Wednesday, April 20, 2016

5 keys to success as an Information Security Professional

People ask me all the time, how do I "get in" in cybersecurity. I usually point them to this document:
Ways To Become An Effective Information Security Professional - From A GIAC Wannabe Perspective But what if you are already in the industry? I wrote a Linkedin post on 3 Tips to keep riding the cybersecurity wave that was fairly well received.  In this post, I would like to expand, and reorder, based on some of the comments from the post.

First, you have to stay up to date. Cybersecurity pays well because it is demanding. You are taking a class, that is good, but it is not enough. Build time into your schedule to hone your skills. A really practical way to stay sharp is to write a Python script every week. Please forgive the sharpen the saw cliche, but it matters.  As Russell Eubanks put it: "You could "Begin with the End in Mind" by positioning yourself to become a senior information security leader by focusing on achieving results through others. I bet we all have more lessons learned to share with others than we care to admit."

Second, it is imperative that you balance work and life. Exercise and eat right. If you are married, try to stay married. Make sure your kids and pastor, rabbi, mullah know your name.

Third, balance being a cybersecurity generalist and specialist. The advantage of a course and certification like SANS Security Essentials and following that up with the GSEC certification forces us to stay current on all the major topics of security. If you decide to be a mentor or community SANS instructor it will blow your mind how much material you have to master before teaching it. Being a specialist in some area or even two such as Penetration Testing and Mobile Forensics is a key to being a truly useful member of the team. Every member of a military special forces unit can do each job, but they are experts in a few areas. This is how SANS Cyber Guardian is structured.

Forth, stay cybersecurity organized. Keep one or more lab notebooks close at hand or use note taking software. Never write anything down on scrap paper. When you make a screen shot give it a meaningful label.
Python urllib2 urlopen to dump webpage source
Have the situational awareness to realize how much time and energy you spend looking for things you did not file properly or repeating searches that you did not save the results for. Don't thrash, complete the task at hand.

Fifth, remind yourself from time to time that you are getting older and eventually you will retire or get flushed out of the system. Take some time right now to think about what you are going to do with the second half of your life.


  1. This comment has been removed by a blog administrator.