Posted on by Ben Rothke
One does not have to drive very long down a highway to see billboards with programs encouraging people to sign up to get trained in a career in the lucrative field of information security. Articles such as “The 10 fastest-growing jobs of the next decade,” “Wanted: Millions of cybersecurity pros. Salary: Whatever you want,” and other similar pieces have created a feeding frenzy in the information security space.
While those articles are often more histrionic than accurate, the reality remains that there are indeed many information security jobs open. As I wrote in “The Fallacy of the Information Security Skill Shortage,” a large part of the so-called information security skills shortage has more to do with firms that refuse to pay market rates for information security professionals.
But for those who have an interest in information security, how exactly can they enter the field? In Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level, authors and security veterans Gary Hayslip, Christophe Foulon, Renee Small, and Bill Bonney have written a practical and, more importantly, honest guide on how to enter the field.
One of the mistakes people make is thinking cybersecurity is a monolithic field. But within cybersecurity, there are many different domains and areas. This is best exemplified by Henry Jiang (CISO at Diligent Corporation) in his map of the cybersecurity domain. A quick glance at his map shows scores of different areas, which exemplifies how diverse information security is.
Many times, books with multiple authors suffer from inconsistency and poor readability due to different styles and approaches. But this book benefits from multiple authors as there are numerous ways to get into security, and each author brings a unique story and strategy.
Many people are tempted to go into security for the money, but the book cautions that they will not succeed without a passion for the topic. While security is portrayed in the media as often being James Bond-like, the authors detail the dark side of information security, which a person should consider before going down the path.
I would have liked to see an emphasis on those considering a security career needing to get their hands on Kali Linux. Kali is an open-source Linux distribution made for security, forensics and penetration testing. It has over 600 information security tools. Kali is an excellent way for people to get their hands wet with security tools and see if they are interested.
This is an inexpensive way to play with security, as you can run Kali on a $300 desktop. But 20 years ago, the tools on Kali alone would have easily cost over $250,000. A lot has changed in the past few decades.
There are countless articles about getting into the security field, many of them vendor-sponsored. But there’s a dearth of sage advice on how to do it right. For those considering entering into information security careers, Develop Your Cybersecurity Career Path is an excellent book to help them on their journey.
Professional Development & Personnel Management
professional development & workforce security education security jobs
Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.
Share With Your Community