Get Started in the Security Industry

Posted on
Planning, Preparation, and Principles

 

Get started in the Security Industry, What are my first steps?

If you are reading this, you are doing the right type of security digging. You are looking for ways to get started in the security industry. You have a desire to dive deep in the security world. Welcome to the world of chaos, excitement, long hours, uncertain rewards, and overwhelming intensity. The community of professionals who are pushing back against the badness need your help. We need people from all walks of life who love to learn. Today’s security world interconnects with everything and everyone.

Security work is a Thankless job! You need to really want to enter the security field for the right reasons.

One of my great security people, Leong Long (@SingNet) asked me why we’re getting a push back from other parts of the organization. I replied “Security is a dammed if you do and dammed if you don’t” job. If you do your job well, nothing will happen and everyone will ask ‘why is that team wasting so much time?’ Then, when things happen (security incidents will happen), everyone shouts ‘why have you not been doing anything!!!?’” Security is a thankless job. Security is not a role for which executive management is going to constantly praise your accomplishments. Noone in operations like security. Developer dread security reviews as “in the way of innovation.” Security will be a field constantly struggling for resources to get the job done, not enough time in the day to accomplish the job, and an ever changing risk to the organization you are chartered to protect.

 

Add to the thankless environment a security world where everything, everyone and all parts of the world are constantly interconnected. This new world of everyone, everything, and everywhere connected boggles the mind. It means the whole world is interacting with your organization. This requires a rethinking of what it takes to be excellent in security. Today’s security requires practitioners to know all technologies, dive into human physiology, understand all sorts of history, have a good grasp of economics, learn criminology, craft good program management skills, have a good fundamental understanding of data analytics, be able to dissect source code, and have solid ability to quickly understand protocol/signal flow. In essence, “today’s security” is a field that will demand continuous learning. If you dislike learning, then security is NOT your profession.

In addition, Security is a field where teamwork, collaboration, and people skills are critical. Security can never ever be done in a vacuum. It can only be done effectively with other people. There are too many things to know and one cannot be good at everything in security. Teamwork is the key to success in security. Hence, good security people are constantly working on their people skills, their communication skills, and the ability to persuade others to take action. The individual hacker in a hoodie is a myth. The real global cybersecurity power is a group of hundreds of individuals who work in organizations all over the world who are constantly interacting via email, chat, code, phone, social media, 1:1 meetings, and small group side meeting at security conferences. The core theme is people working together to build a “security weave” to trust that then works on pushing back against the badness. Cultivating your social bonds is as important to your security success as the skills, tools, and knowledge.

So if you think security is a good field to get into, take a step back and reflect:

  • It will be a thankless job
  • It will require constant learning in every field
  • It will require intensive people interaction with peers who will be critical to your success.

If these are the things that make you uncomfortable, find a new job to explore. Please read on if you still think the security industry is something you wish to try. Over the next couple of weeks, the blog posts will focus on helping new security professionals explore their journey. These articles will help you Get started in the Security Industry based on the experience of people who have been living, surviing, and coping in this field for +25 years. 

Need Security Advice?

If you find your organization needs help and worry about the FUD from the industry, reach out and ask for help. You can reach me at bgreene@senki.org. Help organizations leverage the talent around them to get started with their security activities. Start with the Operator’s Security Toolkit. It is the no-nonsense security for all Operators. It provides details to help them build more security resilient networks. In the meantime, stay connected to the Senki Community to get updates on new empowerment and security insights. You can sign up to the mailing list for updates here: Stay Connected with Senki’s Updates.