Why become a Information Security Professional? (part 3)

So far in part 1 and part 2 I've talked a little about the whys and why nots of becoming an information security professional. Now I'm going to talk a little about what to do once you have decided to make the move into information security. This is the same basic advice that I give when I get an email from someone asking for advice. Obviously, if I know more specifics it's easier to give more specific advice, imagine that. :)

The first thing I would recommend is that you learn the basics of security in general. Why do we need it, have it and what is the purpose of it? How does it work? Learn the basics of TCP/IP since it is the heart of most networks. Learn the basics of networking and web services. When you get these things down you have a pretty good foundation to build on. No matter what area of security you choose to go into these will help you. They are the core of almost every business.

Next try to figure out where your talents are. Are you good at coding, routing, servers, windows, Unix/Linux, strategy, what? What are you passionate about when it comes to security? This is the area that you most likely will find the most success and satisfaction in. Do your research on various disciplines. Talk to others who are in security. Read blogs, books, etc that cover security and the various disciplines.

Lots of times people ask if their current job is a good learning ground. I say Yes! It doesn't matter what your job is. Learn about how security affects it and how it can be used to improve and protect it. Anything that you can learn can be applied to various disciplines. Don't get too narrow minded and focus only on the technology side. Learn about physical security also. It helps to train you mind to think outside of your little corner of security.

Once you have made a decision to focus on a specific area then practice all you can. Set up a home network using VMWare and free security tools. If you have access to spare systems and such then use them. Check out online resources that will allow you to practice your skill. There are sites (some free but most are pay) that will give you access to routers, firewalls, servers, etc. You can hammer away on them and also practice securing them. Then again read books specific to that field and talk to others who are in that field. Join online communities (my favorite it the Security Catalysts Community) where you can interact with and ask questions of others. Also take advantage of any training you can or local security focused organizations like InfraGard, ISSA, ISACA, etc...

That should get you on your way. Good Luck!