PART 3: The New Beginning – My Journey to Infosec 1

PART 3: The New Beginning – My Journey to Infosec

As I mentioned in part two of my story, a professor from the University of North Carolina, Chapel Hill, introduced me to the idea of pursuing a career in Security. Returning to Jamaica, I had one goal at the time, and that was to learn all I can about the security field and how I could become employed as a security professional. I started out reading blogs about how others pursued their career in Cybersecurity and information security. I remember a blog article I read where the author spoke about how connecting with professionals already in Cybersecurity on LinkedIn helped him in landing his first job in Cybersecurity. Armed with that knowledge, I immediately revamped my LinkedIn profile.

I joined LinkedIn back in February of 2014. Still, I was not actively using the platform as my first post didn’t come until three years later in October 2017. I wasn’t sure exactly how LinkedIn worked, so I did some research and found a LinkedIn Bootcamp program that I joined. The Bootcamp aimed to help individuals optimize their LinkedIn profile, grow their connections, and develop their brand all through daily and weekly challenges. As I got more and more familiar with LinkedIn, I began connecting with Information Security and Cybersecurity professionals to find out how I could pursue a career in Security.

Directly interacting with individuals who worked in the field on LinkedIn was a significant upgrade from reading blog posts as I got to ask personalized questions based on their responses. The advice I received at the time ranged from learning Linux and Networking to looking at existing job posts and seeing what the requirements were to land a job. While interacting with these professionals on LinkedIn, I kept making posts about Cybersecurity.  These posts were to show my interest in Security and to share the knowledge I already had.

Learning more about how the Information Security and Cybersecurity field operated from professionals on LinkedIn, I began reviewing job descriptions to see what the requirements were to become a security professional. A piece of recurring advice I usually got also from these professionals on LinkedIn was to get certified. While reviewing job descriptions, I immediately saw why this was recurring advice. My initial approach at that time was to identify all the popular certifications and make a list. A list that I will one day begin to check off as soon as I had enough capital to do so. In doing this, however, I realized a pattern in most job descriptions and the certifications they require.

A piece of crucial information the professionals I spoke to on LinkedIn failed to share was the fact that there are many different career paths in Information Security and Cybersecurity. Many of those professionals gave me advice that would help me gain similar positions they are currently in, leaving me clueless to broader possibilities that exist. Nevertheless, reviewing different job descriptions highlighted the different career paths one could pursue in Security. After doing more research, I narrowed down my options to three possible career paths. The three career paths were, becoming a red, blue, or white teamer.

A red teamer operates on the offensive side of Security. Red teamers are ethical hackers or penetration testers whose job is to find security holes that a malicious individual could exploit. A blue teamer, on the other hand, operates on the defensive side of Security. Blue teamers are usually responsible for implementing protective measures to defend against cyber threats but have other responsibilities such as predicting and responding to cyber threats. Finally, white teamers, these individuals usually operate in management, compliance, or logistics. Having this knowledge, I was able to target specific professionals on LinkedIn to find out what it is like working as a member of one of these teams.

Getting firsthand experiences from individuals working in these fields was a significant factor in choosing my path. I decided to pursue the career path of a red teamer with my eyes on one day transitioning to the white team as a technical security manager. With this goal in mind, I began tailoring a list of certifications that I think would help me in achieving my goals. I would then share my goals with other professionals in the field and have them vet my list of certifications to ensure that I’m on the right path. After having a list of certifications, I then created an eight-year timeline in which I aimed to pursue as many certifications on my list as possible.

Remember that panel of judges I mentioned in part two that awarded my team best security research? Well, while I was fine-tuning my list of certifications, one of the panel members contacted me about a job opportunity in the Information Security field. By this time, I was actively sharing my knowledge through posts on LinkedIn. So, I couldn’t tell if this panel member was impressed by the research my team and I presented or by my LinkedIn posts. Nevertheless, I was excited about the opportunity and promptly accepted the offer. The offer came in March, with an official start date in June of that year. This offer came while I was a year and a half away from graduation and while working as a freelance software developer. This gave me around four months to learn all I could about the Information Security field and to start getting my skills and knowledge certified.

In those four months, I invested every dollar I made as a software developer to fund the certification exams and the training material I needed for each certification. I even spent money I got from my parents for school towards this endeavor. It was a rough four months, but while pursuing each certification, I enjoyed the learning experience so much, I didn’t mind the hungry days and sleepless nights I was spending to achieve the goals I set out to accomplish. By the time June came around, and I was to begin working in the Information Security field, I had already earned four industry-recognized certifications. Being hooked on learning new concepts and techniques, while working as an Information Security Consultant, and still attending University, I never stopped pursuing the certifications on my list. It is a challenge, but I’m living proof that it is possible once you have a goal and a deadline in mind. I must say, certifications are certainly not the end all be all and unless required for employment, probably won’t land you a job on their own. Still, they carry much weight in that they are definite resume boosters.

Today, I’m a Senior Information Security Consultant, and a graduate student, still pursuing certifications. Pursuing certifications, However, have taken on a different meaning for me. Yes, I hope they will help me to get to that technical, managerial position one day, and yes, I use them to validate my skills. But what interests me the most about certifications today is that learning process. The simplest of new information each new certification provides continues to blow my mind, and I enjoy those experiences. My advice to those looking to pursue a career in Security is to ask yourself the following questions; what career path in Security do I wish to pursue? What goals do I hope to achieve in my career path? And, when do I hope to accomplish these goals? Having answers to these questions will help you significantly on your journey.  If you are driven and motivated, there is nothing that can stop you from achieving your goals.

I hope you enjoyed reading about my journey to Information Security. To make each post, as short as possible, I left out a few details. For instance, how I was pursuing a career in music performance before ever working as a software developer, and how I almost joined the army to become an officer. Still, those are another story for another time. Feel free to leave your thoughts in the comments below and share this post with those who may have an interest in the Information Security or Cybersecurity field.

5 Comments

  • Thanks for sharing your career path

    For people already in to systems engineer roles ( windows , Linux etc) , is OSCP the right choice of first step to transition to security career as hacking/pentest Etc

    Would appreciate your reply

    Thx

  • I’ve been keeping up with your blog & it’s very wonderful. I’m currently pursuing a degree in computer science and but I’m interested in security. I’ll take all the tips along with me to increase my skills and what I should research for a job in security.

  • I’ve been keeping up with blog post and this was wonderful. I enjoyed your story and it also gave me an eye opener as to what I should look for to peruse a job in security.

  • Hi Lomar,

    As usual a great read. I am currently pursuing the InfoSec field, however, with more focus on IT Compliance. What I would love to know is, where do you do your training, get materials etc to help boost your study and preparation for exams.

    • I prefer using and sticking to the official study material outlined and sometimes provided by the certification body. But websites like Udemy, Pluralsight, and LinkedIn Learning are great alternatives. Also, search out study groups on Facebook and LinkedIn. These groups are usually filled with individuals who have already done the exam or currently preparing for the exam so you can find a lot of useful information there.

Leave a Reply

Your email address will not be published. Required fields are marked *