This is not an exhaustive list. Over time I’ll add to this list. I’ll also flesh out what these mean, but this is a good starting point for anyone looking to enter the field. It’s a brain dump, really, so I apologise if the order is funky. I might update it later into better context.
- Figure out what you want to do within information security
- That is actually the first thing you should do. And it should begin with a thorough understanding of the structure of the information security industry. There are research organisations, governing bodies, typical business roles (project managers and pre-sales deal architects). There are managed security service organisations and security vendors. And many more, I’m sure.
- Figure out what kinds of companies do what, then figure out what kind of fields people do within security. Things like architects, consultants, designers, penetration testers, vulnerability managers, SOC analysts, SOC managers, and obviously many, many more.
- Figure out a smart place to start
- You won’t be an expert tomorrow. Or even in one year. So don’t think, ‘I’ll be CISO,’ or ‘I’ll be the most famousest hacker in the entire UNIVERSE’, right now. Instead, think ‘I want in… what’s the quickest and easiest way in’.
- Figure out how to get to that starting place
- Maybe they require a degree, then get a degree. Maybe they have job fairs, then go to those job fairs. Maybe they have an apprentice scheme, then apply to the apprentice scheme. Whatever, just figure out the things you’d need to get to that starting place, and then go and get to that starting place.
That’s the obvious, step 1 – step 3 process. Here are some deeper-dive sort of things you’ll want to do to solidify your chances of both getting into infosec and doing quite well in infosec.
- Talk to people – When you want succeed in life, you need to build a little crew and lift each other up. This is pretty much true. So talk to people.
- Create – Whatever you are into, try to create. I create scripts for my wife because you would laugh at me if I tried to make scripts for you and I write because I sometimes write real pretty.
- Generalise AND specialise – There will be talk if you will be a subject matter expert or a generalist. Either this or that. Don’t live in Either-Or world. Instead, live in the Both-And world. Both generalise, but staying up to date, talking to people, reading, practicing, taking classes, going to conferences, AND specialise, by finding the thing(s) you are super into and then becoming really freakin’ good at those things. Do that.
- Learn – Always be learning.
- Read – read things all the time