13 Steps to Start your Infosec journey

This first post is a part of a series: Beginners guide to Information Security

This series will help you to kickstart your information security career with insights from experts.

13 Steps to Start your Infosec journey

No matter how you came about information security as a career or how your interests got heightened, the point is you still need a direction to move on to. Many people think that the salary is good enough or joining information security. While some think that jumping into the sector would use the skills and knowledge they own. Regardless of what you think or others contemplate, information security is a long journey. It requires that the person starting now must have a clear mindset and a set of early steps that can help them navigate their way.

You can check out these amazing videos explaining all about Information security;

Don’t worry if you don’t have these early elements now; it would eventually come to you. Either by experience or interacting with people who are already in the business. For instance, many professionals would stress out a newbie to get different certifications. According to them, if a beginner wants a steady salary and a scalable career, then acquiring those certifications is a necessary evil. This is great advice, but unfortunately, those gurus set the bar too high for those who are just starting with information security. Shouldn’t you yourself aim for such higher certifications yourself? The answer is no, not right away; you must learn the basics and then aim for higher difficulty elements.

Acquiring high-end certifications like CISSP (Certified Information Systems Security Professional) are now trending more than ever. And if not CISSP, then CISO (Chief Information Security Officer). These are high-end certifications which need average of 5 years of prior working experience in various domains of information security. Such as networking, security, cloud computing, and various others. And this is the need just to be eligible for the exam. Exam for CISSP is conducted by (ISC)², which is an international test conducting body, and the passing rate is about 70%. Even when you have passed the exam, you would be required to maintain the certification, and that is a costly try. The annual salary for a CISSP professional is about $116000 a year, which is great for someone who has completed their certification and has a job.

That is why the best way to deal with all this and have some genuine guidance is to contact the information security community. Not the information security industry. Because the industry is always going to put their demands before your interests and ambitions. But the community will nurture your needs the best way these could be. Following are 13 steps plan that can help change the experience for anyone starting with information security;

1. Get experience

The simplest way to get experience for InfoSec is to renovate your resume. Experience and skills are required to work within any domain of information security, but still, it is a long shot and requires a steady job to do so. So, if you are already employed, you can reach out to your company’s security department and offer them your help.
Get transferred there or work with the team on a project or two. You will be getting a handful of experience and professional insight from those people, which is great exposure.

What if you are not currently employed, what can you do then? If you are not currently employed, then there still is a way to turn things around, and that is to volunteer to work for free (for some time, maybe a week or two). Many small businesses and start-ups don’t have a security intensive team working 24/7 to secure their network against hackers. You can offer your assistance by offering them cybersecurity tips and suggestions. While also working with them on various security intensive projects.

2. Take control of your self-learning.

There are two ways you can start with things, either you can take the learning in your hands or wait around for someone to point out what to learn for you. Be self-conscious and in control of your learning. Start with simple certifications and online training courses. CompTIA Network+ and CompTIA Security+ are the best certifications for the beginners. You can also turn to online channels such as Udemy, EdX, and Coursera for learning new things about InfoSec. Almost 70% of people enrolled with information security like to hover over these sites for new certifications. The minimum cost for certification could be as low as $100, but for others, not so much.

Further information can be found on this video;

3. Join a group

The obvious thing to do for a beginner is to find their tribe, which means joining an InfoSec group out there and connecting with likeminded people. Do you think joining such groups is absurd? On the contrary, these groups provide you with great opportunities. training but also can help you land a fully paid scholarship for your next certification. You can join something that is formal and small or gets yourself into the big leagues. It will increase your chances of getting professional insight for turning your career around.

4. Set some goals

You have to believe in yourself if you want to achieve something. That is why, instead of being afraid of setting yourself some goals, get a step ahead. Try to set yourself some daily, weekly, monthly, or even long term goals with InfoSec. Be consistent in your work and never give up until you have crossed every goal off of your list.

5. Contribute to an open-source project

Get in contact with OWASP (open web application security project) and help them with an open-source project. You will be getting a handful of experiences here. And also your understanding of engaging yourself with such a massive community would also change. It might take you a few days to weeks to work on such a project but in the end, it would be a great endeavor doe you.

6. Participate in conferences

According to a survey, about 40 million Americans take part in conferences. It is a great way for a beginner to gather experience and be exposed to a like-minded community. Get in contact with a nearby conference, submit your paper for reviews, and put out your skills on display for others. If you think that you are not qualified enough, do it nonetheless. Let the conference reviewers be the judge of that, and instead of backing out, always go all in and participate in such events.


7. Blogging and podcasting

You can always contribute to the InfoSec community by putting out the knowledge that you have acquired over the years. Write blogs on various InfoSec topics or even start a podcast of your own to put the word out. You can have your podcasting initiated at only $200. For the blogging part having a common hosting platform would be enough, to begin with costing you almost $800-1000. There are various topics out there that people want to hear/read about, and you can make that happen.


A brief analogy on how to begin with both can be found on this video;

8. Volunteer

Turn a volunteering experience into a learning opportunity, and get valuable exposure. Put out the skills and knowledge that you possess, and let others see you the way you are. Getting that kind of exposure to InfoSec conferences might be a great practice. Reach out to the conferences that need volunteering and then volunteer yourself. Play the game, be a consistent player, and earn more exposure.

9. Ask for feedback

If you have an InfoSec mentor or are connected with a group of likeminded people working on a project, don’t forget to ask for their feedback about you. This way, you will be able to self-evaluate your goals and test how was your journey like. Also what you can do to improve this experience even more.

10. Share knowledge

Share what you have learned, this is the whole purpose of life in general, but in the case of InfoSec, it could not be more right. You can use various conferences, get together, and other enterprise occasions to speak up. Share your thoughts, insights, and knowledge learned over the years. Sharing a handful of it on your blog or social media websites also serve the same purpose.


11. Track your progress

You need to make sure that you continue tracking your progress, because if you don’t, then how would you ever be able to make sure that you are on the right path. Were you always productive to begin with? There was a time when you didn’t know much about networking. But now you are designing the architect of the networks; these are the small steps, but these should also be noted.

12. Use social media

social media

If you want to develop a professional network, then you have to bring social media into the scenes. Many professionals like to stay low key or anonymous even. That is why the priority of choosing social media is different for different people. About 40-65% of IT professionals believe that joining social media can help them in their cause of reaching out to more people. You can come on Twitter if you like exposure with higher officials of the InfoSec community. Join LinkedIn if you want others to find you, and various other options also exist based on your interest.

13. Surround yourself with motivated people

This is one of the best advice that someone can offer you when it comes to the InfoSec community. Ensure that you are surrounded by smarter people and a lot more motivated than you are. Mentors, colleagues, and people that you interact with daily, people that push you on and on with challenges and riddles. Other people that make you want to be the best version of yourself are the ones you should be around.

This video explains it best;


How did you like all this information shared in this article? Did it help you to start your InfoSec journey, were these tips able to transform your journey? Share your thoughts and provide valuable feedback.