JoeDai
Any advice for a new Info Sec person? I'm going to start my career change on the 1st and I legit have no idea what to expect. #InfosecTips
Dec 2, 2022 at 10:48pmWeb
Show threadJDN 6Dec 2, 2022
@joedai
Burnout from studying can be a real thing, especially if you try to do the “full-immersion” thing for over a year - make sure you take time to either disconnect, or pursue adjacent stuff that you find entertaining.
It’s a marathon, not a sprint.
🤙🤓
Show threadMatthew Hall Dec 2, 2022
@joedai if you’re brand new to the industry (unfortunately) many firms may require some certs before your foot is in the door (or for progression); so depending on your domain this may help : https://pauljerimy.com/security-certification-roadmap/
Security Certification Roadmap - Paul Jerimy Media

IT Security Certification Roadmap charting security implementation, architecture, management, analysis, offensive, and defensive operation certifications.

Paul Jerimy Media
Show threadJoeDaiDec 2, 2022
@matthew_hall
Luckily my company is willing to train me so my degree was good enough. I do appreciate the site. I'm going to look over it for the progression aspect 😁
Show threadJeff the AlienDec 2, 2022

@joedai

What is your primary interest in the infosec arena? Defense (blue team) or Offense (red team) or are you management looking for executive roles? What would make you stop whatever you are doing to pay attention to it?

Initial advice...

  • Stay up to date with the current threat landscape
  • CTFs are great and are starting to show up on resumes
  • Cybersecurity peeps can work in any industry or type of company.

I'll add more soon.

Show threadJoeDaiDec 2, 2022

@hackdefendr
I actually used CTFs in my cover letter but I left them off of my resume lol. I actually had to lean on that experience during the interview. I think I should have made it more clear that I got a job and I don't know what to expect, rather than looking to break out.

I am going to take your advice and try to figure out a better way to stay up to date. Currently it's just the Security Now podcast.

Show threadJeff the AlienDec 2, 2022

@joedai I set up a few Google alerts that email me daily a list of articles based off keyword/phrase searches.

https://www.google.com/alerts

Example:

+”no evidence” security compromise

Shows articles where security compromise is mentioned along with the quote "no evidence", because someone always denies they have been compromised.

Google Alerts - Monitor the Web for interesting new content

Show threadJoeDaiDec 3, 2022
@hackdefendr
I am 100% going to have to look into this. I know I probably should have used alerts for other things but I do really love the idea!
Show threadPeoriaBummerDec 2, 2022
@joedai everyone feels like a phony. You’re not. Stick with it.
Don’t worry about looking stupid. If you get over your ego and ask questions, you’ll learn faster AND form the valuable habit of not nodding along when you’re confused. If you actively listen and stop to ask questions, you’ll eventually be a god damn hero one day when you catch a subtle mistaken assumption everyone else missed because they were too busy nodding along.
Show threadJoeDaiDec 2, 2022
@PeoriaBummer
That is profound and really helpful. I'm going to have to actively work on it but I'm going to take this to heart. Thank you!
Show threadPeoriaBummerDec 2, 2022
@joedai mistaken assumptions are the bane of infosec! 😂
Show threadJDN 6Dec 3, 2022

@joedai
You already scored a job and your employer is willing to train?
You, my friend, have a golden ticket to ride 🤙😎
That is awesome!!

I think an introduction to SANS ICS is in order,and will give you a head start on what is to come.
It is recommended that you take notes - this WILL be on the test
https://youtu.be/5nKk_-Lvhzo

SANS ICS HyperEncabulator

YouTube
Show threadJoeDaiDec 3, 2022
@JDN5IX
I'm lucky in the fact that I don't work for an IT company and we specialize in something else. It's a very uncommon industry. I currently have 9 years of experience on the production side and they are wanting to leverage that experience on the security team. I'm lucky that their expectations are already tamped down lol. From what I understand I will be the poc for operations questions. Which is cool.
Show threadJDN 6Dec 3, 2022
@joedai
That’s awesome! Sounds like an amazing opportunity!
Show threadTimo ZimmermannDec 3, 2022

@joedai I’ve seen many people coming into the field highly ambitious and motivated to do „the right thing“. And get discouraged and sometimes quit the moment reality hit.

Sometimes the right thing will not be done due to various reasons - impractical, money, no buy in from others and many more.

Don’t get discouraged. During a long career there’ll be more wins than loses and you will have a net positive impact.

Good luck, it’ll be a crazy, fun ride! :)