10 things you should know about a career in information security
1. Walk your own path
No one can tell you exactly how to get into the information security field. It's more of a "choose your own adventure" story than a well-defined path. If you consult with professionals working in information security, you're going to learn quickly that few people follow the same path into the industry.
Information security is a more advanced branch of IT. Whichever way you arrive, you need a background of base skills, but because information security has a lot of depth and dimensions, it's less important what that background is. You can come from development, server administration, a computer science degree, or even tech support. Leverage your strengths and experience as they apply to information security.
FREE role-guided training plans
2. It's not easy
This isn't a field for the lazy or unmotivated. You're always going to be pushing yourself, and there isn't a lot of room to get comfortable or complacent. Information security is rapidly evolving, and that's not going to change.
As new threats arise, new preventative measures rise to meet them. Then attackers invent new threats, and the cycle continues. Add in the changes always introduced by new technology, and it's instantly clear why this field is so challenging.
3. That's classified ...
Security clearance is a real thing, and you're going to be working around it for your entire career. It can range from restricting access based on users and groups all the way up to actual government security clearance.
Expect to be thoroughly vetted by companies before being hired, and background checks are standard practice. Once you're hired, you're going work within the confines of security clearance. You won't have access beyond your clearance, and you won't be able to grant access to anyone else beyond their clearance. If something is above your level, you'll need to escalate the issue.
4. Certifications and continued learning are key
The field evolves too rapidly for a degree to stay relevant. You need to take the initiative to continue your education, and certifications help you prove that. A degree can help you get started in your information security career, but it won't carry you through it all.
Certifications and training programs are ideal because they're frequently updated to remain current. They have the added benefit of covering more information in-depth in a shorter span of time. Certifications and training programs cost less than university education and many employers will cover your tuition. Certifications and some training programs have worked for years to build industry recognition, which you will benefit from upon completion.
5. Think outside the box ... actually, there is no box
The bad guys have to be creative and clever, so you need to be too. While there certainly are tried-and-true procedures to follow in the information security world, don't expect every situation to work out the same.
This is an IT field where creativity counts. Information security will keep you on your toes and make you think. Keep an open mind, because sometimes the craziest answer is the correct one.
6. Never underestimate the human element
It's common to underestimate the importance of so-called "soft skills" in the information security industry. There's a very human element to information security that many people don't expect going in.
Primarily, you work to support the people within an organization. You'll need to communicate technical ideas in a way everyone can understand, and you're the person to help them understand what they need to do to protect themselves.
Social engineering is a huge part of information security too. The ability to anticipate and avoid social engineering is a vital skill, and it's your first line of defense. There's a fair amount of psychology involved in understanding both how attackers and potential targets think.
7. Be pragmatic
Always use the best, most efficient, tool for the job. Most people have strong preferences when it comes to technology. It's all usually pretty casual, but that's exactly the kind of thinking that can get in your way in information security.
It helps to be familiar with everything available, and even keep systems ready with as many programs and operating systems as possible. It's part of general preparedness and will help you work quickly and accurately, which can make a huge difference.
8. Everything's connected, everything's at risk
As the network connectivity continues to permeate every aspect of business and life as a whole, the number of devices that could become targets increases exponentially. Be prepared to secure everything. You may land a more traditional position within the industry and only need to work with servers, but you're more likely to find yourself working with a full range of devices.
Mobile devices and the Internet of Things (IoT) are often overlooked in this regard, but attackers are well aware of the potential those devices hold. While it may seem ridiculous for a company to be hacked through their refrigerator, it can happen. This is the new reality security professionals need to contend with.
9. Something will go wrong
It's inevitable. Something will go wrong, and there's a good chance you won't find it until weeks after. Most security breaches aren't detected until well after they occur.
Prepare yourself for the occasional chaos. Prepare ahead of time and know that there's no way to account for everything. Ultimately, it's all a learning experience. Adapt and keep going.
