So you Want to be an Information Security Professional?
The 3 most common and one upcoming path I have seen followed to become an Information Security Professional.
Below are the Approaches, Why they Work, and Tips for Following each Path if Chosen.
Approach 1: The Veteran- This one has been my favorite recently as I have seen the skill-set of veterans so applicable to information security needs. Note I am not a veteran either. Veterans can always do 4 things well after their service. The first is they know how to follow procedure, explicitly. Developing, implementing and retrofitting procedure in organizations to improve information security is most of what security professional’s do; making veteran’s experts at how to build and fix them right.
The second skill is an understanding of foundational security concepts. They know what a DMZ is, how to attack, and most important how to defend. This is 90% of the way there in information security land.
They know how to learn and teach quickly. I always love when we hire a new veteran and I can learn some of the very specific skills they have learned. From the customs or techniques specific to a culture in a place they served, to very technical skills like that of a pilot, sniper, and all kinds of stuff I do not even understand. All far cooler than any specific skills I have. You can’t secure something unless you know what it is. This means lots of learning and teaching in information security…both things that veterans excel at.
The final skill is the ability to work on a team with defined accountability, as well as the ability to work with people on that team who have different skills and assignments that they may or may not understand. Again, security touches everything in an organization so this is a common occurrence in information security; one that will not be foreign to veterans.
Approach 2: The Lottery Winner- This is the lucky (or unlucky) winner assigned to manage the information security effort in an organization by someone else’s choice. They often do not have security expertise but are assigned information security because it is important to the business and they have shown attitude for solving hard business problems in other areas of the organization. These people are often successful because they are quick learners, have good communication skills and they can relate to most of the people they serve (since they also often do not understand information security)
How to take the Lottery Winner Path- This one is often given not chosen. However, what is often viewed as your greatest weakness, a lack of information security domain expertise, is often your greatest gift in why these people are successful. These people keep things simple (always the best security approach), they also can relate to their audience and communicate with them in a manner they understand. Winning combination I have seen work time and time again.
Approach 3: The Architect – This one was me. People who take this path often start off in a specific area of technology. In my case it was as a programmer, then to a web developer, then to a system admin, then firewall administrator, then I led teams in designing and then deploying complete multi-million dollar infrastructures during the dot-com boom. By the end I thought like an architect where I understood the big picture, as well as enough about the smaller elements so I could communicate with people on those pieces and how they fit into the bigger picture. Since security touches everything in an organization, people that understand this architectural perspective can often find many applications for their skills in information security.
How to take Architect Path: Start in a specific discipline, such as firewall engineer, then after a while take another discipline, like log management. After some time, look to take a project to design something that has multiple specific elements, like deploying a complete data center. After that, look to do a complete project design where you also lead and must communicate with other team members. After that…you are there…
Upcoming Approach #4…The Student: Many people are choosing the information security domain as their career path, beginning as early as high school (love it), with their information security training. These people are great at how to learn since they have been in school. Since there is such a need in information security, these people are sure to be one of the greatest paths followed over the foreseeable future.
How to take Student Path: The key to being successful on this path is to get the book and foundation learning but to intern early and often to get the business and practical experience also required, if not more than the book knowledge, to be successful in the discipline.
Looking for an intern position, send your request or questions to our team at CISOSHARE.