Note: this is consistently being updated and changed as much as I can, I may have gotten some thing wrong, if I have shoot me a DM over on Twitter @DoddsyLTD and I will be sure to correct it and take on any feedback you have.
What is it you want to achieve?
First and foremost, you need to decide what it is in information security you want to do, are you keen to become a SOC Analyst or maybe you want to one day become CISO. There are lots and hundreds of different paths and roles in information security, and if I were to list them, we’d be here all day.
I would recommend figuring out what it is that interests you, what would you enjoy doing?
Once you’ve decided on your niche and where you would like to end up, think about what you can do to get there.
Are you able to go to University or College to get a CS Degree? Is it Application Security which interests you? Do you already have relevant experience to the field? The one thing everyone in infosec can agree on is; there is no right or wrong way to get into information security, everyone is different and there are lots of different ways that people have got in to the field. That being said, a general roadmap which can be deviated and changed as you progress would be a great idea to work towards.
Infosec and the hacking community in general are vast and there’s plenty of room for everyone, that being said, if you are looking to get into infosec for the money; you’re probably not going to do very well, if you’re looking to switch off from work when you finish for the day, you might also struggle to some extent. The key in information security is an eagerness and willingness to continuously learn. This is a fundamental mentality which will aide you in information security, particularly as its an ever changing and huge industry. You need to decide if its really for you… if it is and that sounds like its right up your street, awesome! Welcome to our community, here’s your membership card.
Qualifications and Certifications:
This is a slightly controversial subject within our field, to make some clear points on this.
- You dont need certifications to work in cyber security.
- You dont need a degree to work in cyber security.
Degrees are a good step into information security, you get a lot of key skills and universities and colleges are doing a lot to keep their courses highly rated and relevant. Generally these universities will have links to industry as well which can benefit you in the form of internships or graduate schemes.
Certifications are HR box ticking exercises to be get your resume in front of the right people. You don’t need them to get into infosec and they aren’t required by most jobs (with the exception of DOD contracts in the US) BUT certifications can be a good way to base your learning path when trying to get into a field, the knowledge is usually up to date and relevant and gives a good structure to learning topics which you may need in your chosen field.
Some certifications to get you started could be the CompTIA Network+ or Security+, the CCNA/CCNP, OSCP or CEH.
Don’t let people fool you into thinking that the CISSP is an entry level certification. It is not entry level and requires 5 years (4 with a relevant certification) in one of the outlined 7 domains they specify.
There are a lot of courses out there which can give you an entry level understanding on lots of various information security topics, some of them will be high-level, some of them will be aimed at novices like yourself. These can be found on various different training platforms such as Udemy, Coursera, KhanAcademy, Pluralsight and CodeAcademy.
You should look into courses which interest you or are specific to your level and intended career path.
I would highly recommend any courses by TheCyberMentor (@thecybermentor) and Tib3rius (@0xTib3rius).
Twitter can actually be a really useful resource for getting resources for both the novice infosec person and the professional. The trick to it revolves around a few variables:
a) Who you follow – Follow people who regularly post resources or information related to the career path you would like to take.
b) Following the right topics – Twitter is clever in that it will allow you to follow ‘topics’ which can be found in the explore tab, make sure its configured around subjects interesting to you.
c) Note that these are generally peoples personal accounts, they will post personal information too, if you see twitter drama, its best to stay out of it and ignore it. That being said, if you see someone being racist, sexist, homophobic etc. Call it out, it needs stamping out, it doesn’t belong in infosec or anywhere.
Some of the people I would recommend you follow are: @thecybermentor @LisaForteUK @PhillipWylie @StuHirstInfoSec @UK_Daniel_Card @SeanWrightSec @tazwake @Viking_Sec @hacks4pancakes @Jenny_Radcliffe @ZephrFish