How I got into InfoSec
How I got into InfoSec
The purpose of this blog post is to explain in a bit of detail my overall Information Technology journey and how it led me to my first security role. This will be a longer post because I think it’s important for readers to know that me entering security, although seemingly traditional in nature was not fast and it was not pinpointed by one thing. Everyone’s journey will be different and there are certain moments that can lead or deter you from getting into security. I hope that me sharing my experience will give those still trying to get in some context on how things could turn out for them.
I have always been interested in technology since as long as I can remember. It seemed valuable enough to make life easier for people which fascinated me. My mother came home one day with a computer intended for work and it changed my life. Many other technical professionals I’ve heard from, took things apart and put them together. I was more focused on the capabilities of the different software installed on computers & the internet connectivity along with it. I always found myself getting viruses on my home computer from open source software and my curiosity kept repeating this process to learn. This taught me about viruses, networks, incident response, backup & recovery, and general computer security. My family members began to take notice in this and designated me as the “tech support” purpose person to fix things when they were broken.
I was also a heavy gamer and spent many hours learning the ins and outs of any game. My favorite things to research were cheat codes which were intentional and unintentional exploits in a game’s software. I learned how to critically think about things and use problem-solving skills. If there was a barrier in the game, there was always a way around it.
Overall, these experiences helped me to persevere in situations that gave me struggles and learned to break problems into smaller chunks.
Education was always a big part of my upbringing and it was taught to me it was the “key” to success. I knew that I wanted to pursue college as I would be one of the first males in my immediate family to go. Unfortunately, I was an awful student. The structure of the academic system I was in most of my life didn’t sync with the way I thought so I struggled most of my academic life. Throughout this time, I still found my tech-centered learning to happen mostly outside of the classroom at home or in libraries. Fueled by my curiosity for how making life easier through tech, I entered college with a focus on Computer Science (CS) as a major. For most of my time I still struggled with instructors, content format, and grades which resulted in changing my major to Computer Information Systems (CIS).
I had been curious about information security (InfoSec) the whole time I was in college, but it wasn’t until I had a classroom visitor who quite frankly, looked like me and was active in the industry that I made the full commitment to getting into the industry. Having representation really motivated me to not give up after having a discouraging academic career. It wasn’t until I began approaching my senior year that I learned how to teach myself in a certain way. I graduated college with a grade point average (GPA) around 1.69 knowing that I gained a good foundational education and most importantly learned how to teach myself and practice concepts outside of what is given to me in the classroom. My GPA kept me from all available internship opportunities that I could find so I decided to relocate for better opportunities which led me into my master’s degree program.
I entered this program with a more goal-mindset as I had already experienced the struggles with looking for job opportunities post-graduation. I worked full time my entire university experience and still wanted to learn, make more connections, and above all leave the institution with multiple job offers. The program taught me about how broad the security field is and helped me develop project management & technical skills. I was able to do more security centered projects in an environment with supportive teachers, industry professionals, and classmates.
All my university experiences are invaluable and apart of what got me into InfoSec.
After Highschool I always strived to work at a job surrounding tech whether it be retail, tech support, or volunteering to work on people’s defective devices. I primarily worked in mobile wireless industry for years where I learned about networking, mobile operating systems, tearing apart, and repairing devices. I also gained most of my soft skills in consulting, technical support, and sales. After I relocated, a year later I received my first primary technical position for a company that offered software solutions.
I applied to that job on indeed.com after applying for 150+ jobs with no traction. I was not hopeful that this one would work out and didn’t put much effort into the application. I was going through a big slump and depression was setting in as I started to question my self-worth over me not meeting the goals I wanted by a certain age. After revising my resume for the final time, I half-heartedly reviewed it and therefore didn’t notice my contact number had a typo. 3 months later, I received an email from someone within the office asking if I was still interested in the position. Realizing my mistaken contact information, I replied and went through a series of interviews (1 phone, 2 panel, and 1 coding) until I was eventually offered the position.
I learned a bit more about my own hiring process and how unconventional it was compared to others in the company. This round of interviews was done with less input from the staffing agency and with more local managers. With the different perspectives that it gave combined with reviewing all the resumes submitted, the applicant pool was extremely diverse. I ended up being one of the chosen to join the team for many different reasons. The feedback I was given was that I explained my thought process clearly, confidently (whether wrong or right), and was perceived well by the team. I later asked the team if I was the most technical or experienced out of the applicants and I was told no.
This is when my career really took off in my opinion. I finally was exposed to multiple professionals in the field through my different project teams, client environments and professional meetups.
Getting My first security role
After gaining what I thought was solid experience, I felt more confident about being able to move into the InfoSec. I want to add that I never stopped applying for security roles inside the organization as well as externally. I believed that to be in the best position for professional career, I needed to strategically place myself in the right situation for an opportunity to be available for someone like me. While working and finishing up my master’s program I applied to jobs I found aligned with what I had been working on and used LinkedIn HEAVILY to start making connections with recruiters, security professionals, and students like myself to gain as much insight as I could. This gave me a better understanding on the security industry pros and cons that helped me tailor my searches and approach. I began asking others to explain the job they do and discuss ways I can create weekend side projects that I could leverage as experience on my resumes. Some people would gladly help, others would never respond. I was persistent or dare I say relentless in making myself as desirable as I can.
It took the kindness of one completely virtual professional connection who happened to be a former recruiter at a large company to reach back out and begin offering some assistance. This person reached out to their network to put me in front of recruiters at different companies for some security roles. After a few more months and many interviews that didn’t work out, one opportunity was presented to me by that same connection. During that interview process, after reviewing in detail the actual job duties and responsibilities, the manager and I determined that I was not a fit for the role (more senior position). The person was still convinced that I could be a fit for the company. After applying to a more entry role I used that manager’s feedback as leverage and reached out to the recruiter. 6 months later upon graduation I was offered security role and accepted.
I’d love to hear from others in the comments and learn from their experience so please share.
Additionally, I have some reference links that also dive into the different ways others have gotten into the InfoSec industry.