Thursday, January 14, 2016

Breaking Into Security: A Compendium

Like most Information Security practitioners, I am frequently contacted for advice on breaking into this industry.  Rather than write yet another blog post on the subject, I thought it would be more beneficial to collect a variety of quality posts covering different aspects of the industry and provide them as a quick an easy reference.

In reverse chronological order:

Starting an InfoSec Career – The Megamix   Lesley Carhart (@hacks4pancakes)
If you have no idea where to start then begin here.  Hacks4pancakes has done an amazing job and her "Megamix" is probably the most comprehensive series of articles on breaking into security.
How to become a pentester   Peter Van Eeckhoutte (@corelanc0d3r)
Corelanc0d3r is the go-to guy for training when it comes to exploit development.  He has written an extensive post covering time, effort, and the general mind set of a pentester.  He also provides links to resources and a list of companies willing to hire inexperienced pentesters.
20 of the Most Misguided Beliefs About InfoSec   David Spark (@dspark)
While this is not technically a "how to break into security" post it does debunk a lot of common misconceptions about security which can be just as valuable when starting your career in InfoSec.  
Answers on how to get started in Security   Chris Gates (@carnal0wnage)
Chris provides sound advice on getting started in pentesting, but the best part of this post is the list of book recommendations sorted by area of focus (pentesting, netsec, webappsec, social engineering and physsec/redteam)
Finding And Using A Mentor   Wolf Goerlich (@jwgoerlich)
In Wolf's blog post he expands upon a recent Forbes article on mentorship and provides the InfoSec perspective on finding and benefiting from a mentor.  He's also recently posted a Career Advice Video (avalable here).
How to Build a Successful Information Security Career   Daniel Miessler (@DanielMiessler)
Dan's post includes the usual advise for starting out but also addresses the areas in which you will need to grow as your career progresses.
Education & InfoSec   Steven Maske [me] (@ITSecurity)
This was my personal take on all the different ways you can learn our trade.
Hack the Hustle! [Video]   Eve Adams (@HackerHuntress)
Think you know how to write an InfoSec resume?  Are you sure?  Find out from a respected technical recruiter who understands the needs of our industry.

Thoughts On Being Asked “How Do I Get Into INFOSEC?”   Scot Terban (@Krypt3ia)
A (surprisingly calm) reality check from my favorite security curmudgeon.  Read this for an idea of the expectations that you will face IRL. TL;DR: InfoSec is not for those without dedication. 
How To Break Into Security   Brian Krebs (@briankrebs)
If you don't know who Brian Krebs is, you will.  He is one of the more well known reporters in our industry and his site, Krebs on Security is one of the few InfoSec news sources that is read by people outside of our industry. Back in 2012 he conducted a series of interviews on how to break into security.