Sometimes it feels like the only real infosec professionals are penetration testers. They do cool stuff like you see hackers do in movies. I am an information security professional. I have security in my title- I deal with vulnerabilities and the like. I can’t pop boxes- I can’t reverse malware- I can’t pwn noobs. I’ve learned by watching and asking the community- I teach policy- concepts- state of mind. I empower others to ask why- to try things that no one thought of. I try to understand the concepts of security as it relates to my employer- and educate as many as possible to do the same. My job is education- outreach- and sometimes investigation and mitigation. Infosec isn’t all shells and linux- IDS and blinkenlights. There’s another side that is just as valuable.