InfoSec 101 - An Introduction.

Credit: https://knowyourmeme.com/memes/pepe-silvia

I still consider myself to be new within this industry. It’s been an incredible experience so far, and that’s partly due to the inspiring people I’ve met along the way, but also my own perseverance that’s shown me endless possibilities.

This year I’m hoping to contribute more to the industry, and to start off, I thought it would be worthwhile to start a series including all the resources I’ve learnt from, places to network and other measures you can take to become fully immersed in the world that is information security (aka infosec).

Since this series is now complete, here’s the list (table) of contents:

A good place to start would be to share some thoughts on expectations as a professional, career options, and common misconceptions that have been developing over the years.

What you put in is what you get out:

I’ve chosen to dedicate most of my free time studying and researching. While this may not be feasible or justifiable for some, sometimes it is necessary to remain relevant in this industry. Building your career within infosec is not a 9–5 job, it’s a work in progress; a lifestyle choice, if you will. It’s a commitment that you need to continue developing. The two main reasons for this is that there are so many fields within this industry (I’ll get to this later), and it’s also one that is constantly changing.

Whilst all this effort is encouraged to truly strive, there are a few key points that should always be remembered:

  • You will never know everything. Find your passion, or something you are interested in, and practice your skills within that discipline.
  • Avoid burnout. This is such a common occurrence and I can definitely see why. We often feel like we’re out of our depth, overwhelmed with the amount of content there is to cover, to comprehend. Know that you’re not alone in feeling this, and take steps to notice the signs of burnout, or when you’re taking on too much at any one time. I would suggest focusing on one skill at a time to prevent something like this from happening.
  • Similarly to the point above, while some people (like me), just revel at the chance to have a textbook in our hands, it is super important to have a non-technical, non-infosec hobby too. Remember to have a life outside of work and education!

No two careers are the same:

Having spoken to many infosec professionals, one truth became very clear: there is no single way into this industry, and you will rarely find any two people that had the same career path leading to where they are now. Point being is that don’t think it’s impossible to succeed if you don’t come from a computer science/tech background (nor do you need to be an expert programmer!). The key is to keep learning, discovering, and challenging yourself, and that’s what I’m hoping to assist with here.

Fields within the industry:

When I first learnt about [information|cyber|data|computer|network] security, I had absolutely no idea of how wide this industry actually was. These past couple of years have shown me the many vast and varying disciplines, that I now want to share this with those who are just starting out too.

One of the most common misconceptions this community has to offer is that people often believe that there is only red teaming or blue teaming, offensive or defensive security. Well, infosec is so much more complicated than that, and for good reason.

Take a look at the following mindmap that proves just that. There is literally something for everyone’s skills and interests. There are even some fields that aren’t mentioned, such as OSINT, reverse engineering, malware analysis, cloud security, web application testing, industrial control systems, IT administration etc.

Credit: Henry Jiang: https://www.linkedin.com/pulse/map-cybersecurity-domains-version-20-henry-jiang-ciso-cissp/

Another fantastic introduction to this side of the industry is @hacks4pancakes’ blog on career choices: https://tisiphone.net/2015/10/12/starting-an-infosec-career-the-megamix-chapters-1-3/. I’d recommend having a read through this and identifying what you may want to pursue.

But naturally, you’d want to be able to experience some of these disciplines before jumping in head first right? Well, part one of this series will delve into networking, conferences, and meetups where you can start getting a glimpse of these kinds of work from the perspective of those who do it on a daily basis.

A final note: I love being part of such a sharing, collaborative community. Peer reviews and feedback help you learn and grow as an individual, so please feel free to message me or comment throughout the series for any suggestions, or any resources I may have missed. I hope that it will also encourage people to start discussions about their own careers with their colleagues too, especially with those who are trying to break into the industry.

Next up: Part One — Networking, Conferences, and Meetups.

Your one and only source into the scandalous life of a DFIR consultant.