Here's how you can maintain relevance in the ever-changing field of Information Security.
In the dynamic world of Information Security, staying relevant is crucial for your career. With new threats emerging daily, the importance of being up-to-date cannot be overstated. Information Security, often abbreviated as InfoSec, involves protecting information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. To maintain your edge, you need to adapt to the latest security trends, understand the evolving landscape of threats, and continuously refine your skill set. This article will guide you through practical steps to ensure you remain an indispensable asset in the field of Information Security.
-
David HuynhCyber Security Engineer / Analyst 🖥️🔐 || USMC Veteran 🦅🌎⚓️ || BTL1 || SSCP || CySA+ || A+ || Network+ || Security+…
-
Vinod Singh Adhikari, CPP® PCI® CC - (ISC)²Security Specialist at Boeing | Certified in CyberSecurity by (ISC)²
-
Shreekumar NairCEO @ Vinca Cyber | Cybersecurity Solutions & Services
Lifelong learning is the bedrock of maintaining relevance in Information Security. This field evolves rapidly, with new vulnerabilities and attack vectors surfacing regularly. To keep pace, you should engage in continuous education, whether through formal courses, certifications, or self-study. Prioritize learning about emerging technologies like blockchain and artificial intelligence, as these areas are becoming increasingly intertwined with security. Embrace online platforms and communities where professionals share insights and experiences, which can provide real-world context to theoretical knowledge.
-
David Huynh
Cyber Security Engineer / Analyst 🖥️🔐 || USMC Veteran 🦅🌎⚓️ || BTL1 || SSCP || CySA+ || A+ || Network+ || Security+ || AZ-900 || SC-900 || Splunk Enterprise & Enterprise Security Admin || AWS CCP || LPI Linux || CCFA
In order to GAIN relevance and to KEEP relevance, it is simple and inevitable... you have to UPKEEP a bare minimum commitment to ALWAYS learning more, growing more, and doing more. IT/Networking/Cloud/Cybersecurity all have a part to play within Information Security... And all the above mentioned are constantly growing and changing. Whether you are subscribed to learning/training platforms, whether you continue to hunt down certifications, whether you pursue a Degree (Cannot be the only thing... a degree is one and done and doesn't expire to stay updated), or whether you love to dive deep with home labs (cannot be the only thing because you DON'T know what you don't know. Therefore you may not be learning enough or challenging yourself
-
Shreekumar Nair
CEO @ Vinca Cyber | Cybersecurity Solutions & Services
In information security, staying relevant is like running a marathon, not a sprint! Here's your pro tip: - Be a lifelong learner: The threatscape is a chameleon. - Embrace the hacker mindset: Think like the enemy to find weaknesses before they do. Bug bounties and ethical hacking tests are your allies. - Don't be afraid to experiment: New technologies like AI and blockchain emerge daily. Evaluate their security risks before diving in. - Network with the security community: Join online forums, conferences, and connect with other experts. Sharing knowledge strengthens everyone. - By constantly learning, adapting, and collaborating, and become a true information security leader!
-
Zuhaib Khurshid 🥇
🔸LinkedIn Top Voice | Information Security Consultant @ IP Technology LLC | Cybersecurity Analyst/Consultant/Trainer
Well, diving into the deep end here, the key to staying afloat in the ever-turbulent waters of Information Security isn't just about keeping your head above water. It's about swimming ahead of the tide. I've rubbed elbows with folks like Vinod Singh Adhikari and Raymond Teo who advocate a mix of relentless learning and practical hands-on experience. They're not just talking shop; they're in the trenches, evolving with the tech. So, keep your toolkit sharp and your mind sharper. That's the real secret sauce, folks.
-
Raju Upadhyay
IT Security Professional || CISA || OSCP Aspirant || AI & ML Enthusiast || Ask me about Cyber Security
There is no substitute for life long learning. The technologies will keep on evolving the only relevant criteria will be how well we fit in with those changes. One has to be proactive and committed to the field of information security to be relevant to this ever changing field. Continuous Learning is the key ....
-
Vishal Saini
ISO 27001 Lead Auditor - IT Audit|| SAP Security & GRC || ISMS Audit, SOC 2, RBI IS Audit, TPRM || FACT Cyber Forensics
Information security is not a destination but a lifelong journey, where learning is the key to staying ahead of emerging threats and safeguarding what matters most.
Networking is a powerful tool for staying informed and connected in the Information Security realm. Attend industry conferences, seminars, and workshops to meet peers and thought leaders. These events are fertile ground for exchanging ideas and discovering trends before they become mainstream. Join professional associations and online forums dedicated to Information Security to participate in discussions and collaborate on solutions to common challenges. Remember, your network can be a valuable source of information and opportunities that books and courses may not provide.
