I was a bit disappointed to see Building a Career in Cybersecurity: The Strategy and Skills You Need to Succeed (Addison-Wesley) start with the oft repeated mistaken notion that there are millions of open information security jobs. Figures like that do a tremendous disservice to the information security industry and those considering entering it.
As I wrote in Is there really an information security jobs crisis?, and as Kim Jones and I spoke about on this RSAC podcast, there are lots of information security jobs, but it’s not that firms are so desperate to hire people that all a person needs a pulse to get hired.
Aside from that top-of-the-first-inning mistake, Yuri Diogenes of the Microsoft Cloud Security Group has written a helpful guide for those looking to get into information security as a career. At 160 pages, the book is a brief introduction to what it takes to enter and succeed in information security.
For many other careers, from law and medicine to plumbing and construction, and everything in between, there are well-defined career paths. For example, in medicine, all one needs to do is graduate college and medical school, complete , and then enter the medical field. But when it comes to information security, the path from schooling to starting work as an information security professional is not so well defined.
Here, Diogenes gives the reader a plan in which they can enter information security. His focus is very hands-on, and he emphasizes building a home lab in which a person can build their information security skills. Of course, a home lab is no comparison to a real-world environment, but it is still quite valuable.
If a person wants to become an auto mechanic, building their own shop at home could cost tens of thousands of dollars in tools. But when it comes to information security, cheap hardware, and open-source tools mean that a person can build a quality security lab in their home for under a thousand dollars.
For example, 25 years ago, the equivalent of 600 commercial tools in Kali Linux would cost a firm about a million dollars. Now all of those tools are free. That is a powerful advantage for the security job seeker learning to hone their skills.
In the media, information security is often portrayed in a James Bond-like fashion. In the real world, it’s far from it. In fact, no one I have ever worked with has driven an Aston Martin. To that, the book details the many world-life challenges involved in information security. Often the hours are brutal, for those in consulting, the client requirements are unrelenting, and the pressures intense.
Diogenes writes how the challenges of working in information security at one point led to his 100-pound weight gain and other health issues. While his passion for information security resulted in job promotions, the lack of work/life balance came with significant consequences. His experience is a cautionary tale for those considering a career in information technology in general, and information security specifically.
His experiences and challenges with work/life balance are not unique and are a significant problem in the industry. It’s not a new issue either. At RSA Conference 2012, a panel with Jack Daniel, Gal , KC Yerrid, and others, spoke about security burnout and stress.
The goal of that RSAC session was to raise public awareness and support about the risks associated with burnout among information security professionals and build a community of support. There has been a lot of progression in the years since the panel. But the underlying issue of stress, burn-out, and lack of a work/life balance persists. Something to consider for those looking to get into information security.
While the figures of millions of open information security jobs preposterous. There are indeed though many openings. Getting that job though is not an easy endeavor. But for those who are considering a career in information security and want to thrive in it, a Career in Cybersecurity lives up to its title, and will show you the strategies and skills you need to succeed.