A Beginner’s Guide to Starting an InfoSec
A Beginner’s Guide to Starting an InfoSec
The first thing I would recommend to folks looking to get into this industry is to take some classes on Information Security. You can do that in a school setting, or you can get education in the form of a training program, or as part of a conference depending on how comfortable you are with wading into this subject. Starting a college or university degree program could be considered jumping in headfirst as it can be rather a costly and time-consuming endeavor if you’re not yet sure, but there are plenty of short-term and low-cost options if you would like to just dip your toes into the waters of computer security.
The next thing, but no less important, would be to join industry groups or attend events so that you can meet security practitioners. Getting to know people who are in the security industry is not just a great way to find out what it’s like on a day-to-day basis in your potential new career; it can be an essential part of gaining trust and recommendations when it comes time to find a position.
Conferences, Meetups, and Online Resources
If you’re an absolute beginner in InfoSec, you’re starting at the right place – by reading security blogs and magazines. Many of these web pages (ours included) also have webinars and videos where you can learn more about different
aspects of security.
If you want to get a better view of what it’s like to work in this industry, you can seek out Security Meetup groups and professional conferences in your area. There are annual Security BSides conferences in most major cities, and these are free to attend. They are an excellent way to meet local people in this field, and they can be a great way to dip your toe into presenting your research once you’ve got some InfoSec experience under your belt.
There are countless other security-specific conferences throughout the year, many of them generally about offensive or defensive security. A growing number of the conferences focus on more specific aspects of security or the security community. These conferences vary in cost from a few hundred dollars to a few thousand dollars for some of the year’s largest events.
If you’re already in your chosen career and looking to add to your InfoSec chops, a lot of IT conferences
that are specific to industries such as Health, Education, and Finance are adding security sessions or even
content tracks devoted to security information. For example, this years health Information Management Systems Society (HIMSS) conference added
a Cybersecurity Command Center that had a special area devoted to security sessions and vendor kiosks.
More in-depth training
Whether you’ve just completed your college or university degree program, or you’re looking for a way to ease into more in-depth training in InfoSec, the SANS Institute trainings offer a wide variety of security topics at a wide variety of levels. I’ve taken their Reverse Engineering course myself and found it was a fantastic refresher course for me, on the tools
and techniques used to analyze malware. My classmates who were new to malware analysis found it to be a very
approachable approach to a fairly technical subject.
The Black Hat Executive Summits will be happening in the US in a few months’ time. This conference includes several days of training sessions before the Briefing sessions begin. (Though if you’re interested in attending this year, act quickly as the sessions are already beginning to sell out) Both Black Hat and SANS Institute training
sessions cost several thousand dollars, so while this is far less investment than a degree program,
it may not be the best first step for absolute beginners.
Trust, but verify
It’s worth noting that while networking is a good idea whenever you decide to switch careers, this is doubly true in Security. Trust relationships are vital when dealing with sensitive and potentially harmful materials, as we do in this industry. My emphasis on joining security groups or attending security events may seem strange – but in this industry
more than most, it is not enough just to know your craft well. You can be exceptionally proficient at either offensive or defensive security skills, but if people within the industry don’t know you or trust you well enough to recommend you, you will have a very difficult time finding the job you seek. On the other hand, if people know
you well enough to trust you and see that you are eager and able to learn quickly, you may be given the chance
to prove yourself.
Other online resources:
- Coursera computer security course list
- edX computer security course list
- Open Security Training course list
- Florida State University lectures on computer security
- Malware reverse engineering tutorials
- Kali Linux distro home page
- Open Web Application Security Project (OWASP) home page
- SecurityTube videos
- CompTIA Security+
You can also buy instant:
Cashapp Money Transfer Click here
Paypal Money Transfer Click here
Western Union Money Transfer Click here
Venmo Money Transfer Click here
Bank Money Transfer Click here to Contact Us