How can you become an Information Security Specialist?
Not the easiest question to answer but let me try to break it down.
STEP ONE: Where do you belong?
The first step in joining the InfoSec industry is figuring out where you belong. More specifically the branch you plan to work in. You see, there are two totally different directions in InfoSec. One side focuses all the attention on how to break in to computer systems (a.k.a. your attackers), and the other focuses on how to uphold the computer systems defenses (a.k.a. your defenders). Your attackers are basically hackers, while your defenders are thinking about what defense mechanisms will work best and how to fend off the attackers.
STEP TWO: Lets get specific!
The second step is to choose in which area of development you want to work in. For those who chose to be attackers, this means you might be hired by a business to have permision to break into their systems in order to check the functionality and overall effective safety protocols they have already in place. This would be known as penetration testing or where the hacker would then be called a “pentester”.
The “pentester” has to abide by the aggreement and rules that the business has laid out for them, but once everything has been signed and settled the penetration test can begin.
Penetration testing or Pentesting can be used in so many different areas, here are some examples:
- Web Applications pentest
- Network pentest
- Mobile Applications pentest
- Cloud Infrastructure pentest
- IOT pentest
- People pentest(social engineering)
For those who choose to work as a defender there are these options available:
- Security Engineers
- SecOps Specialists and Incident Investigators
- Digital forensic investigators
- Malware analysts
- Compliance specialists
- Physical security specialists
STEP THREE: What do you need to learn?
After those two choices have been made, its important to know that you will need an education on them as well. Especially for cyber security, you will need to take courses on the subject, like on Cybrary or on Udemy/Coursera. Also, some real life practice in either a local office or internship will give you some practical experience that will help make the job that much more comfortable for you to work in. Education can come in many forms but sometimes the best is a certification that you can earn. I would highly recommend a Pentest+, CEH, or OSCP certificate, since they are recognized world wide, but I also suggest doing some extra research on what you would need in your area for that position.
STEP FOUR: Networking!
With education you must also consider how you will later be able to create a network of people that you can use. Increasing your LinkedIn contacts, attending conferences, participating in chat rooms on security issues are just a few ways to furthur expand your contacts list. Overall, these choices are the best and simplist ways to understand how to work in Information Security. Make sure to read more about the subject if you are interested and follow in these blogs if you want to find more information on some of the details listed.