As our world becomes increasingly connected and dependent on computing devices, information security has evolved from luxury to necessity. With more and more computers connecting each day, the number of attacks and breaches have increased exponentially. This in turn means the demand for qualified information security professionals continues to outpace supply and will likely continue for a while. I am by no means an expert and there are many with more experience than myself, but here are the top three things that have helped me find success in my own information security career.
- Be a lifelong learner
This is true of any field, but especially critical in the information security world where new attacks, new tools, and new methodologies are developed daily. By “learning how to learn”, you’ll stay on top of the latest trends. I’ve found that never being satisfied with my current level of knowledge and continually questioning and trying new things, I’ve gained valuable experience. Also, don’t be afraid to learn from your peers (both above and below you) and seek continual improvement. And for the love of all that’s good, learn to Google!
- Detail oriented
In the information security world, detail is everything. Be it packet analysis, network sensor configuration, or writing documentation (this especially!), you must have a detail oriented mindset. Those who succeed in information security tend to worry about the nitty gritty details because it could be the difference between a false positive and a full blown compromise. Sweat the small stuff, it’s worth it!
Perhaps a bit controversial, but the information security world is dominated by certifications. The 800 pound gorilla is obviously (ISC)²’s CISSP, but there are several other big names including GIAC, CompTia, and Offensive Security. Not all certifications are created equal so it’s important to do some research and determine which will best help you in your own career. While many in the industry disparage and loathe these “paper tests”, I do find value in some, especially if you’re just starting out. Certifications can help you get your foot in the door and you’ll likely learn a thing or two along the way.
Ultimately, information security is both a challenging and rewarding field. The broadness of the industry provides a wealth of opportunity to contribute to and grow from. While it can sometimes be overwhelming, I’ve had a lot of fun thus far!