Essential Skills for Breaking into Information Security: Insights from a Hiring Manager
In the ever-evolving landscape of Information Security (InfoSec), the competition is fierce, and standing out among a sea of applicants requires more than just a degree. Recently, I had the opportunity to review around 100 resumes and conduct 30 interviews with candidates sourced from Reddit, all eager to enter this dynamic field. Based on these experiences, I’m excited to share some key insights that could help aspiring professionals enhance their chances of landing a role in InfoSec.
1. Master the Fundamentals of Operating Systems
A solid understanding of operating systems is crucial for anyone looking to excel in InfoSec. Unfortunately, many resumes I reviewed revealed a lack of familiarity with both Linux and Windows environments. Regardless of your focus, whether it’s penetration testing or systems administration, most devices will operate on these systems.
Get hands-on by setting up a few servers on cloud platforms like AWS, Azure, or GCP. Experiment with configuring Windows Server, managing domains, and understanding the nuances of Active Directory. For Linux, focus on managing services, configurations, and log files, as these skills are vital for securing systems. Familiarize yourself with CIS hardening standards and actively try to implement and challenge these practices.
2. Develop Scripting and Coding Skills
Automation is becoming increasingly vital in InfoSec. Skills in scripting languages like Python or PowerShell are a game-changer for efficiency and productivity. In a recent project, we tackled the monumental task of assessing over 30 million vulnerabilities within six months through automation—saving time and resources typically spent on manual effort.
In just a few years, the ability to code may be essential for maintaining a foothold in the industry, so investing time in learning these skills is imperative.
3. Recognize the Diversity in Information Security
While many newcomers associate InfoSec with penetration testing or security operations centers, the reality is that the field encompasses a vast array of positions and specialties. From system deployment to monitoring platforms like Splunk, there is a rich array of opportunities available for those willing to explore them.
Consider getting involved in varied aspects of InfoSec to broaden your skill set and open doors to long-term growth in security architecture and beyond.
4. Cultivate a Passion Project
Entering the InfoSec domain for purely financial reasons may lead to disillusionment. With constant changes and challenges, a genuine passion for the field is essential. Continuous learning and personal projects can
Share this content:
Thank you for sharing this insightful overview based on your extensive experience reviewing resumes and conducting interviews. For candidates looking to strengthen their profiles in the InfoSec field, I recommend focusing on practical hands-on labs—setting up virtual environments using tools like VirtualBox or VMware to simulate different operating systems and network scenarios. This approach can solidify understanding of OS fundamentals and serve as valuable experience during interviews.
Additionally, engaging with platforms like Hack The Box or TryHackMe can provide real-world experience in penetration testing and security assessments, which is highly regarded by hiring managers. Developing scripting skills through small automation projects, such as scanning or log analysis scripts, can make a candidate stand out by demonstrating initiative and technical capability.
Lastly, pursuing certifications like CompTIA Security+, Certified Ethical Hacker (CEH), or OSCP can complement your practical skills and show a committed interest in the field. Remember, a combination of hands-on experience, continuous learning, and genuine passion is key to advancing in InfoSec. If you need further guidance or resources, feel free to ask!