Skip to main content

5 Year Path To Success in InfoSec: The Basics of Becoming an InfoSec Expert in 5 years!


Information security is a very broad field.  No one is an expert in everything (i.e., risk management, application security, security awareness, policy development, etc.) 



How quickly one becomes an expert also depends deeply on how much of a background one has in computer science, information technology, business management, and other related fields. 

So the title is 5 Year Path To Success in InfoSec: The Basics of Becoming an InfoSec Expert in 5 years!

This amazing web cast (TL;DR below) shows you the basics of becoming an expert in 5 years, I recommend you to watch it. But, for the lazy:


tl;dr:
  • Year one: Focus on core concepts (OS, networking, etc)
  • Year two: start projects, learn PowerShell
  • Year three: year of web apps
    • PHP and ASP.Net
    • Develop something
  • Year four: start hacking
    • Learn IDA and Immunity
    • Pick a protocol and dive into it
    • Online challenges
  • Year five: present
    • Take what you've learned and share it, be active in the community
Closing list of "DOs" and "DO NOTs"
DO:
  • Indulge in distractions
  • Stick to my plan
  • Ignore my plan
  • Develop your own plan
  • Get good at just one thing
  • Get a degree
  • Don't get a degree
  • Get certifications
  • Don't get certifications
DO NOT:
  • Sink into video games
  • Waste your time going after epic Pokemon
  • Binge watch shows on Netflix
  • Use Bing for anything
  • Just barely learn Metasploit to impress women/men
  • Spend more time on the hacker "look" than learning
  • Get angry
  • Blame others

Courtesy of  /u/Definitely__Working


Regards,

AZID
Labels:

Comments

Post a Comment

Most Viewed Content:

I wrote a Password Wordlist Generator in Python

As I am getting experience and writing simple programs in Python, I wanted to write a "hacking" related program. Not too hard, but not too simple. PasswordListGenerator I think I got the idea from watching a Mr Robot episode, Elliot creates a wordlist for cracking passwords. This gave me an idea and I thought I would do this! So I searched for similar programs to see if something like this existed and I found CUPP and BEWGor. These are absolutely beautiful. They are well written and provide many operations and options for creating a wordlist.   I took the idea of how these programs worked to create the wordlist and applied my version to do the same. Yes, it is not an original idea, but it is my implementation. I have to agree, the best way to get better at a programming language is to do a project. I posted a small GIF showing how the program works on Reddit and it got a good amount of reactions. Turns out, people actually give great advice and mot...
Post a Comment
Read more

Best Reddit Subreddits for Cybersecurity and Hacking!

Reddit is a very useful website for discussions about everything. For cybersecurity and hacking too, it has useful subreddits, in which, you will learn a lot of things you previously had no knowledge of. So, I have compiled a list of security related subreddits. 1. Active and Most helpful subreddits: /r/netsec /r/AskNetsec /r/netsecstudents These three are pretty much it. They have very active communities and are very helpful. I, personally use  /r/netsecstudents a lot because I'm still in the process of learning and that subreddit(if you look properly) will tell you how to make a career in every security field. 2. Security Certification Subreddits: r/CompTIA (for Security+) r/ccna (for CCNA and CCNA Security, also r/ccnp for CCNP) r/CEH (for CEH) r/cissp (Certified Information Systems Security Professional) r/oscp (Offensive Security Certified Professional) Really helpful if you're doing any of these Certs. 3. Other...
Post a Comment
Read more

I gave my first talk at a Security Conference

Last month I gave a fun little talk called "Plenty of Phish in the Sea" in my local security conference. It was a fun presentation on how I phished my friends in high school.  I used to make music back in high school and sent a phishing link to 3 of my best friends to my "Soundcloud" and asked them to sign in through their email. I had created a fake domain that copied the Soundcloud login page but the form to submit username and password had a php script that sent the credentials to a txt file I had on the server.  My friends had weird passwords of course, one guy had his girlfriends name, another had his favourite sport mentioned, and another friend literally had his whole phone number as his password.  I made jokes about it and kept the whole tone of the presentation humorous.   This talk wasn't very technical, but it was my first time and this was an actual experience. Hopefully, next time my talk is a technical one, where I teach the audience something I le...
Post a Comment
Read more