Breaking Into InfoSec - A Beginners Guide (Part 1)
Opening
In this blog post, I will cover strategies that worked for me while transitioning out of the Air Force (over 20 years ago) having ZERO formalized IT training and ZERO on-the-job-training (OJT) in the field. Although this was a long time ago :) and my path led to an IT position, the preparation and planning remain the same to enter into Information Security (InfoSec). As you will see, most of this information revolves around you (the individual) and how much effort you are willing to put forth in order to achieve your goal.
My objectives are to give back to the community and provide a helpful reference to those motivated and willing to put forth the time and effort to enter the InfoSec community, which I am proud to be part of.
Within part one of this blog post series, I will provide some personal backstory of my journey into InfoSec, go over putting a plan together for your next InfoSec mission, recommend some InfoSec immersion ideas, and provide some guidance around seeking out a mentor.
Personal Story
Let's dive right into some quick back story.
I joined the Air Force right out of high school, having no previous computer skills. While serving in the Air Force, my job had nothing to do with computers—I held a 1C3 Air Force Specialty Code (AFSC), which put me within the Command and Control communications career field. I did work on a computer terminal, but this was only used to track aircraft on worldwide missions. I was also trained in secure communications and operations (but no formalized education surrounding any technical equipment), and I held a Top Secret security clearance.
Prior to exiting the Air Force, I knew I wanted to do something with computers and of course the pay scale for these roles was very enticing. After serving four (4) years in the Air Force, it was time to venture back out into the civilian sector. Although it seemed like I had some decent professional experience, it was nothing close to the required skillset to jump into the most junior IT position.
But I did not let this stop me.
I had a goal and vision of where I wanted to take myself (post-military) and what I wanted to achieve, so I began planning my next mission before exiting active duty. Here's how:
- Six (6) months before leaving the military, I started to explore what the IT career field was all about (for you readers, replace IT with the InfoSec career field)
- I browsed job boards.
- I reviewed candidate resumes.
- I worked on my resume and noted what I needed to do to market my skills.
- I called staffing companies and actual companies that had open job listings.
- When I departed the Air Force, I had five (5) interviews lined up for the next day.
- I had zero IT experience, but all the motivation to do what it took to get a job!
- I landed my fifth and final interview of the day. It was an MIS Operations Technician role, working a graveyard shift (Thursday-Monday), and making a modest $30,000 a year salary. It just so happened the hiring manager was an Air Force veteran willing to give another veteran a chance.
From the MIS Operations Technician position, I evolved into various roles: junior network administrator, data center network technician, network engineer, security engineer, etc. This evolution created a solid technical foundation and something I lean on to this day.
Even though these examples were specific to my military transition, the framework and preparation are the important aspects to pay attention to and I will cover this further. So, if this has your brain housing group wheels a-turning and your interest levels are now heightened, please keep reading.
Your Next Mission: Putting the Plan Together
So, you decided you want to break into the InfoSec community. This is not an impossible task, but it will take well-thought-out planning, dedicated study and potential academic schooling, a dose of humility, and a ton of hard work to achieve your goal.
Your current technical proficiency will help guide you in setting a realistic timeframe for entering the InfoSec industry. For those with no technical skills, you should look at 12-18 months of nose-to-grindstone preparation. For those with some current skills, maybe this time can be dropped to 6-12 months with a hyper-focus in InfoSec baseline technical requirements. Regardless of your skillset, nothing is impossible, and I will show you why.
This is a huge step, so take ownership of your next professional mission.
Seeking Out a Mentor
Reach out (humble yourself) and ask a trusted person to be your mentor. This person does not necessarily need to be someone within the InfoSec community (although it would be helpful), but it does need to be someone whom you trust and respect. Trust is important because you are basically relying on this individual to provide you with professional guidance and to help you navigate the ins-and-outs of this career move. Work with this individual to assist in putting together a plan of attack and assist with your career objectives. This is a huge step and there is no reason to embark upon this adventure alone.
I was fortunate in both my military and civilian careers to have solid mentors over the years. Within the last five (5) years, I have spent a lot of my own personal time mentoring junior and mid-level InfoSec professionals. Mentoring has been tremendously rewarding and a way for me to give back to the community.
InfoSec Immersion
Some of the most important preliminary steps in your journey are the following:
- Research what the Infosec community is all about
- Identify what you do and do not want to specialize in
- Develop ways to stay informed about what is taking place in the InfoSec community
- Integrate yourself into the InfoSec community
Below is a small list of ways to dive into the InfoSec community (most without having to talk to a single live human for you introverts).
Twitter Handle Examples
Twitter is one of the easiest ways to stay plugged in with the daily inner-workings of the InfoSec community. Below are some InfoSec handles worth following.
@SwiftOnSecurity, @James_inthe_box, @HackingDave, @olafhartong, @curi0usJack, @danielhbohannon, @SecShoggoth
Blog Examples
Nothing starts off your morning better than a cup of coffee and a glorious InfoSec blog post.
https://medium.com/@ITSecCentral/top-information-security-blogs-you-should-be-reading-264c9413d9e9
https://www.trustedsec.com/blog/
Slack Channel Examples
This is an easy way to virtually network with other InfoSec nerds and the like. Many fantastic InfoSec minds share their thoughts and ideas in these channels.
https://www.slackchannels.com/join-cyber-security-slack-channels/
TrustedSec Public Slack Channel
Email Distribution List Examples
This is another medium to receive daily doses of InfoSec scoop.
https://www.sans.org/newsletters/
https://thehackernews.com/#email-outer
Meetups and Security Conference Examples
For this one, you will have to put fear aside and venture outside of your comfort zone. InfoSec meetups and conferences are one of the best ways to really get out there and get plugged into the InfoSec community!
https://www.meetup.com/topics/information-security/
Cybersecurity Conferences 2020 - 2021
Podcast Examples
Last but not least, for your commuting adventures, exercise audio distraction, or for those glorious few minutes of downtime, there are a ton of podcasts you can subscribe to and receive some additional doses of InfoSec insight.
https://digitalguardian.com/blog/best-information-security-podcasts
https://www.trustedsec.com/podcasts/
Immerse yourself in the community, stay informed, and contribute, learn, and network with others in the space.
Closing
Putting a plan together for your next InfoSec mission, taking steps to dive into the InfoSec community, and seeking out a trustworthy mentor are some good starting points that will assist you in navigating your journey toward entering the InfoSec community.
In the second part of this blog post series, I will provide some InfoSec academic recommendations, tactics for applying to InfoSec roles even if you have limited or no experience, navigating the HR paper shuffle and remaining humble as you mentally prepare yourself for your new InfoSec role.
Read Part 2