Information Security Career Path

Shahzad Subhani
4 min readSep 9, 2020

--

Introduction

Every day in our professional life, we come across people who work in the field of Information Technology and want to pursue their career into the field of Information Security due to their personal and professional reasons. At the same time, there are students and fresh graduates who have heard of Information Security and want to begin their career in it. These IT professionals and students often wonder on how one can enter into information security field and what he or she should be doing to become good information security professional. If you google about it , you will find few articles here and there however you will never find a detailed document about this . We thought that it is time that we should document it and guide our younger generation in more symmetric way so we came up with these guidelines . Lets get Started .

How to start

If you are already working in IT field, then you can start from point 3 onwards. However, if you are a student or a fresh graduate then you should be starting from point 1.

1. Get yourself registered on any of the following sites:

a) EDX

b) URDU IT Academy ( For Urdu Speakers)

c) Cybrary

d) UDEMY

e) GISPP Academy Videos

f) SANS

2. Enroll yourself in free basic security courses i.e. introduction to security, cybersecurity basic, building cybersecurity toolkit, etc.

3. Please refer to Cyber Security Career Advice by URDU IT Academy and GISPP . It is a very informative video and it is a mixture of Urdu and English . If you are a non Urdu speaker than you can skip it .

4. Identify the security domain of your interest and want to pursue. For each domain, there are some vendors, who are leaders in that domain and most of them have very good learning resources available on their website or YouTube channels. A list of different security domains is given under point 6.

5. Use the “For Dummies” series publications for learning, some good recommendations are mentioned below . You can find many articles on cybersecurity here .

Dummy Series

6. Some most common information security domains are mentioned here and you can pick one of them to work in .

information security domains

7. Use Twitter to follow various security vendors, magazines and some experts in order to enhance your knowledge and understand new trends and technology. Some famous handles are show here .

Twitter Handles

8. Learn about TCP/IP and other protocols (HTTP, SMTP, SNMP, HTTPS etc.).

9. Learn about application security guidelines, especially from OWASP.

10. Learn to read and understand logs in order to develop log analysis skills.

11. Watch videos about different products (if available).

12. Setup a lab or join any online paid labs and work on tools like Kali Linux , Python and PowerShell languages.

13. Get in touch with security professionals and expand your circle by attending security conferences, seminars and webinars.

14. Clarify your concepts by engaging in discussions with your peers, friends from the same domain. Healthy professional discussions are always beneficial to clarify any doubts.

Required Skills

1.There are multiple skills that you may require to improve during the job, job search or during your studies.These Skills are soft skills as well as Technical Skills .

2. Soft Skills that you should try to work on .

Soft Skills

3.Technical skills are your weapons and you need to hone them and adapt new ones with the drift of technology . Try to improve on or start learning at least two of the skills mentioned below .

Technical Skills

4. Some security tools, services and Protocols are mentioned below and you should try to get familiar with them.

Security Tools , Services and Protocols

Certifications and Skills Roadmap

Given below is a suggested certification and skills roadmap. some people aim for CISSP in the beginning of their career which is not recommended, and it won’t be helpful at all as some of the concepts and domains will be new to you and might fly right over your head. You should aim for it after spending a few years in any of the Information Security domain. You can find below a suggested certification path .

Information Security Certifications Roadmap

we really hope that you will find these guidelines useful . If you do , Please share your feedback below . It will motivate us to do more . Feel free to add the points that we missed so that we can compile them as well . Full Guide can be downloaded from here .

Credits :

It is a Collective effort by Shahzad Subhani , Sajjad Haider and Farrukh Mahmood under GISPP Platform

--

--

Shahzad Subhani
Shahzad Subhani

Written by Shahzad Subhani

A Seasoned, Enthusiastic Information Security Professional.Founder of GISPP, a Global community Platform for Pakistani Information Security Professionals.

No responses yet