-
Raju Upadhyay
IT Security Professional || CISA || OSCP Aspirant || AI & ML Enthusiast || Ask me about Cyber Security
Human interaction is most impactful. Networking with like minded people helps to build a knowledge base which books or other training materials may not be sufficient to impart. Exchanging ideas and brainstorming on common issues foster collaboration.
-
Aaron Isaacs, Ph.D.
Director, IT Security at VXI Global Solutions. Adjunct professor, Microsoft Alumni. Ph.D in digital forensics. CISM | CISA | CRISC | MCT | MCSE | PCDRA Gartner Peer Community Ambassador
Building a network of like minded professionals is invaluable in todays cyber landscape. Colleagues in similar fields or vertical can help and may provide important and relevant information specific to your needs. Industry professionals or those considered “rockstars” in their specific field always have relevant and pertinent information often within a much larger perspective. One does not need the entire XDR team of a particular vendor in their contact list but a working relationship can lead to additional networking opportunities and information.
-
Aaron Strong
Father | Husband | MS Cybersecurity, Cyber Intelligence | Public Speaker
When I first started out I continually felt strong feelings of imposter syndrome. Like I should not be in the room with others who knew so much more than me. What I quickly learned was that most people are happy to answer questions you have. Asking the simple question is not going to get you kicked out of the room, it is what is going to bring you into it further. People are far more willing to talk, help, and answer questions than you might think. On top of just knowledge sharing. People in our industry talk. So the more you talk with people, the more your name might pop up in other conversations. This is how so many people get their next jobs through word of mouth! Step up and step out! Network as much as you can!
-
Rohit K.
CCSP | CISSP | CISM | personal views
Networking is almost akin to soft salesmanship. It requires one to put themselves out there. Listen in and lean in. Remember names, connect on linkedin and check your contact list to refresh your memory on who you know. Reach out for a cup of coffee esp. when you don't need any help.
-
Wasim Khan
Security Consultant at Secarma Ltd | OSCP | CREST CRT | CPSA | CEH
In my experience, Networking is an indispensable tool for professionals Attending industry conferences, seminars, and workshops not only provides opportunities to meet peers and thought leaders but also serves as fertile ground for exchanging ideas and gaining insights into emerging trends before they become mainstream. By actively participating in these events, individuals can engage in meaningful discussions, forge valuable connections, and establish themselves as part of a vibrant professional community. By harnessing the power of networking, professionals can enhance their visibility, broaden their perspectives, and stay at the forefront of the ever-evolving Information Security landscape.
Hands-on practice is essential to understand the intricacies of Information Security. Set up a home lab to experiment with different security tools and scenarios. Use virtual machines to create a safe environment where you can simulate attacks and test defenses without risking actual systems. Engage in capture-the-flag (CTF) competitions or ethical hacking projects to apply your skills in real-world contexts. This practical experience not only reinforces your knowledge but also demonstrates your commitment to mastering your craft.
-
Raju Upadhyay
IT Security Professional || CISA || OSCP Aspirant || AI & ML Enthusiast || Ask me about Cyber Security
Hands on experience will make the path easy. What If you know everything in theory and in the practical world the application is zero? This will reflect that you are not a go to person on the subject. This will also impact the credibility of the person. Having a home lab and simulating the the attacks advocate one's dedication to the subject.
-
Sushil Bhojwani
Security Engineer | Security Consultant
In my experience, to master my skills, I had put a lot of hours studying and practicing at the same time, the concepts and attacks that I have learned has come with practice. If I say about web app security, the best resource these days is the portswigger labs. It's designed amazingly well and gives a great hands-on experience which at times you can replicate during actual penetration tests. For network security, solving challenges on HTB, Proving Grounds, THM. Additionally, THM & HTB has subscription based pathways to have hands-on practice, it's very helpful for people who are confused on where to start.
-
Emmanuel Asuquo, CISA, AWS, IBM Cybersec-Analyst, MScFE
This is one area that I have seen is now being neglected by some professionals in favour of certificates especially in developing countries. The truth is that while certifications improve your chances of getting a job, maintaining and excelling on the job depends on how skilled you are practically. In all we do as technology practitioners, we must never forget that while it is nice to have these certs and the big titles, what will make you stay relevant is being able to solve a practical problem, at any stage of your career. As a manager, you will struggle to adequately supervise a group of technical people if you yourself lack basic technical hands-on practice. Never stop practising.
