One comment


  • W. Schmidt

    I’m not sure you can “break in” to information security, unless you end up working in forensics or law enforcement directly out of college. In my case I was a network engineer for about five years for a large corporation. I ran into a consultant and helped him with an assessment of our data center, organized our diagrams, explained address schemas, found lost equipment, etc. He recruited me to come work for him when he changed firms a few months later.

    My entire foundation as some one that designed and implemented networks was reversed, and I ended up working doing penetration testing, risk assessments, and various types of IT audits and consulting projects.

    Without the initial industry experience, I’m not sure I would have had a foothold. Although some people can “break” directly into security, the best foundation in my mind is to start learning a normal IT disciplline: development, networking, windows, database administration. From there, learn security as a concept, and from your initial knowledge you’ll at least have something to say about one area of security, and perhaps that’s where you specialize. Since I wasn’t a developer, I’d make a pretty awful application penetration tester, but then again I’d never posit to be one.

    To succeed in a field that is based on deconstruction, try learning to construct something first, then at least you can tell people how to put it back together when you break it.

    July 25, 2014

Leave a comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.