10 things you should know about a career in information security
1. Walk your own path
No one can tell you exactly how to get into the information security field. It's more of a "choose your own adventure" story than a well-defined path. If you consult with professionals working in information security, you're going to learn quickly that few people follow the same path into the industry.
Information security is a more advanced branch of IT. Whichever way you arrive, you need a background of base skills, but because information security has a lot of depth and dimensions, it's less important what that background is. You can come from development, server administration, a computer science degree, or even tech support. Leverage your strengths and experience as they apply to information security.
FREE role-guided training plans
2. It's not easy
This isn't a field for the lazy or unmotivated. You're always going to be pushing yourself, and there isn't a lot of room to get comfortable or complacent. Information security is rapidly evolving, and that's not going to change.
As new threats arise, new preventative measures rise to meet them. Then attackers invent new threats, and the cycle continues. Add in the changes always introduced by new technology, and it's instantly clear why this field is so challenging.
3. That's classified ...
Security clearance is a real thing, and you're going to be working around it for your entire career. It can range from restricting access based on users and groups all the way up to actual government security clearance.
Expect to be thoroughly vetted by companies before being hired, and background checks are standard practice. Once you're hired, you're going work within the confines of security clearance. You won't have access beyond your clearance, and you won't be able to grant access to anyone else beyond their clearance. If something is above your level, you'll need to escalate the issue.
4. Certifications and continued learning are key
The field evolves too rapidly for a degree to stay relevant. You need to take the initiative to continue your education, and certifications help you prove that. A degree can help you get started in your information security career, but it won't carry you through it all.
Certifications and training programs are ideal because they're frequently updated to remain current. They have the added benefit of covering more information in-depth in a shorter span of time. Certifications and training programs cost less than university education and many employers will cover your tuition. Certifications and some training programs have worked for years to build industry recognition, which you will benefit from upon completion.
5. Think outside the box ... actually, there is no box
The bad guys have to be creative and clever, so you need to be too. While there certainly are tried-and-true procedures to follow in the information security world, don't expect every situation to work out the same.
This is an IT field where creativity counts. Information security will keep you on your toes and make you think. Keep an open mind, because sometimes the craziest answer is the correct one.
6. Never underestimate the human element
It's common to underestimate the importance of so-called "soft skills" in the information security industry. There's a very human element to information security that many people don't expect going in.
Primarily, you work to support the people within an organization. You'll need to communicate technical ideas in a way everyone can understand, and you're the person to help them understand what they need to do to protect themselves.
Social engineering is a huge part of information security too. The ability to anticipate and avoid social engineering is a vital skill, and it's your first line of defense. There's a fair amount of psychology involved in understanding both how attackers and potential targets think.
7. Be pragmatic
Always use the best, most efficient, tool for the job. Most people have strong preferences when it comes to technology. It's all usually pretty casual, but that's exactly the kind of thinking that can get in your way in information security.
It helps to be familiar with everything available, and even keep systems ready with as many programs and operating systems as possible. It's part of general preparedness and will help you work quickly and accurately, which can make a huge difference.
8. Everything's connected, everything's at risk
As the network connectivity continues to permeate every aspect of business and life as a whole, the number of devices that could become targets increases exponentially. Be prepared to secure everything. You may land a more traditional position within the industry and only need to work with servers, but you're more likely to find yourself working with a full range of devices.
Mobile devices and the Internet of Things (IoT) are often overlooked in this regard, but attackers are well aware of the potential those devices hold. While it may seem ridiculous for a company to be hacked through their refrigerator, it can happen. This is the new reality security professionals need to contend with.
9. Something will go wrong
It's inevitable. Something will go wrong, and there's a good chance you won't find it until weeks after. Most security breaches aren't detected until well after they occur.
Prepare yourself for the occasional chaos. Prepare ahead of time and know that there's no way to account for everything. Ultimately, it's all a learning experience. Adapt and keep going.
What should you learn next?
10. Information security isn't going anywhere
The field will continue to grow, diversify and increase in complexity as time goes on. As companies become more reliant on technology and more business is conducted online, the amount of threats will increase, as will the demand for information security professionals.
Starting down this path can lead to a lifelong career. There will never be a time in the foreseeable future when information security will not be essential. The presence of network-connected technology practically guarantees it. In fact, demand for trained professionals is only increasing, and projections indicate that the pattern will not change any time soon.