A lot of people ask “How do I get into infosec?” but that is a tough question to answer. There is not one path to follow and there is not one destination either. However if you ask anyone who’s already in the position you’re searching for. A common theme arises, that is years of experience or thousands of dollars for training. Until you’re able to join a company to pay for that training. I have some tips that could help start your experience. This is my story of how I got to where I am today.

To get started just take the first step. All you need is a drive to get where you want to go. There will always be a need to learn something more but don’t let that discourage you. A prerequisite can not be big enough to stop you from starting.

Besides having the will to start, the best way to get into infosec is to surround yourself with people who can help you, and help them. One of the best ways to do this is by attending local conferences and talking to people. Hear about their experiences, see how their situation could be similar to yours. You will get a lot farther asking people how you can help them instead of asking for their help first.

My story

Back when I first started blogging for a college class, I wrote a few paragraphs on why I wanted to have a career in IT and infosec, but not how. Movies, career classes, etc all had my interest held tightly.

After graduating from high school I went to college for Computer Science. It was your typical “learn to program” curriculum with basics in object oriented programming and mathematics. I failed at calculus and ended up messing up my GPA pretty badly. The College of Engineering had a high requirement which forced me to change majors and the College of Communication Arts had a program for web design. I followed that path while being able to use my engineering credits to get a minor in Computer Science.

While classes and clubs taught me a lot at college, my biggest source of experience was my student job at Matrix. I worked as a web developer on campus and worked to upgrade websites. I spent three years learning about websites, servers, and databases. I didn’t have any experience “in the field” before this job. Putting in the hours at work, asking questions, and working with peers was the best thing that happened to my career while I was at college.

One day, my boss told us about a hacker posting our users database on pastebin. I was launched into the world of web vulnerabilities and securing websites. My mindset started to shift from “make it work” to “make it work securely”. Instead of looking at w3schools to learn web basics, I started looking at OWASP’s documents on testing and defending against web vulnerabilities.

Similar to my student job, I got an internship doing web development at Vertafore and I spent two summers as a developer. During my second summer, the interns had an innovation challenge where the team I was on suggested some new security standards for the company. Once I started working part time during my senior year, I joined a two man security team.

In conclusion

When I started, I was learning basic logic with python. I didn’t know what linux was or knew anything about networking. I went to college because that was my plan after high school.

Everything else that happened to me, can happen to you. There are online courses to get familiar with websites, coding, or IT in general. The third tip I want to share is to put yourself into a security mindset. To get into infosec, whether you’re looking for a new job or love the career you have. All you have to do is share that passion with those around you. Document your thoughts. Talk to your manager about your interests. Bring up questions at meetings like “who has keys to the main office?” or “Do we scan our products for vulnerabilities?”. These will show people you’re truly interested, and could open doors you would never expect to find.