Currently I’m five months away from graduating with my degree in Information Security and Computer Forensics and I wanted share somethings that I leaned along the way with those that might be looking to enter this field.
The first thing that I have learned is that is a hard field to get into. That’s why I suggest you do some of the following. Have a twitter account if you don’t already have one and start following some of the major influential security folks like (@jack_daniel, @Real_Security, @jjx, @SecurityBSides, @Beaker, @armorguy, @CiscoSecurity, @InfosecurityMag @RafalLos, @myrcurial, @rsasecurity, @fatkinghippo, @e_cowperthwaite, @securitytwits, @joeSchorr, @Wh1t3Rabbit, @mckeay). Once you have this set up you should start engaging yourself in the conversations that are taking place. I have learned more on twitter by following the above people than in any infosec class that I have been in. Twitter is a great place to network and possible find that security job that you are looking for. My last interview was because of the networking that I was doing on twitter and hopefully soon I can say it was also because of it.
Starting a blog is also a great idea and allows for you to bring some exposure to yourself. Your topics can be about anything that’s security. I tend to write about what I learn in class as well as what is going on in the security field. After awhile you can tailor your post to those things that you might want to specialize in.
Reading blog post and articles and listening to pod cast’s are great ways to stay up to date on the latest security trends. Down the Rabbit Hole and Southern Fried Security Podcast are two of my favorite. Surrounding yourself with as much up to date information will also show employers that you take the field serious.
Attending security conferences and joining organizations like ISSA (Information Systems Security Association) is also a great way to meet those in the industry and to get out there and network and who knows the person sitting to your left or right of you just might know of a job opening.
One thing that you’ll find about the security community that I don’t think you’ll find anywhere else is how open those that are already in the security field are to helping someone who is just trying to get started. I have been given great advice and have met some really great people in this community so far.
One of hardest things that I have had trouble with is gaining the hands-on experience that companies are looking for. That’s why I highly suggest you create your own home lab. This way you can hack and break things and won’t get into any legal trouble because its in a contained environment. There are some really great books and articles out there can show you how to do this.
So Good Luck and remember “Follow your gut, follow your heart, listen to smart people and don’t look back” I was told this once and it has served me well.