Like most Information Security practitioners, I am frequently contacted for advice on breaking into this industry. Rather than write yet another blog post on the subject, I thought it would be more beneficial to collect a variety of quality posts covering different aspects of the industry and provide them as a quick an easy reference.
In reverse chronological order:
If you have no idea where to start then begin here. Hacks4pancakes has done an amazing job and her “Megamix” is probably the most comprehensive series of articles on breaking into security.
Corelanc0d3r is the go-to guy for training when it comes to exploit development. He has written an extensive post covering time, effort, and the general mind set of a pentester. He also provides links to resources and a list of companies willing to hire inexperienced pentesters.
While this is not technically a “how to break into security” post it does debunk a lot of common misconceptions about security which can be just as valuable when starting your career in InfoSec.
Chris provides sound advice on getting started in pentesting, but the best part of this post is the list of book recommendations sorted by area of focus (pentesting, netsec, webappsec, social engineering and physsec/redteam)
In Wolf’s blog post he expands upon a recent Forbes article on mentorship and provides the InfoSec perspective on finding and benefiting from a mentor. He’s also recently posted a Career Advice Video (avalable here).
How to Build a Successful Information Security Career – Daniel Miessler (@DanielMiessler)
Dan’s post includes the usual advise for starting out but also addresses the areas in which you will need to grow as your career progresses.
This was my personal take on all the different ways you can learn our trade.
Think you know how to write an InfoSec resume? Are you sure? Find out from a respected technical recruiter who understands the needs of our industry.
Thoughts On Being Asked “How Do I Get Into INFOSEC?” – Scot Terban (@Krypt3ia)
A (surprisingly calm) reality check from my favorite security curmudgeon. Read this for an idea of the expectations that you will face IRL. TL;DR: InfoSec is not for those without dedication.
If you don’t know who Brian Krebs is, you will. He is one of the more well known reporters in our industry and his site, Krebs on Security is one of the few InfoSec news sources that is read by people outside of our industry. Back in 2012 he conducted a series of interviews on how to break into security.
This is a Security Bloggers Network syndicated blog post authored by Steven Maske. Read the original post at: SecurityRamblings.com