September 26, 2019

How to kickstart your Information Security career

How to kickstart your Information Security career

I regularly get questions about how to build a career in information security. I decided to do a short write-up with some tips and resources because I think there's a need for it and also to stop having to repeat myself. Instead I will refer to this blog in the future.

If you have good resources that might help people to enter the information security field let me know so I can add them.

All roads lead to Rome

Well at least many roads do. Information security is very broad. My advice always is to explore different subdomains in information security. But how do you get a decent overview about what exists? If you're taking your first steps in Information Security it might be difficult to find the right resources.

In this post, which is a collection of application security resources I also give some insight in how I learn and try to stay up to date. These tips are not limited to learning about application security, they also apply to information security in general.

I recommend you to use the resources I describe to your benefit, but try out for yourself what works best.

But Rome wasn't built in a day

Like most things in life becoming better and finding a job in information security requires a lot of hard work. It's all about motivation, dedication, creating and taking opportunities. I'll give an example. A few years ago I got the opportunity to get a few certificates. One of them was Certified Ethical Hacker (CEH V9). While I doubted upfront if I ever would need the certificate it was a great learning opportunity. Instead of doing a typical one week classroom training -  that includes the exam on the last day - I decided to do it in a different way because what mattered to me at the time was the knowledge.

That's why I took the 76 hour Pluralsight training path. And I think I can say it paid off. I learned more in depth about (web) application security, network security, wireless security to name a few topics. I took me longer, but I discovered and learned much more then I would have in the 1 week training. The certificate is a nice side effect, but I've never needed it so far.

Also don't understimate networking. By being active on Twitter and going to security conferences I meet many people and a lot of these connections bring opportunities and boost my career.

Other Resources

How to Build a Cybersecurity Career by Daniel Miessler

Starting an InfoSec Career – The Megamix – Chapters 1-3 by Lesley Carhart

So, you want to work in security? by Parisa Tabriz

Hacking your career: A practical guide to turning your hacking experiences into a career launchpad by notdan

Hack your career by Troy Hunt: