The following is a list of general security career tips that I provide to a variety of different audiences at different times.
Update your resume monthly (think quality improvements)
Have 2 or 3 versions of your resume
Your search engine resume should be really long. Have a “skills” section at the end for search engine “keyword bingo”
Have a 3-9 page print resume (don’t worry about length)
Have .PDF / .DOC / .TXT versions ready
If you have a website having your resume online is a good thing
Start organizing lists of career goals
Certifications you’d like to have
Technologies you’d like to learn
Projects you’d like to do
Can be anything really, just get these lists going and update them
Create a list of things you love to do. Keep it up to date.
Find causes (anything really) that you care about.
Create a priority list on how you want to spend your time (include non-work things on this) update it often and keep old copies around.
LinkedIn seems to be the job-related social media platform of the moment.
Be VERY aware of the privacy settings on LinkedIn
I recommend avoiding their phone app if you value privacy.
Start looking for mentors
Make sure you don’t limit your career or knowledge to what work or schools teach you. It’s critical that you are constantly investing in your own education (time & money).
Understand that your work or school not only are incapable of predicting technology trends over the next 5-10 year but they are likely to also make some mistakes and send you down the wrong path a time or two. Pay careful attention to what you spend time learning
Worry a lot less about what others think about what you are doing.
Pay attention to who encourages you and who says things that hold you back.
Build your own lab but keep your costs low.
Build your own tools and documents.
Design your own personal knowledge management system (a way for you to store things you learn pong-term).
Understand that it’s more important to be wise than smart.
Plan to spend quality time with your friends and family on a regular basis.
Do read this whole list.
Always prioritize good sleep in your life.
Avoid unhealthy habits & protect your health now (not later).
Consider starting a “consulting company” as an LLC. no matter what age you are
There are many benefits including tax benefits but that’s a long conversation
They may cost a bit of money to start but don’t cost a lot long-term.
Think of it as an additional financial vehicle.
Give yourself a certification and training budget each year. Plan for it.
Teach yourself finance and economics. Managing your money well may provide for really good opportunities in the future. Save for the unknown (good and bad)
Master IPv4 & IPv6 These two technologies will be around longer than most of the other things you are learning.
Pay attention to what skills you learn that will “rot” (Cobol) and fade away vs. those (like math) that will stay around long-term.
Learn about yourself. Do meditation and yoga to learn about your mind and body.
Understand that some teachers are great and others are bad for you. When you are learning something new it’s hard to tell the two apart.
Do projects with others. Don’t worry if they fail you will still learn.
Do some public speaking, at least twice a year (can be anything)(this gets easier the more you do it. Understand that even if you knew everything if you are incapable of communicating anything, then you can’t really provide value.
Communication, of some form, is really important.
Cross-pollinate : Learn about different fields of study
Don’t worry that you can’t consume all the security knowledge out there (no one can but in time you’ll get good at this).
Always aspire to improve.
Getting yourself organized the way YOU want to be organized is huge. You have to do this yourself and help that system “evolve” over time.
If you LOVE a technology let people know about it. This helps you get gigs you love.
Find other people who love what you love & do projects with them
Write more : read “On writing well” by William Zinnser
Rewrite (update your old notes on how to do things from time to time).
In what you produce (including social media comments) focus on quality NOT quantity
Learn graphic design skills when the time is right.
Understand how you spend your time & know what makes you productive.
Avoid unhealthy working conditions. Especially ones that prevent you from sleeping.
Never be afraid to quit a job. Keep money just so you can walk when you want and stay free.
Pay attention to your health and quality of living.
Invest in yourself. Good investments in yourself can pay back in orders of magnitude. Especially when you look at the return over a 10+ year period.
Who are the people who are probably the best in the world at what you want to learn. If you were to Inverse plan what you think their career path was to get there what did they have to learn, do, or be a part of to get where they are. What could they have done better ? What else could have been done that wasn’t attempted ?
A good understanding of statistics is your friend Python and R are also helpful.
Avoid doing things “because that’s the way they’ve always been done” always re-learn what the best way to do something is and if you think it can be done better invent something new.
Find a mentor that you really like & who can challenge you. The reason this is important is you need someone who can tell you which pieces you are missing and prevent you from getting stuck. They can boost your career
Master the art of being self-taught.
Teach your peers. As a team we can learn much more than each of us reinventing the wheel in our learning process.
Understand that Information Security is in its infancy and that it’s going to keep continuously evolving
Learn to keep your mind focused on the highest level of security / highest quality solutions / Most efficient solutions even if the job you are currently working at has you working on something else or culturally isn’t up to the task.
Develop some non-computing non-security hobbies (in addition to your geeky ones). Things like hiking, weight-lifting, woodworking, learning a musical instrument, or any kind of non-technical craft can be a great for your brain and helps prevent burn-out long-term.
Good drawing/whiteboarding skills are really useful don’t underestimate this.
Excellent Visio skills / Word / HTML / 3D modeling / VR …. These amplify your ability to contribute.
Refer your friends to people. Become a “connector” of people for all sorts of things.
Master the basics. People focus too much on wanting to be experts quickly and want to talk like experts about advanced topics but experts don’t skip mastering the basics. This of learning as martial arts & master the basic moves first.
Become a mentor to others on any topic you want.
Be a super dependable friend to those who are close to you.
Pay attention to upcoming technology standards but understand they don’t all make it. Maybe start here https://www.ietf.org/rfc.html
WireShark
TCP/IP
IPTables
Snort and Bro (play with Security Onion)
Basic Routing and Switching (getting a Cisco CCNA would be useful)
Linux
BASH Shell Scripting
RegEx
Python 3 ( Note: Language recommendations change from year to year and if there’s another language that really grabs your attention go for it.)
HTML
CSS
Javascript
Spend a year digging deep into each of the ones above one month at a time.
Note: If you’re looking for more advanced skills than the list above try the following:
Apache Spark
Elk
The economics of security
Really understand PKI
Blockchain based projects
Create your own threat intelligence feed
Understand how geo load balancing DNS works
Master mod_security
Do an IoT project using AWS IoT
Master MetaSploit
Configure web servers that can recover in under a second after a DDoS or DoS attack ends.
Automate removing Known Files from a forensic dump. Ideally automate full processing of an image for certain forensic events.
Run your own web server / harden it / watch the logs / install mod_security / setup and IDS like snort or Bro. Learn how to do packet capture, performance tuning, incident response, and forensics on it.
If you don’t have a linux system at home setup a VM or look into getting a Raspberry PI and setting it up (they are super inexpensive): https://www.raspberrypi.org/products/
Setup a Pi-Hole server (black hole for Internet ads and some malware servers) at home https://pi-hole.net/ Maybe point it to the Quad-9 network when asked.
Setup and get familiar with the tools on Kali https://www.kali.org/
Create a web-scraping tool that does something fun or useful for you.
Watch all the videos on this site: Iron Geek Security Conference Videos
Create a useful, but small, piece of code and post it on GitHub or your own site. Make it public and ask for feedback.
Create a few “on-line” projects of some kind that you can use to show people your skills or interests. Even a blog or web page would work. But be wise about your posts (Note: you can be wise, creative, and fun at the same time.)
I recommend finding a local mentor if you can but I also provide mentoring services for people at all skill-levels. The important thing is to find one you like. Having multiple mentors for different subjects is wise too.