After the session, I decided to put together a collection of the highlights I felt were most valuable. For those looking to enter the infosec field, I’m hopeful these 9 guiding tips from our infosec pros will be beneficial for you!
1.) Gain as much real life experience as you can
“In IT your best route for figuring everything out is hands-on. This is why involvement in extracurricular activities and getting actual work in the field is so important. When I was at Baldwin Wallace, I was involved in CCDC, which includes a scenario where the blue team keeps the red team out. There’s the NCL, which is capture the flag-esque stuff. Also, setting up a home lab, working with pfSense, learning basic networking, and interning somewhere in college are all good things to do.” -Kurt Wolfe, Security Analyst II
“Find a way to make yourself stand out to other people. Put in effort outside of the school curriculum. You absolutely need to do that. The first thing we look at when interviewing someone is their resume, and finding things to put on there to show that you’re not just going to college because your parents told you too, but outside of that is a good thing. Getting certifications is very important, and internships. It’s how you distinguish yourself and how you get ahead, that’s what will make employers want you. The real world experience is what it comes down to.” -Nick Bertram, Splunk Team Lead
2.) Learn, learn, learn, and learn some more
“Be willing to learn new stuff and understand that things are going to change. What you’re learning now is likely not going to be relevant or anywhere close to what it’s going to be when you’re actually looking for a job. Be prepared to learn and figure out how you learn best.” -Tom Kopchak, Director of Technical Operations
“Although you may be dead set on doing red team, say a company is offering blue team experience, being open-minded and having a willingness to learn is going to give you the opportunity to find a whole side of knowledge you might not have even though about. In the end, this will help direct you to where you want to go even if it’s not what you initially thought.” -Kurt Wolfe, Security Analyst II
3.) Realize there are many interrelated concepts in this field
“When you read a book and think it’s out of date, it’s still something that will be beneficial to you even if it’s two or more years down the road. As you become familiar with the different concepts you will start to see similarities and that a lot of them are intertwined. So, even if a concept comes up that you don’t know about, you’ll have a better idea of being able to grasp it and know how it works. It’s all part of a foundation for you to build upon.” -Roxy, Vulnerability Management Service Architect
“In red team and pen testing everything is important. You have to learn how everything goes together – from the programming, to how services run on servers, to configurations, to networks, to ports, all of it connects together. So, learn as much as you can.” -Chandler Emhoff, Penetration Tester
“The thought process for red team and blue team is similar. In order to secure something, you have to know how someone is going to go about breaking into it. So, thinking of what someone is going to do is going to better enable you to protect it.” -Tom Kopchak, Director of Technical Operations
“Working on more broad certifications helped me get a solid base of knowledge. It did expose me to lots of different vendors, but helped me narrow things down as well. With some of the legacy issues and threats, there are a lot of companies that are still running XP, and that are still running 2003, and older legacy systems. Just because Company A may be up to date, doesn’t mean Company B is. It can be overwhelming, but if you take bites out of it and narrow your scope, you can do things so you’re not as overwhelmed.” -John Diez, Security Analyst I
4.) Find a balance between soft and technical skills
“There are all different levels of understanding, whether it’s the very deeply technical people on your security team to customers who may not be as technical. This makes it so important to not only have the tech skills but to also be able to use the ‘soft’ skills – the communication skills – so that everyone can be on the same page.” -Kelsey Clark, Marketing Director
“It’s so important to have a good balance of technical skills and ‘soft’ skills. You can be successful in this field being extremely technical, but I think you can go farther if you can balance the two. The ability to communicate with one another, get your point across, work with a wide variety of individuals, and being open to different thoughts and views plays a role in IT in general, and really any job.” -Kurt Wolfe, Security Analyst II
5.) Take enjoyment in puzzles and problem-solving
“A piece of advice I have is to find something you love about your job or your future profession and try to always keep that in sight. For me, the thing I love about cybersecurity is that it’s like a puzzle and you’re always solving little pieces of it every single day. Loving what you do is what keeps you going.” -Nathan Burrows, Splunk Administrator
“There are going to be days where you’re facing a tough problem and you might feel stupid because you don’t know how to figure it out. Don’t be afraid to Google, we use Google a lot here. There are so many free resources out there that are available to you. I would say subscribe to different cybersecurity news feeds, our Twitter is a good one, Kelsey posts some really good information on there. And find local groups and even groups online that are cybersecurity related and put yourself in those networks of people. ” -Security Analyst
6.) Keep in mind: there will be challenges, but the work is rewarding
“Security is such a huge field. Sometimes there’s ambiguity and there’s just so much going on. But even though there are the challenges of ambiguous problems, imperfect solutions, real threats, etc. there are very definitely rewards and the positives of good work.” -Kelsey Clark, Marketing Director
“The companies that we help with finding vulnerabilities and making them more secure – we are helping them do good and protect themselves. So, with the work we’re doing, they’re better for it. Being able to do what it takes to help them is the reward.” -Chandler Emhoff, Penetration Tester
7.) Embrace failure as a part of growth
“Mistakes and failure are all a part of learning and growth. Potato Chips, Post-It notes, Silly Putty those were all made from mistakes. It takes a certain level of thick skin and bravery to really thrive in this industry. You have to figure out how to roll with it, but it’s awesome when you can get in that flow where you can brush the mistakes off and take them in stride.” -Kelsey Clark, Marketing Director
“You’re going to make mistakes and you’re going to make a lot of them. It’s the best learning tool. Networking with other people is also good – understanding the direction they’re going and what they’re pursuing. Asking questions is another one, especially within conversations with other people who share your same interests.” –John Diez, Security Analyst I
8.) Make sure to take care of yourself
“When you work in this field it’s easy to not take care of yourself – mentally, physically, spiritually – so make sure you do that stuff. Be active, eat kind of healthy, make sure you sleep. All of this will directly impact your job. When you’re young you can do anything you want and you still feel great the next day. But you will get to a point where that stops suddenly, and you go, ‘Oh man, what happened?’ You’ll wake up some days and you won’t feel very good, and if you don’t feel good you won’t perform well, which will affect other people around you because that aura resonates from you. So, it’s important to take care of yourself.” -Nick Bertram, Splunk Team Lead
9.) Understand no one’s an expert
“One of the most critical things is realizing how important listening is. Taking a step back to really listen to what someone is explaining will definitely help you. When you’re asking a question, don’t just do that so you can then further what your thoughts are. You will take in a lot more information when you listen and learn from others.” -Kurt Wolfe, Security Analyst II
“You will never learn everything or be completely caught up. You don’t have to be, you don’t have to know everything. The field is too broad to know everything. One of the best ways to keep up is whenever someone is talking about something that you don’t know about or understand, ask them about it and they will explain it to you.” -Roxy, Vulnerability Management Service Architect
“We steer clear of the term expert, because you can’t know everything. It’s better when you’re not the smartest person in the room, because they know something you don’t and you have the ability to empower them by asking them more about it. So, it’s definitely power by team and power by collaboration.” -Kelsey Clark, Marketing Director
Thanks to those who help others succeed!
Student Q&A sessions are one of many ways we can help others. We want to see people succeed and have the opportunity to grow and do their best, and we encourage others to do the same.
Huge thanks to Steven, Luvirt, and companies like Hurricane Labs who are willing to dedicate time and energy to helping others in our community!