-
Wasim Khan
Security Consultant at Secarma Ltd | OSCP | CREST CRT | CPSA | CEH
The value of hands-on practice extends beyond theoretical knowledge. It provides an opportunity to apply learned concepts in practical settings, enabling professionals to gain real-world experience and hone their skills. Capture-the-flag (CTF) competitions and engaging in ethical hacking projects are effective ways to immerse oneself in authentic scenarios, where the application of security principles and problem-solving skills is paramount. Moreover, engaging in practical exercises demonstrates commitment and dedication to mastering the craft of Information Security.
-
rajab asfour
IT security manager, network Security architect | DDOS | BIG IP F5 | paloalto | fortinet | cisco | juniper | bluecoat | VPN | AAA | PKI | PCI
hands on practice is essential to grasp the intricacies of information security. setting up a home lab to experiment with different security tools and scenarios allows one to gain practical experience, when a staging environment is hard to come by. using virtual machines to emulate attacks and defense configuration creates a safe environment for learning without risking actual systems. engaging in capture-the-flag (CTF) competitions or ethical hacking projects helps one apply his skills in real world. practical experience not only reinforces your knowledge but also demonstrates your commitment to mastering the craft.
While a broad knowledge base is important, specialization can make you particularly valuable. Identify niches within Information Security that align with your interests and the market demand. This could be areas like cybersecurity law, cloud security, or incident response. By becoming an expert in a specific domain, you can offer deep insights and solutions that generalists cannot. However, balance specialization with a good understanding of related areas to maintain versatility in your skill set.
-
Sreehari Rajeev
Security Analyst EY | Top Information Security Voice | Cyber Forensic | Web Dev
In InfoSec, versatility is key. Aim to be a 'jack of all trades,' with a solid grasp of the field, then sharpen your edge in a few select areas. As threats evolve, your broad foundation and targeted expertise ensure you're always in demand, ready to tackle the industry's latest challenges.
-
Aaron Isaacs, Ph.D.
Director, IT Security at VXI Global Solutions. Adjunct professor, Microsoft Alumni. Ph.D in digital forensics. CISM | CISA | CRISC | MCT | MCSE | PCDRA Gartner Peer Community Ambassador
After a broad but deep understanding of security principles including networking, operating systems, risk management, vulnerability management, forensics, SIEM tools, XDR, cloud, scripting languages… one might be able to narrow the focus and then start a deep dive. A working balance of generalist and being an SME is important in any area. Versatility in this industry will provide ample opportunities to become more focused in a highly specialized and interesting skill set.
-
Raju Upadhyay
IT Security Professional || CISA || OSCP Aspirant || AI & ML Enthusiast || Ask me about Cyber Security
Cyber security is a broader field of knowledge. We need to understand what we are hooked on. Some may like to be a SOC analyst, some may love to be a digital forensics expert the list is never ending. The career path should be chosen wisely it's very easy to get lost in this ocean of knowledge. One should not end up working as an incident responder rather than a pentester which he or she wanted to be.
-
Emmanuel Asuquo, CISA, AWS, IBM Cybersec-Analyst, MScFE
In an earlier contribution, I stressed on learning everything you can, but then the truth is that not everything is selling at the same time. In today's world, AI is the in thing. That means that the information security expert who turns their attention to AI security will be the next focus. Therefore, we must specialize smartly. It makes no sense to go and learn an archaic technology because no one is looking for people with such knowledge. You must learn to follow the trend of technology and specialize accordingly.
-
Garima Raina
Actively looking for new opportunities to return to the workforce | Product Manager specializing in Cybersecurity and Product Development
Identifying niches that align with your interests and market demand can significantly enhance your relevance in the industry. You can start by pinpointing areas in cybersecurity that captivate you and match your strengths. You can research current and emerging trends to uncover high-demand specializations like cloud security or OT. By pursuing specialized training and certifications in your chosen niche, you can become an expert in a specific domain. You can stay on top of new trends in your domain by regularly reading industry publications, research papers, and news.
Staying abreast of policy changes and regulatory requirements is crucial in Information Security. Laws and standards like the General Data Protection Regulation (GDPR) or the Payment Card Industry Data Security Standard (PCI DSS) have significant implications for how organizations handle security. Keep an eye on legislative developments and understand how they impact both technical and business aspects of Information Security. This knowledge not only helps you protect organizations better but also positions you as a compliance expert.
