Skip to main content

5 Year Path To Success in InfoSec: The Basics of Becoming an InfoSec Expert in 5 years!


Information security is a very broad field.  No one is an expert in everything (i.e., risk management, application security, security awareness, policy development, etc.) 



How quickly one becomes an expert also depends deeply on how much of a background one has in computer science, information technology, business management, and other related fields. 

So the title is 5 Year Path To Success in InfoSec: The Basics of Becoming an InfoSec Expert in 5 years!

This amazing web cast (TL;DR below) shows you the basics of becoming an expert in 5 years, I recommend you to watch it. But, for the lazy:


tl;dr:
  • Year one: Focus on core concepts (OS, networking, etc)
  • Year two: start projects, learn PowerShell
  • Year three: year of web apps
    • PHP and ASP.Net
    • Develop something
  • Year four: start hacking
    • Learn IDA and Immunity
    • Pick a protocol and dive into it
    • Online challenges
  • Year five: present
    • Take what you've learned and share it, be active in the community
Closing list of "DOs" and "DO NOTs"
DO:
  • Indulge in distractions
  • Stick to my plan
  • Ignore my plan
  • Develop your own plan
  • Get good at just one thing
  • Get a degree
  • Don't get a degree
  • Get certifications
  • Don't get certifications
DO NOT:
  • Sink into video games
  • Waste your time going after epic Pokemon
  • Binge watch shows on Netflix
  • Use Bing for anything
  • Just barely learn Metasploit to impress women/men
  • Spend more time on the hacker "look" than learning
  • Get angry
  • Blame others

Courtesy of  /u/Definitely__Working


Regards,

AZID

Comments

Most Viewed Content:

Final Year Project

I'm in the final semester of my degree and my project is something I've been thinking about for a while. I want to solve a problem, so I formed a team and now the project we are planning on creating is "DDoS Detection". We want to create an app which detects DDoS attacks and stop them live. I haven't really started doing much, but first thing I want to do is get datasets. I will search online for datasets on DDoS attacks. My mentor mentioned that I could create a virtual network in VirtualBox and simulate different types of attacks with some programs I can find online. That sounds pretty interesting and I'm going to do some research and find out if thats something I can do.   2 of my teammates are also helping me write code, we plan on using Python and a machine learning library, mostly Keras, to train the model and learn patterns. Lets see how it goes.

I gave my first talk at a Security Conference

Last month I gave a fun little talk called "Plenty of Phish in the Sea" in my local security conference. It was a fun presentation on how I phished my friends in high school.  I used to make music back in high school and sent a phishing link to 3 of my best friends to my "Soundcloud" and asked them to sign in through their email. I had created a fake domain that copied the Soundcloud login page but the form to submit username and password had a php script that sent the credentials to a txt file I had on the server.  My friends had weird passwords of course, one guy had his girlfriends name, another had his favourite sport mentioned, and another friend literally had his whole phone number as his password.  I made jokes about it and kept the whole tone of the presentation humorous.   This talk wasn't very technical, but it was my first time and this was an actual experience. Hopefully, next time my talk is a technical one, where I teach the audience something I le...

I got a Job as a Security Engineer!

Long time since I wrote a blog post, but things happened. I graduated from University with a degree in Information Science. I interned in 3 different companies since getting certified in CEH and CCNA. I also did huge projects in the final year of college. I had around 200 applications over 2 months and 7 interviews. After being rejected and ghosted numerous times I got a few interviews. 5 of which didn't go so well. Either I wasn't qualified or they didn't think I had enough experience. Fortunately,  the last 2 interviews went extremely well and I got a job offer from BOTH companies! Company 1 is a big Networking company where I where the job was being a part of the Incident Response team and Company 2 is mid-size education software provider. Company 2 had 1 other security person, and I would be person 2, which would have been a great opportunity to learn and grow with. I took a few days and talked to a bunch of people in my family and even posted on Reddit to get advice on...