By: Shahzad Subhani
Every day in our professional life, we come across people who work in the field of Information Technology and want to pursue their career in the field of Information Security due to their personal and professional reasons. At the same time, there are students and fresh graduates who have heard of Information Security and want to begin their career in it.
These IT professionals and students often wonder how one can enter into the information security field and what he or she should be doing to become a good information security professional. If you google it, you will find a few articles here and there however you will never find a detailed document about this.
We thought that it is time that we should document it and guide our younger generation in a more symmetric way so we came up with these guidelines. The crux of the matter is, that you can start anywhere you want to start. However, you should be focused and very clear on what you want to achieve and how to achieve it. Let’s get started.
How to start
If you are already working in the IT field, then you can start from point 3 onwards. However, if you are a student or a fresh graduate then you should be starting from point 1.
- Get yourself registered on any of the following sites:
- a) EDX
- b) URDU IT Academy
- c) Cybrary
- d) UDEMY
- e) SANS
- Enrol yourself in free basic security courses i.e. introduction to security, cybersecurity basic, building cybersecurity toolkit, etc.
- Please refer to Cyber Security Career Advice by URDU IT Academy and GISPP. It is a very informative video however it is a mixture of Urdu and English.
- Identify the security domain of your interest and want to pursue. For each domain, there are some vendors, who are leaders in that domain and most of them have very good learning resources available on their websites or YouTube channels. A list of different security domains is given under point 6.
- Use the “For Dummies” series publications for learning, some good recommendations are mentioned below. A detailed list of “for dummies “series on the topic of security can be found here.
6. Some most common information security domains are mentioned here and you can pick one of them to work in.
7. Use Twitter to follow various security vendors, magazines and some experts in order to enhance your knowledge and understand new trends and technology. Some famous handles are shown here.
8. Learn about TCP/IP and other protocols (HTTP, SMTP, SNMP, HTTPS etc.)
9. Learn about application security guidelines, especially from OWASP.
10. Learn to read and understand logs in order to develop log analysis skills.
11. Watch videos about different products (if available).
12. Setup a lab or join any online paid labs and work on tools like Kali Linux, Python and PowerShell languages.
13. Get in touch with security professionals and expand your circle by attending security conferences, seminars and webinars.
14. Clarify your concepts by engaging in discussions with your peers, and friends from the same domain. Healthy professional discussions are always beneficial to clarify any doubts.
1. There are multiple skills that you may require to improve during the job, job search or during your studies. These Skills are soft skills as well as Technical Skills.
2. Soft Skills that you should try to work on
3. Technical skills are your weapons and you need to hone them and adapt new ones with the drift of technology. Try to improve on or start learning at least two of the skills mentioned below.
4. Some security tools, services and Protocols are mentioned below and you should try to get familiar with them.
Certifications and Skills Roadmap
Given below is a suggested certification and skills roadmap. some people aim for CISSP at the beginning of their career which is not recommended, and it won’t be helpful at all as some of the concepts and domains will be new to you and might fly right over your head. You should aim for it after spending a few years in any of the Information Security domains. You can find below a suggested certification path.
We really hope that you will find these guidelines useful. If you do, please share your feedback below. It will motivate us to do more. Feel free to add the points that we missed so that we can compile them as well. The full Guide can be downloaded from here.
It is a Collective effort by Shahzad Subhani, Sajjad Haider and Farrukh Mahmood under the GISPP Platform.