-
Raju Upadhyay
IT Security Professional || CISA || OSCP Aspirant || AI & ML Enthusiast || Ask me about Cyber Security
The compliance is the top most priority in infosec. Today what makes something a risk may be considered as a normal event in infosec. The policy changes can impact the entire threat landscape. GDPR, HIPPA and other compliance frameworks should be consulted to understand the applicable compliances for a particular field.
-
Diego Flores
Team Leader, SW Engineer, Data Science aficionado, MSc in InfoSec/CyberSecurity, and overall curious professional.
More often than not, compliance being paramount, InfoSec requirements are regarded as cumbersome by end-users. "Why should XYZ be encrypted if we're already on a secured network?" is a common question for users to have. The impact of non-compliance can be easily seen and expressed when telling a good story. Every mandatory requirement on every standard has a story behind it (some affected company/government/public entity) and this fact can be leveraged into providing awareness to users and devs alike. "Why is it that now we have to follow XXXX guideline? What happened when? Who was affected? How did they handle it?" Good communication fosters early adoption. Early adoption ensures a swifter transition. Awareness is always met that way.
-
rajab asfour
IT security manager, network Security architect | DDOS | BIG IP F5 | paloalto | fortinet | cisco | juniper | bluecoat | VPN | AAA | PKI | PCI
the number one thing that made me swallow to regulatory controls and grow to appreciate them is, staying informed about regulations like GDPR and PCI DSS in information security can actually save time by providing established guidelines and best practices. instead of reinventing the wheel, you can leverage these regulations to streamline your security efforts. they offer frameworks and requirements that, when implemented correctly, not only ensure compliance but also enhance overall security posture. understanding these regulations helps you adopt industry standards efficiently and effectively, ultimately saving time and resources.
-
Mohamed-Nabil Kachemir
In the fast-paced field of Information Security, staying relevant is key to success. To maintain your edge, it is crucial to stay informed about policy changes and regulatory requirements. Laws such as GDPR, DORA, NIS 2 or PCI DSS…. have major implications for security practices. By staying up-to-date on legislative developments, you not only enhance your ability to protect organizations but also position yourself as a compliance expert. This knowledge is essential for understanding how regulations impact both technical and business aspects of Information Security. By staying informed and adapting to changes, you can ensure you remain a valuable asset in this ever-evolving field.
-
Emmanuel Asuquo, CISA, AWS, IBM Cybersec-Analyst, MScFE
The policies keep coming (lol). This means the information security practitioner must always be ready to read these huge documents. Read the policies no matter how boring they sometimes are. It is therefore incumbent on you to learn the policies as well as the regulations governing your business environment. Also know the standards and best practices.
Mentorship can significantly impact your ability to stay current in Information Security. Seek out mentors who have navigated the field successfully and can provide guidance on career growth and skill development. Conversely, mentoring others can also enhance your expertise, as teaching is one of the best ways to solidify your own understanding. Through mentorship, you can gain insights into new perspectives and approaches, ensuring that you continue to grow and adapt in this ever-evolving field.
-
Emmanuel Asuquo, CISA, AWS, IBM Cybersec-Analyst, MScFE
I will use a personal example. I had love for this profession and was already working as an auditor but it was when I became supervised by a particular boss that I actually started learning and acquiring practical skills so mentorship is important. Sometimes, you can look at a person and make them your mentor from a distance. Mentorship is very important. Another angle to it is volunteering to mentor people. By making yourself a mentor, you are forced to learn more. People also start referring more to you as a source of knowledge. Do this two and you can stay relevant.
-
Wasim Khan
Security Consultant at Secarma Ltd | OSCP | CREST CRT | CPSA | CEH
Mentorship provides a unique opportunity for individuals to tap into the knowledge and experiences of seasoned professionals who have already traversed the Information Security field. A mentor can offer guidance on various aspects, including career growth, skill development, and navigating the industry's challenges. Furthermore, mentors can provide invaluable advice on career progression. They can offer insights into different career paths within Information Security, helping mentees identify opportunities aligned with their interests and strengths. Mentors can share their personal experiences, highlighting the skills and attributes that have propelled them forward, and provide advice on how to overcome obstacles and advance in the field.
-
Vinod Singh Adhikari, CPP® PCI® CC - (ISC)²
Security Specialist at Boeing | Certified in CyberSecurity by (ISC)²
To be relevant in the ever changing infosec field, it is important to be aware on what changes are coming up on your way or in this field. Learn about them and train yourself to be fit into. You need to skill up and understand how you can act towards the change. You should be well trained on those changes to take good command. Through your network, you can stay updated and adjust yourself for any upcoming challenges due to such changes.