Often within the organization I am currently working for I receive questions about getting started within information security.
Having just started an IT rotation within infosec, I find this flattering. Nonetheless, the following are a couple of observations in order to succeed in this field.
1. Passion for information security. To become a competent information security professional there needs to be passion within the field.
2. Extending learning beyond the job. Putting 40 hours per week in this field will not suffice. The adversary is certainly putting more than 40 hours per week. Just doing 40 hours is the minimum in order to tread water.
3. Participating and contributing to the community. There are many groups out there focused on security such as your local ISSA or OWASP chapter. In the DC region there is NOVA hackers and unallocated space. Looking through meetup.com can be a good way to network and learn from other security professionals in the area.
4. Keeping up with the current literature and trends. Going to information security conferences to learn about research and the current threat threat environment. Reading books and papers to brush up on skills and knowledge. No Starch Press, Syngress, and Wiley are good publishers of infosec books.
5. Do a few things well. This advice was provided in the first week of graduate school by my adviser. Pick an area to focus and do it well. This advice also applies to organizations and teams as there are many fields and specialties within information security.
No comments:
Post a Comment