Professional development

10 things you should know about a career in information security

Nick Congleton
August 5, 2021 by
Nick Congleton

1. Walk your own path

No one can tell you exactly how to get into the information security field. It's more of a "choose your own adventure" story than a well-defined path. If you consult with professionals working in information security, you're going to learn quickly that few people follow the same path into the industry.

Information security is a more advanced branch of IT. Whichever way you arrive, you need a background of base skills, but because information security has a lot of depth and dimensions, it's less important what that background is. You can come from development, server administration, a computer science degree, or even tech support. Leverage your strengths and experience as they apply to information security.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

2. It's not easy

This isn't a field for the lazy or unmotivated. You're always going to be pushing yourself, and there isn't a lot of room to get comfortable or complacent. Information security is rapidly evolving, and that's not going to change.

As new threats arise, new preventative measures rise to meet them. Then attackers invent new threats, and the cycle continues. Add in the changes always introduced by new technology, and it's instantly clear why this field is so challenging.

3. That's classified ...

Security clearance is a real thing, and you're going to be working around it for your entire career. It can range from restricting access based on users and groups all the way up to actual government security clearance.

Expect to be thoroughly vetted by companies before being hired, and background checks are standard practice. Once you're hired, you're going work within the confines of security clearance. You won't have access beyond your clearance, and you won't be able to grant access to anyone else beyond their clearance. If something is above your level, you'll need to escalate the issue.

4. Certifications and continued learning are key

The field evolves too rapidly for a degree to stay relevant. You need to take the initiative to continue your education, and certifications help you prove that. A degree can help you get started in your information security career, but it won't carry you through it all.

Certifications and training programs are ideal because they're frequently updated to remain current. They have the added benefit of covering more information in-depth in a shorter span of time. Certifications and training programs cost less than university education and many employers will cover your tuition. Certifications and some training programs have worked for years to build industry recognition, which you will benefit from upon completion.

5. Think outside the box ... actually, there is no box

The bad guys have to be creative and clever, so you need to be too. While there certainly are tried-and-true procedures to follow in the information security world, don't expect every situation to work out the same.

This is an IT field where creativity counts. Information security will keep you on your toes and make you think. Keep an open mind, because sometimes the craziest answer is the correct one.

6. Never underestimate the human element

It's common to underestimate the importance of so-called "soft skills" in the information security industry. There's a very human element to information security that many people don't expect going in.

Primarily, you work to support the people within an organization. You'll need to communicate technical ideas in a way everyone can understand, and you're the person to help them understand what they need to do to protect themselves.

Social engineering is a huge part of information security too. The ability to anticipate and avoid social engineering is a vital skill, and it's your first line of defense. There's a fair amount of psychology involved in understanding both how attackers and potential targets think.

7. Be pragmatic

Always use the best, most efficient, tool for the job. Most people have strong preferences when it comes to technology. It's all usually pretty casual, but that's exactly the kind of thinking that can get in your way in information security.

It helps to be familiar with everything available, and even keep systems ready with as many programs and operating systems as possible. It's part of general preparedness and will help you work quickly and accurately, which can make a huge difference.

8. Everything's connected, everything's at risk

As the network connectivity continues to permeate every aspect of business and life as a whole, the number of devices that could become targets increases exponentially. Be prepared to secure everything. You may land a more traditional position within the industry and only need to work with servers, but you're more likely to find yourself working with a full range of devices.

Mobile devices and the Internet of Things (IoT) are often overlooked in this regard, but attackers are well aware of the potential those devices hold. While it may seem ridiculous for a company to be hacked through their refrigerator, it can happen. This is the new reality security professionals need to contend with.

9. Something will go wrong

It's inevitable. Something will go wrong, and there's a good chance you won't find it until weeks after. Most security breaches aren't detected until well after they occur.

Prepare yourself for the occasional chaos. Prepare ahead of time and know that there's no way to account for everything. Ultimately, it's all a learning experience. Adapt and keep going.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

10. Information security isn't going anywhere

The field will continue to grow, diversify and increase in complexity as time goes on. As companies become more reliant on technology and more business is conducted online, the amount of threats will increase, as will the demand for information security professionals.

Starting down this path can lead to a lifelong career. There will never be a time in the foreseeable future when information security will not be essential. The presence of network-connected technology practically guarantees it. In fact, demand for trained professionals is only increasing, and projections indicate that the pattern will not change any time soon.

Nick Congleton
Nick Congleton

Nick is a freelance tech blogger who specializes in topics of security and open source software. He has a passion for technology and looks to make tech more accessible for everyone.