This article from DanielMiessler.com is one of the most well put together set of suggestions for handling your infosec career I’ve seen in a while. I really appreciate the advice of forgoing all the new fangled “cyber” degrees and instead sticking with a traditional computer science one. Combine this with several years of hands-on experience in networking, system administration, and/or programming and you have one of the strongest foundations possible on top of which to build your infosec career. Creating this base harkens back to the old “if you can’t configure it, you can’t secure it” philosophy.
The remainder of the article touches on suggestions we should be doing throughout our entire career. Some of these recommendations include building and maintaining a lab (with great ideas for VMs to build), doing side projects/research, networking (of all sorts … including socialing, blogging, menteeing, mentoring, interning, attending meetups and cons, etc.), mastering professionalism (in terms of dependability, wardrobe, and communication), learning the business and yes … even earning a certification or two here and there. The article also includes some suggestions for reaching the top tier after a decade or so of experience, including the necessity of gaining financial knowledge and management experience.
I’ve been writing about infosec for a while now, so I get a good amount of email asking the following question:
What should I do to get into Information Security?So let’s answer it once and for all, all in one place. This resource will give you the knowledge to go from complete novice, to getting your first job, all the way to the top end of infosec.
Here’s how I have it broken down.
Today’s post pic is from EliteFutureSolution.com.