Member-only story
Getting into the information security field in 2024
How can one get into information security?
From my previous articles Is there really an information security jobs crisis? and The big lie of millions of information security jobs, it’s eminently clear that there are not millions of open information security jobs. Notwithstanding, information security can be a viable career option. The question is, how exactly does one enter the field?
Other careers have relatively straightforward paths to entry. Want to be a lawyer — go to law school. Want to be a doctor — go to medical school and do a residency. Want to be a plumber or electrician — complete an apprenticeship program. Yet when it comes to information security, the career path is not so straightforward.
This lack of clarity around information security careers has created a vacuum where bootcamps and 6-month security programs guaranteeing a job have proliferated. Graduates of these programs are often left with significant debt and no information security job prospects.
You need to know information technology if you want to succeed in information security
A common mistake people make is thinking information security is its own discipline. Security is, in fact, built on information technology (IT). And simply put, if you don’t understand IT, you can’t be an effective information security professional.
Using medicine as an example; a specialist first must learn internal medicine, and only then can they specialize. With that, the following is a partial list of core IT topics a security professional needs to know:
· Operating systems
· Protocols
· Coding (while coding is not a must-have, it is definitely a benefit. And the more languages you know, the better an information security professional you can be).
· Hardware
· Software
· Risk management
· Policy
· Cloud computing
Don’t forget that soft skills are also necessary and often just as important as security technical skills. This includes project…
