so I deal with the watering/feeding of Splunk from the forwardering tier to the dashboard creation. There's some other security stuff thrown into my workflow but Splunk would be a big chunk of it.<p>I've been thinking about the next step career wise, and I'm stuck between two interests. I enjoy working with Splunk creating useful dashboards and overall dealing with data. A Splunk Engineer would be the logical progression from where I am now, but my concern lies on being a product guy. I'd for sure be working with other technologies (AWS, Azure, etc) at the next gig, but it's still a concern.<p>Apart of my job is applying (not gathering) cyber threat intelligence. I enjoy reading all about CTI, the intelligence side, as well as the geopolitical landscape and how that could affect cyber threats. I've been planning out setting up a honey pot in the cloud, writing about it, going deeper with MITRE/Kill Chain/Diamond Model, and building my skill set that way.<p>Ideally I'd like to move to the DMV area and work for/win the government since my area isn't super techy. CTI jobs can be remote/with the fed, and Splunk has a big presence in the public sector, so I've been going back and forth internally on what I'd like to focus on.<p>Any advice would be awesome, thanks!
You seem divided between becoming more involved with security, continuing as a Splunk expert, and becoming a "product guy".<p>Choosing between these and other career directions is mostly a matter of finding a specific good job in a specific good workplace.<p>My impression about Splunk (as a casual user who consults logs to debug application errors) is that if you are already managing data sources and creating dashboards you don't have much left to learn about Splunk: the logical step forward, depending on how senior you are, is either (instead of wasting time with more Splunk) switching to something else to learn a lot about some other important product (not to mention different people, culture, projects etc. in another job) or climbing one step in the architecture ladder and becoming the engineer who plans Splunk deployments and chooses between it and competing and complementary products.