It’s been a hell of a past few months. I’ve seen many talks about it, and seen a lot of people getting discouraged, because it’s hard to get into the InfoSec field as a profession. I fully agree that it is hard to get into InfoSec, but it can be done. Like anything, getting a job in a field that you want to get into is a challenge. Not only do you have to have the training or knowledge to get into the field, but you also need to have the perseverance to reach out and get that career started. I have been reading, studying, and learning as much about information security as I could, since I got my degree in CIT, give or take for the past 6 years.
The best thing I could advise would be to not worry about what you don’t know. If you see a position dealing with information security, apply! My dad always told me to not worry about what was on a job posting, as far as what the employer was requiring the candidate to have or possess. The things that are ‘required’ are, for the most part, what HR wants you to have. Furthermore, if you do possess all of the things that an employer ‘requires’, you’re going to be getting paid about $20K less than what you’re worth! With that being said, if you see things that the employer is ‘requiring’, do some head work and look up said requirement and at least gain some knowledge of what they want, so if they bring up that topic on an interview, you can tell the manager that you aren’t 100% sure about it, but you did take the initiative to look into it and got some great points of reference on the material.
Start networking with professionals in the field; go to security/hacking conferences (huge list here,) Most of the security conferences are $100/ticket, and don’t fret it if you can’t afford a ticket, all of the conferences I’ve gone to have volunteer spots open that give you free entrance, as long as you’re willing to put in some leg-work to get the conference going, and make sure things run smooth. Get on twitter and start following people in InfoSec. LinkedIn is another great resource for finding those in InfoSec and finding out if they’re hiring for InfoSec people. Another place I can’t praise enough of is Reddit. They have a sub-reddit that is specifically for those that are in, or wanting to get in, Information Security, which you can get to here. At the top of the postings will be a post called ‘/r/netsec’s QX 20YY Information Security Hiring Thread,’ where companies will post positions they have that need filled. The Hiring Thread is great, because you can talk with the person that posted the position, to answer any questions that you have.
The last thing I can say to anyone trying to break into InfoSec is to not stop looking, you will eventually get a break. I was looking for an InfoSec position for the past 5 years, working at a job that I could feel killing me every day. I was searching reddit and found a post for the position I’m currently in. I could not be happier to have found a job where I’m ecstatic to get online every day I wake up. I get to learn new things every day, and work with a team of freaking awesome individuals. rosewood, hinge, du1d, fuzzy, stumblebot, bizmark, and everyone else on the team, you guys are the best!