Information Security Career Path
Introduction
Every day in our professional life, we come across people who work in the field of Information Technology and want to pursue their career into the field of Information Security due to their personal and professional reasons. At the same time, there are students and fresh graduates who have heard of Information Security and want to begin their career in it. These IT professionals and students often wonder on how one can enter into information security field and what he or she should be doing to become good information security professional. If you google about it , you will find few articles here and there however you will never find a detailed document about this . We thought that it is time that we should document it and guide our younger generation in more symmetric way so we came up with these guidelines . Lets get Started .
How to start
If you are already working in IT field, then you can start from point 3 onwards. However, if you are a student or a fresh graduate then you should be starting from point 1.
1. Get yourself registered on any of the following sites:
a) EDX
b) URDU IT Academy ( For Urdu Speakers)
c) Cybrary
d) UDEMY
f) SANS
2. Enroll yourself in free basic security courses i.e. introduction to security, cybersecurity basic, building cybersecurity toolkit, etc.
3. Please refer to Cyber Security Career Advice by URDU IT Academy and GISPP . It is a very informative video and it is a mixture of Urdu and English . If you are a non Urdu speaker than you can skip it .
4. Identify the security domain of your interest and want to pursue. For each domain, there are some vendors, who are leaders in that domain and most of them have very good learning resources available on their website or YouTube channels. A list of different security domains is given under point 6.
5. Use the “For Dummies” series publications for learning, some good recommendations are mentioned below . You can find many articles on cybersecurity here .
6. Some most common information security domains are mentioned here and you can pick one of them to work in .
7. Use Twitter to follow various security vendors, magazines and some experts in order to enhance your knowledge and understand new trends and technology. Some famous handles are show here .
8. Learn about TCP/IP and other protocols (HTTP, SMTP, SNMP, HTTPS etc.).
9. Learn about application security guidelines, especially from OWASP.
10. Learn to read and understand logs in order to develop log analysis skills.
11. Watch videos about different products (if available).
12. Setup a lab or join any online paid labs and work on tools like Kali Linux , Python and PowerShell languages.
13. Get in touch with security professionals and expand your circle by attending security conferences, seminars and webinars.
14. Clarify your concepts by engaging in discussions with your peers, friends from the same domain. Healthy professional discussions are always beneficial to clarify any doubts.
Required Skills
1.There are multiple skills that you may require to improve during the job, job search or during your studies.These Skills are soft skills as well as Technical Skills .
2. Soft Skills that you should try to work on .
3.Technical skills are your weapons and you need to hone them and adapt new ones with the drift of technology . Try to improve on or start learning at least two of the skills mentioned below .
4. Some security tools, services and Protocols are mentioned below and you should try to get familiar with them.
Certifications and Skills Roadmap
Given below is a suggested certification and skills roadmap. some people aim for CISSP in the beginning of their career which is not recommended, and it won’t be helpful at all as some of the concepts and domains will be new to you and might fly right over your head. You should aim for it after spending a few years in any of the Information Security domain. You can find below a suggested certification path .
we really hope that you will find these guidelines useful . If you do , Please share your feedback below . It will motivate us to do more . Feel free to add the points that we missed so that we can compile them as well . Full Guide can be downloaded from here .
Credits :
It is a Collective effort by Shahzad Subhani , Sajjad Haider and Farrukh Mahmood under GISPP Platform