Information Security Senior Associate
Institutional Shareholder Services
What is working in the field of information security like?
Infosec is diverse, professionals can have a variety of roles:
Scanning live network infrastructure for vulnerabilities, Tenable is a free tool used for this.
Penetration testing, which can involve hiring 3rd party consultants who test your infrastructure for vulnerabilities and report their findings.
Infrastructure hardening, which can be done via internal/external auditing following standards like the SOC 2 framework.
Incident response, Backdoors & Breaches is a game that can teach you some exercises.
Professionals can expect to work with everyone: development, engineering, client engagement, legal, and even c-suite executives. It's vital to develop communication skills. One good way to practice is by working with a lot of different groups. While in a group, try to understand how to identify and communicate with different audiences.
Cybersecurity work can be stressful, being adaptable and open to dealing with anything is vital. Professionals who remain calm under pressure, have critical thinking skills, and are able to collaborate with other team members to work out solutions will be the most successful.
What is a good way to start in this industry?
One way is by building your own home lab. You don't need expensive hardware, if you have a laptop you can set up some virtual machines and start attacking it with penetration testing software like Metasploit. Don't just pay good attention in your networking fundamentals class, start doing networking yourself.
Learn some coding, even a basic understanding of how code works goes a long way.
Talk to your peers and network, because knowing the right person can open a lot of doors.
Learn other operating systems, if you only have experience with Windows, learn Linux and MacOS.
Attend conferences and webinars, especially now when so much has gone virtual, you can find major events that have become free to attend.
Black Hills Infosec is a great source for free online events.
Active Countermeasures routinely posts free webcasts.
Wild West Hackin' Fest has an active blog featuring recordings of their events.
What are some useful certifications to start with?
CompTIA's A+ certification is the basic entry-level IT cert that employers look for.
The CISSP is a cybersecurity-focused certification.
The CISM is a management track certification mixed with security.
Where can I find more information security resources?
Join the MIS Society and visit our resources channel on Microsoft Teams!