One of the common questions I am asked is, “How do I get a job in information security?” Infosec continues to be a hot career field with many job opportunities. Therefore, we continue seeing people who are interested, but don’t know the steps it takes to gain employment in information security. This blog post answers the question, “How do I break into (the) security (career field)?”
A few years ago, I was asked a similar question of how I got started in security. It all started as a computer science major at Michigan State University. I was also in Air Force ROTC. This combination allowed me to start developing my security mindset. As a military intelligence officer, I learned about data classification and safeguarding sensitive information. I left the Air Force for a job as a UNIX systems administrator where I learned how to apply technical controls to protect the systems and its data. As a junior security analyst, I learned the importance of policies and awareness. The combination of technical and managerial experience led me to security management roles. (You can read more about my experiences here: Me and my Job: Ron Woerner, Bellevue University, SC Magazine, April 2011)
To become a security professional, you need a mix of experience, knowledge, and abilities. It’s not generally an entry level career field, because you need time to develop yourself as a security professional who understands the many aspects of cybersecurity. Traits to be successful in cybersecurity include:
- Curiosity – A wonder on how and why things work
- Critical Thinking – goes with #1. You need to go beyond the obvious
- Communications skills – you can find the coolest things, but if you can’t effectively let others know, it’s like a tree falling in the forest
- Technical Skills – You need to know your way around a computer
- Maturity – Stuff happens. You need to be able to keep your head when all h311 is breaking lose.
The security community has a vast number of articles on breaking into the security career field.
- This article from the great security blog site Securosis (
@securosis) contains recommendations for starting in security and potential career tracks: “Who to Recruit for Security, How to Get Started, and Career Tracks”.
- “I Am InfoSec, and So Can You” is an article by Ben Tomhave (@falconsview). In particular see his second paragraph explaining what we really need in security. He also has a number of tips for those who are still crazy enough to enter the field.
- George Hulme (
@georgevhulme) wrote in March 2015, “Six entry-level cybersecurity job seeker failings,” http://www.csoonline.com/article/2894193/infosec-staffing/six-entry-level-cybersecurity-job-seeker-failings.html
- Jenifer Noss (A Bellevue University MS Cybersecurity graduate) has a nice piece on “Finding work as an IT Security Specialist.” She is not only a student, but also a seasoned cybersecurity professional. Check out the links in her blog for where to go tshe provides for increasing your cybersecurity potential.
- Trey Ford (@treyford) currently at Rapid7 has two posts that may help cybersecurity career hunters:
- @J4vvD has numerous videos answering this question
- The National Initiative for Cybersecurity Careers and Studies has a website (https://niccs.us-cert.gov/education/promoting-education) focused on Promoting Education, Engaging Students, and Fostering Communities.
This reminds me that everything old is new again. Many of the articles I mention above were written a few years ago. Things really haven’t changed over the years. The career path still requires education, training, experience, and persistence.
As an extra, added bonus, here’s a 3 ½ minute Ted talk from Richard St. John: 8 secrets of success – http://www.ted.com/talks/richard_st_john_s_8_secrets_of_success.html (Watch for his explanation of CRAP). It’s great, general information on how to succeed in any career.