Are you thinking about getting into information security? It’s a great career with a lot of great perks, but it’s not for everyone! In this article, I share what you should expect if you’re looking to get into the field, and how you can get your foot in the door.
What is information security?
Information security, also known as InfoSec, is the practice of protecting sensitive business information from unauthorized access, use, disclosure, disruption, modification, or destruction. It is concerned with preserving the confidentiality, integrity, and availability of information, no matter what form it takes (even paper records in your company’s filing cabinet!)
Is information security the same as cybersecurity?
Information security is often confused with cybersecurity. While InfoSec falls under the umbrella of cybersecurity, it is specifically concerned with data security. Cybersecurity is a much broader field that encompasses things like the defense of computers, servers, and other devices from cyber attacks.
These fields often overlap due to sharing similar security practices, education pathways, and even career advice!
What sort of person is information security a good fit for?
The field of InfoSec asks for people who are flexible, with an appetite for continuous learning, and the ability to handle nail-biting situations. Information Security careers are for people that appreciate the opportunities it provides; and are interested in improving the world around them – for their families, co-workers, customers, and themselves.
Many of us seek for personal growth and development – to learn new skills, develop creative solutions and solve problems. We seek to become more valuable to society as a whole and more confident of our own self-worth. This motivates us to learn and go beyond just doing repetitive functions – to learn new technologies, learn about the sources of threats, and learn how to use our skills in better, more effective, ways.
What are the benefits of working in information security?
There are a lot of other benefits to becoming a member of the information security team: Money, personnel development, job security, and being able to add value to your employers and society everyday .
One of the advantages of a career in information security is the wide variety of tasks that you will do every day. Rarely are any two days the same. Rarely does a day go according to plan. Instead, there are issues that arise, concerns that need attention, and demands from the business for support or solutions.
Does information security pay well?
There is the opportunity to make a good income in the field of Information Security. This is a
high demand field with many more jobs than there are people to fill those jobs. There are more than a million job openings in this field.
These job opportunities are everywhere, not just in Silicon Valley or a centralized location. They are where you are, and in places you would like to go.
How do I get a job in information security?
To get a job in information security — and be successful in it — you need to do five things: learn, observe, question, volunteer, and be positive. Nobody starts knowing everything about the field, so you need to seize every opportunity you can to absorb the relevant knowledge and apply it.
1. Learn (and keep learning)
If you’re thinking of getting into InfoSec, a great place to start is taking a fundamental course like Pluralsight’s Certified in Cybersecurity or Security Plus courses. These will introduce you to the InfoSec concepts and concepts you need to know, so you can get familiar with the terminology and theory used by people in the field. Learn the basics and soak up as much knowledge as you can!
Listen to others and analyze what they say when it comes to InfoSec. What works and what doesn’t? It’s better to be with the decision makers and strategic planners than the people that are ‘just doing their jobs.’ Make sure to listen and not just try to impress them.
Ask for clarification – make sure you understand what a person is saying and how they are using a term. Questioning alerts people to your interest! They may also be able to give you an example of how the term should be used.
Go beyond the expected norm of action. Be exceptional. There are more opportunities for people that put in extra effort then there are for those that don’t.
5. Be positive.
Find solutions and not just problems. Have a vision and ideas and discuss them in a positive manner – not just complaining. No one wants to attract a complainer to their team!
A security career might be something you add to your current job responsibilities at first, not an entirely new job you go for. Start by trying to integrate the security concepts you are learning about into your work and project meetings. Add value to discussions with management and others that may not really know or appreciate what security even is. Show your new knowledge and ideas!
I’d also recommend following ISACA (The Informations Systems Audit and Control Association), the NIST SP800 series, Pluralsight’s Security articles, and using social media to follow security discussion.
Do I need to come from a security background to work in Information security?
No. Very few people that work in InfoSec come from a security background. They come from IT (systems admins or developers), audit, clerical positions, finance, or other areas of an organization. They often showed an interest in security, and were asked to move into the security field.
I personally came from a background as a developer and then IT audit. The organization asked me to move into information security based on the value of my audit reports. Many people that work in security have had similar experiences.
Many people are afraid of risk or change. They prefer to stay in their comfort zone even though it may not be where they want to be, or it may have limited future opportunities. Sometimes starting a new role may mean stepping out of a comfort zone, taking a chance, and even taking a lower salary for a while. But the opportunities in the field of information security are fantastic. There are areas of specialization such as forensics and investigations, roles such as an analyst or a manager, and responsibilities like security architect or penetration tester.
If you’re someone who loves to learn and solve problems, make a difference, and you’re not allergic to great job perks (who is?), then I’d highly recommend pursuing a career in information security. Come join us! We need you, and look forward to having you as a part of the InfoSec family.
Kickstart your InfoSec journey with a certification
One of the best ways to both learn the basics of Information Security and prove to others you know them is by taking an entry-level certification course. Even if you decide not to sit the exam, it will give you a great feel for what InfoSec is like, and level up your knowledge.
I highly recommend studying to take the (ISC)²® CC℠ (Certified in Cybersecurity) examination, as this covers all the foundational knowledge, skills, and abilities necessary for an entry- or junior-level cybersecurity role, which are also applicable to InfoSec. Pluralsight offers a certification prep course on this that teaches you about security principles, network security, security operations, and many other key concepts.
About the Author
Kevin Henry is a well-known and respected educator and lecturer in the fields of information security and audit. Kevin uses his more than 30 years of practical experience as a network technician, computer programmer, and information systems auditor to deliver outstanding presentations that make each topic interesting, relevant, and useful. Often described by students as “The best instructor I have ever had,” Kevin has the ability to provide quality instruction that engages the audience and provides guidance on how to implement a successful program when they return to their workplace.