Part 1: The Beginning – My Journey to InfoSec

I would say my journey to becoming an Information Security (InfoSec) professional started when I got my first computer, which was a Windows 95 machine. Back then, all I knew about computers was how to find PBS kids and play games. Notwithstanding, I grew up watching my big brother doing a lot of programming. He had gigabytes of storage filled with books and videos about programming and different programming languages. He was in University at the time, but seeing him build programs got me interested in developing applications of my own.

As time passed, I began learning different programming languages and built programs I could share with friends that would make our lives a bit easier. I remember back in high school; I developed a voice recognition program that could complete small tasks such as shutting down the computer and telling me the time. This program was a noteworthy achievement, as none of my friends understood how I was doing what I was doing, and I felt like a genius. Wanting to re-live that feeling repeatedly, I began developing my programming skills more and more.

In search of knowledge about programming, I came across the terms “hacking”, “cracking”, “hackers” and “crackers”. Based on what I had understood, a hacker is a computer programmer who could manipulate computers to do whatever they wanted them to do, and they are the good guys. Crackers, on the other hand, are the bad guys, and they aim to break into computer systems for personal or financial gain. Armed with this somewhat misguided knowledge, I continued to develop my programming skills so that I could manipulate computers to do whatever I wanted them to do.

As I matured as a programmer in high school, I began to understand how crackers could break into computer systems. By the time I was near graduation, I knew a lot of techniques used by crackers, and I also knew how to mitigate against most of these techniques, and that’s when I started learning secure programming. I wanted the applications I built to be uncrackable! A bold dream at the time, but it caused me to pay attention to how I wrote code. As time went by though, I understood that no computer system or application is entirely uncrackable.

When I started University, I enrolled in the Computing Degree program with my eyes on becoming a Computer Science major and a professional software developer. It was then I began my freelance career as a Software developer, still adhering to and developing secure programming practices. It was during this time I learned that there were three types of hackers, White Hat, Grey Hat, and Black Hat hackers likened to crackers and White Hat hackers being the good guys.

Progressing through University, I continued learning different techniques used by Black Hat hackers. I would usually recreate scenarios in which I could use these techniques in a legal and controlled environment. I needed to understand these techniques so that my applications would not be vulnerable to such methods. As I began sharing my knowledge, I landed my very first job as what I know today as an Incident Response Handler.

The company that hired me was a victim of a security breach, and my job was to find out how the hacker(s) got in and remediate the issues identified. Within minutes of reviewing the affected application, I was able to find out how the hacker(s) got in and was able to remediate the issue and provide recommendations on how to prevent a recurrence of this issue. Now, at the time, I did not know what I did had a whole career path to itself. I relied on my skills as a secure programmer to resolve the issue, which made me think that Software development was indeed the career path I should pursue. That thought, however, would quickly change.

In part two, find out what happened that sparked enlightenment and propelled me into a successful career as an Information Security Professional. Also, feel free to leave comments below highlighting the career field you were in before (if any) becoming a Security Professional. If you are aspiring to become a Security Professional, leave a comment about what sparked your interest.