People often ask me whats the best way to get into security as a career. There are of course many views on this subject, but I don't believe there is a clear answer. So rather than try and map out a path, lets look at some of the elements involved and some options.
The first thing I want to say on the subject is that Security is more of a state of mind than anything else. I have a saying, to be good in security you need to be sceptical with a healthy dose of paranoia! This point of view will serve you well when it comes to security as it will allow you to be objective and not accept things at face value. Secondly, you need an inquisitive nature and a thirst for knowledge, To be the best at security you simply need to be able to hunt out the truth and learn the latest concepts and techniques very quickly. Finally, you need to be a good generalist, I realise this point is contentious, but I truly believe that you need to have a good general grasp of everything technology related as well as your preferred specialism in order to cover the breadth of security. Of course you can be an expert in your chosen specialism, but you must have a grasp of how “everything” fits together in order to be good.
OK, so where do you begin? Well, for starters, you need to have a long hard think about what you want out of life. What I mean by this is, are you a “techy” or are you a “manager”? I realise you can be both (as I am), but when your starting out, the subject is so broad you need a direction to head. If your a techy, then you probably heading down the threat, vulnerability and controls path, with topics such as ethical hacking, intrusion detection and firewalls on your learning list. if however, your more of a manager, your probably heading down the opposite path towards topics such as strategy, assurance and governance. Once you have figured this out, you can start to look at the material, courses and support networks available for each road to help you get going.
One important factor that should always be included however is your own personal growth and development. What I mean by this are the softer skills such as communication, empathy, leadership, coaching etc. All of these skills are fundamental to your success and should be developed in equal measure with your chosen subject specialisms. The biggest issues I face as an employer in this sector is finding good security people with excellent soft skills. Its too easy in this game to get trapped in a world of regulations or bits ‘n' bytes, and forget that all your knowledge is pointless if you cannot make use of it and educate the world.