New Book: Breaking In to Information Security
- At November 11, 2013
- By Josh More
- In Business Security
1
It’s been a while since I’ve posted. More news will come soon, I am sure. However, for now, I’d like to point you to a community project.
Anthony J. Stieber and I are working on a new book and, to make it the best we can, we want the story of how you got started in information security.
Please feel free to pass this link around to others (retweet it, whatever). If you now have or have had a job in InfoSec, we want to hear from you.
We’re doing this because we’re increasingly asked how to “break in” to the field of information security. Robin Wood kickstarted the process with his survey , and many of us have done the one-on-one mentoring thing. However, we feel that it’s time to draw a line in the sand and document the process “thus far”. A clear path to entering the information security field can save years of inefficient or unethical effort.
Our book uses a simple “Learn, Do, Teach” core that guides readers to become useful community members. The core idea is to learn constantly but also to contribute and later teach others and guide them through the same process.
We recognize that few careers follow direct paths. To make the book the best we can, we ask you to share your career path with the community. These short “biographies” will show how real people have broken into information security. As a thank you for helping us with this book and to contribute to the community, each author will donate 50% of the book royalties to Hackers for Charity .
If you would like to help with this project, please send to infosec.career.stories -at- gmail.com a short description of your story, or if you prefer, at your convenience we’ll do an informal interview.
Again, please forward to anyone with an information security career story.
Feel free to ask any questions you like in the comments below or contact me directly on Twitter.
W. Schmidt
I’m not sure you can “break in” to information security, unless you end up working in forensics or law enforcement directly out of college. In my case I was a network engineer for about five years for a large corporation. I ran into a consultant and helped him with an assessment of our data center, organized our diagrams, explained address schemas, found lost equipment, etc. He recruited me to come work for him when he changed firms a few months later.
My entire foundation as some one that designed and implemented networks was reversed, and I ended up working doing penetration testing, risk assessments, and various types of IT audits and consulting projects.
Without the initial industry experience, I’m not sure I would have had a foothold. Although some people can “break” directly into security, the best foundation in my mind is to start learning a normal IT disciplline: development, networking, windows, database administration. From there, learn security as a concept, and from your initial knowledge you’ll at least have something to say about one area of security, and perhaps that’s where you specialize. Since I wasn’t a developer, I’d make a pretty awful application penetration tester, but then again I’d never posit to be one.
To succeed in a field that is based on deconstruction, try learning to construct something first, then at least you can tell people how to put it back together when you break it.