It’s actually two journeys or two parts.
Part one: Getting into Infosec
This is where the journey begins. Usually with a desire (or need) to get into the information security. Sometimes you didn’t even know you were on the path. Which was my case. I joined IT because it seemed interesting and did a pretty good job of paying the bills.
I’ve been thinking about this more, because I’m going through the hiring process for a junior level position. I’ve noticed a variety of backgrounds of people trying to get in. Some people are coming from the military, others college, and yet others from working in IT. The junior positions don’t require security experience, it does however require some kind of college or IT experience.
Another observation I have is that, the candidates that are sticking out are involved in the infosec community and taking advantage of the many free resources. There are conferences, forums, slack channels, podcasts, blog posts, capture the flag events, videos, VulnHub, Hack the Box, bug bounty programs, and much more. Being involved in those things is very important because once you get in…
Part two: Being in Infosec
You have to utilize all those resources to keep up with the field. It’s been called a cat and mouse game between attackers and defenders. Technology is in a constant state of advancement and enhancements and with it comes new security challenges. A few weeks ago four vulnerabilities got dropped over a four day period that required me to understand the vulnerability. I had to understand how it is exploited and how we can mitigate it. I used blog posts, podcasts, Twitter, Google, and reached out to some people.
That last one is particularly important. The others are found on Google. Getting to know people requires putting yourself out there. Overcoming nervousness and anxiety to meet some new people. The benefit is two fold: you can ping ideas off people and you’ll increase your chances of finding opportunities within infosec. The perfect first job in infosec is rare. By perfect I mean a place to grow and advance. Even if you find a good organization there may not be a chance to advance or move up.
Below are a some links to help look for conference and other events in the area. I like BSides events because they have a low bar to entry. Usually $10-30 bucks for a day of talks, networking opportunities, and food. If that’s too much volunteer. It’s a great way to help out the community (reflects well on a resume) and be in a position that requires interaction. I only interacted with a few people at my first event as an attendee. As I continued to go to events my interactions with different people and the same people increased. How quickly this happens depends on how many events are attended.
These events also don’t require you to be in the field. You can start building your knowledge and opportunities before you get into the field.
Resources
Meetup.com - Good place to find local user groups in your area
Infose-conferences.com - Pick your state and any adjacent state you’re willing to travel to
This blog post first appear on Exploring Information Security