FREE role-guided training plans
10. Information security isn't going anywhere
The field will continue to grow, diversify and increase in complexity as time goes on. As companies become more reliant on technology and more business is conducted online, the amount of threats will increase, as will the demand for information security professionals.
Starting down this path can lead to a lifelong career. There will never be a time in the foreseeable future when information security will not be essential. The presence of network-connected technology practically guarantees it. In fact, demand for trained professionals is only increasing, and projections indicate that the pattern will not change any time soon.
In this Series
- 10 things you should know about a career in information security
- Top-paying cybersecurity jobs and salary trends for 2024
- The importance of IT certifications in boosting your career
- Understanding the role of a network engineer in IT
- The role of the chief information officer (CIO) in cybersecurity
- What is a network engineer and how to become one?
- What does a system administrator do and how to become one?
- Cyber security hiring: Tips and best practices
- Cybersecurity soft skills: Career benefits of public speaking
- CompTIA Data+ certification: Opening doors to new careers
- Surviving cybersecurity burnout: Tips from industry experts
- How to make a mid-career change to cybersecurity
- 7 top security certifications you should have in 2024
- The Changing Role of the Modern SOC
- Discover the top 5 information security management certifications
- CySA+ versus CASP+: Is the CySA+ good enough for a career in cybersecurity?
- The best cybersecurity jobs in 2023: Trends, roles and salaries
- Top 10 penetration testing certifications for security professionals (2023)
- How to land an entry-level cybersecurity job: Essential skills and certifications
- 133 cyber security training courses you can take now — for free
- Breaking down barriers: How to make cybersecurity more inclusive and diverse
- Computer forensics interview questions
- The digital security forensic analyst salary guide
- Applying linguistics to cybersecurity: The journey of Jade Brown, a 2022 Infosec Scholarship winner
- The Path to “Career 4.0”: Amy Bonus leverages humanities, FinTech experience to bring Cybersecurity to the layperson
- Security engineer: Degree vs. certification
- Cybersecurity engineer: CyberSeek
- Infosec Accelerate Scholarship winner highlights essential qualities of a successful cybersecurity professional
- Career skills, imposter syndrome and intelligence-led pentesting | From the Cyber Work desk
- Cloud security engineer interview questions and answers
- Prior preparation results in a big payoff for Jason Mondragon, an Army veteran transitioning into cybersecurity
- Infosec scholarship winner Kandice Kucharczyk salutes her mentors as she sets her sights high
- Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2023]
- How VetsInTech and Infosec Laid the Path to Gaurav Panta’s New IT Career
- Infosec 2022 scholarship winner Anthony Torres: Bringing the Marine Corps ethos to the cyber domain
- Infosec Scholarship winner Chris Chisholm knows the power of service and diversity in cybersecurity
- Betta Lyon Delsordo, Infosec scholarship 2022 winner, is a true life-long learner
- A veteran transitions from military medical logistics to multi-national security analyst
- An Army National Guard member fast tracks his cybersecurity career transition with VetsinTech
- How a career harnessing Navy nuclear energy can power a transition to a Security+ certification
- What is a cloud administrator? Essential roles and skills
- Security control mapping: Connecting MITRE ATT&CK to NIST 800-53
- Should you take the CCSP/SSCP before the CISSP? [updated 2022]
- ISC2 certifications: The ultimate guide [updated 2022]
- CCSP vs. Cloud+ [updated 2022]
- Data architect: The ultimate career guide
- The ultimate guide to ISACA certifications: Overview & career paths [updated 2022]
- I failed IAPP’s CIPP/C certification. Here’s how I recovered
- How learning to be "Always Flexible" helped a Marine in earning the Security+ certification
- How to learn and pass your next certification exam
- Mission accomplished: How one army veteran turned neurobiologist moved into cybersecurity
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Professional development
Professional development
Professional development
Professional development
The role of the chief information officer (CIO) in cybersecurity