We had a large turn out of seasoned and aspiring security professionals at the RISE Open Floor meeting this month. Thank you to all who attended and provided questions or personal experiences for the discussion. Special thanks to our hosts, ECPI University, and to TEKsystems for sponsoring pizza for the event!
A few highlights from the discussion:
InfoSec Basics: Understanding the 20 Critical Security Controls is a great first step in the field. Figure out what area of the field interests you and start focusing on skills in that area. Blue Team and Red Team skill sets can be quite different.
Job Interviews: Don’t stress over meeting all requirements in a job listing. Many times these are over-specified. Your resume should only list skills in which you have experience – don’t pad with fluff. Be honest and show you are knowledgeable in your areas of experience and capable of learning those you haven’t done yet. Don’t be discouraged if you don’t land a job in a few interviews. The area can be competitive and persistence will pay off.
Breaking into the field: People of all ages have moved into the field – whether their first job or transitioning from another field. Be curious and use the many tools available on the Internet to learn and build knowledge. If moving from another field, be open to accepting lower-level positions as you build your skills and show your capabilities. In the end you should pursue a position/field that interests you and inspires you to continue learning.
Key Tools: Some great tools (most free!) used in the field
Kali Linux – a security-oriented Linux distribution loaded with common and powerful tools
John the Ripper – Popular password cracking utility
Wireshark – “The” tool for packet capture and analysis
Metasploit – Popular penetration testing framework
WebGoat – Free, deliberately-insecure web application by OWASP for learning web exploitation and mitigation.