Looking back at the beginning of my career in InfoSec, I made a lot of dumb mistakes. I would ask questions that could easily be Googled, I would skip over the fundamentals and go right to the advanced stuff, and I rarely read the manual (aka "RTFM"). Sometimes I find myself doing these things now, but at least I recognize it and work to improve.
Here is some advice I would give to my younger self that I hope someone finds useful:
Computers, networks, and software is complex and no one knows everything. Don't treat your senior team members as if they have all of the answers. When you encounter a problem, spend some time trying to solve it on your own. When that fails, read the manual, and when that fails, Google it. You might be surprised to learn that senior professionals Google everything.
Remember the human. Everyone makes mistakes, everyone has bad days, and everyone forgets things. Don't treat people like robots that should be perfect. This also applies to yourself, leave room for failure and learning.
It's not you versus me, it's you and me versus the problem. It's easy to encounter a problem and present it to someone else to solve, but it is more important that you treat people as if they are on the same team and collaborate on a solution.
Some conversations should not be done through text (email or instant message). It is possible that someone reads your email in a different tone of voice than you intended. When possible, converse through a face to face medium and use email to share supporting information.
As you learn things, take notes as if you will forget everything tomorrow. I like to write documentation because it helps me confirm what I've learned and share it with colleagues, as well as my future self when I forget some of the details.
Don't let perfect be the enemy of good enough for now. It's easy to get stuck trying to perfect something, when sometimes all you need is something that gets the job done for now. It is easier to improve something that already exists.
Don't be overwhelmed by how much you have to learn, take it day by day and follow what interests you. This image is just a sample of the subjects within Cybersecurity, each one can be a specialty on it's own. It is important to keep learning and challenging yourself, but you don't have to know everything. Once you develop a specialty it is relatively easy to move between others.
Security has many specialties |
Learn and respect the fundamentals. On the technical side of Cybersecurity you should know some basics about networking, systems, and coding. You don't have to be an expert at all three, or even know how to code, but the more you learn about these the better off you will be in your career.
Remember "CIA": Confidentiality, Integrity, and Availability. This is another fundamental concept that is at the core of all Cybersecurity careers. Our job is to understand and protect all three. Sometimes that can be as easy as verifying the data is backed up, or that an encrypted protocol is being used for transport.
Try, fail, and repeat until successful. Failure is part of the learning process, and I remember giving up after failing once. Get back on that horse as many times as it takes!
Certifications can be helpful to give you some structured learning, but they alone will not make you successful. You can use certs to confirm your knowledge, improve your resume, or to help you pivot into a new specialty. Everyone learns different and sometimes it's better to learn on your own.
Immerse yourself in the hacker culture and connect with the community. Listen to Darknet Diaries, read /r/netsec, watch Hackers,
follow security professionals on Twitter, Setup a Feedly account to monitor RSS feeds for blogs and news, read popular books (fiction
and non-fiction), go to meetups, join a discord, try HackTheBox, and share
your code or ideas to give back to the community.
Understand the difference between knowledge and experience. It takes time to obtain experience, you cannot rush it. Enjoy the journey!
I think that's enough for now, I'll leave you with some advice from Professor Feynman:
No comments:
Post a Comment