Welcome to the Ask Chloé column on Security Boulevard! Each week, Chloé provides advice to readers’ questions to help guide them as they navigate the technology industry. This week, Chloé helps a newbie explore the world of InfoSec.
I’ve been looking into cybersecurity, but don’t know where to even begin. What are the first things a non-IT, non-InfoSec person should do or read to figure out where they belong?
– Ms. Mac
Dear Ms. Mac,
That’s wonderful! InfoSec is an industry that is constantly evolving to tackle the threats to our security and privacy. There’s never a dull moment—and we are always on the cutting edge. It’s a field where one can always keep learning. So, if you like an adventure, this is the industry to be in.
Depending on your previous experience in other industries, I would recommend using your non-IT skills to get your foot in the door. For example, I entered cybersecurity as a marketing manager. If I tried to first get into InfoSec as a pen tester, for example, it would’ve taken way more time. Usually, for technical roles in InfoSec, it can take a year or so to get your foot in the door.
Once in InfoSec, try to learn as much as possible about what other roles do and talk to people in those roles across various departments. When you start researching while you’re already within the InfoSec space, it makes things way easier. For example, I came in to the industry via marketing and then went into strategy. Once you work at an InfoSec company, it’s much easier to find another job within InfoSec, versus trying to break in when you’re not in the space yet.
If you’re considering a technical role, once again, try entering the space first with the skills you already have. It’s going to be a much easier path to obtaining the dream role you want, faster. To start learning about the various technical roles in InfoSec, I recommend reading Tribe of Hackers by Marcus Carey and Jennifer Jin. If you’re short on time, I recommend at least reading the first book in the series. It really showcases the various technical roles within information security. Plus, it exposes you to the hacker community, which is critical to understand regardless of whether you are in a technical or non-technical role. It’s also important to understand the differences between red teams and blue teams. Once you know if you want to pursue a role on a red or blue team, then that’s when it’s time to start learning the skills and tools required. Remember to take steps, not leaps. Details really matter in this field. Once you have some skills under your technical belt, then I recommend trying out bug bounties and participating in CTFs. It helps with up-skilling in a relatively short time frame.
Whether you are looking into a technical or non-technical role in InfoSec, if you are a woman, I also recommend reading Women in Tech by Tarah Wheeler and IN Security by Jane Frankland. Also, join a few organizations that provide networking for marginalized populations and communities that are open to beginners in the space, such as WeAreHackerz, WiCys and/or Cyberjutsu. Here’s a good starting point to look for associations: https://cybersecurityventures.com/cybersecurity-associations/
Besides joining groups, another way to really learn about this industry is to attend conferences and listen to some podcasts. I always recommend local BSides conferences since they are affordable and welcoming environments. ITSP Magazine is my usual go-to for podcasts, since it has various podcast channels to tune into: https://www.itspmagazine.com/podcast-channels.
But most importantly, volunteer! Volunteer, volunteer, volunteer! The most I have ever learned about this industry was from volunteering. I’ve volunteered for conferences, events and organizations. I wouldn’t be where I am right now if I didn’t volunteer.
Good luck! Feel free to come back with more questions! 🙂
Learn more about the award-winning tech changemaker, Chloé Messdaghi, at https://www.standoutintech.com.
Have a question? Want advice? Submit your anonymous question to Chloé: [email protected].