Nov 05 2008
I know I’m not the only security professional who get’s the question “How do I get started in Information Security?” It’s not a simple question to answer; you don’t simply go get a degree in security then get a job. Every one I know has taken their own, unique path to get into information security and the number of folks who are like me and actually have a degree in IT are few. And even I’d been working in IT for several years before I decided to take my career to the next step and pursue my Bachelor Degree.
Security Catalyst Kees Leune regularly teaches aspiring security professionals and probably hears this question more than the most of us do. And being a blogger he’s written a short guide on steps you can take towards becoming a security professional. I have to warn you, there’s a good chance you’ve heard many of the suggestions before. But that’s because he’s listing out what it really takes to become a security pro; there is no silver bullet, no degree or certification that makes you a security professional. It’s a career path, not a destination. You have to be prepared to spend a lifetime learning and have a passion for security if you’re going to be successful. Being cynical and paranoid helps too, but those are skills that can be acquired.
His final point, Plan, can’t be overstated. Know why you want to be in security and what you want to be doing in 5 or 10 years then trace back the steps that it’ll take to get there. The path you take probably won’t resemble your plan in any but the vaguest outline, but the only way to reach your goal is to have one in the first place. Saying to yourself “I want to be a security professional” is a good start though.