Here's how you can maintain relevance in the ever-changing field of Information Security.

In order to GAIN relevance and to KEEP relevance, it is simple and inevitable... you have to UPKEEP a bare minimum commitment to ALWAYS learning more, growing more, and doing more. IT/Networking/Cloud/Cybersecurity all have a part to play within Information Security... And all the above mentioned are constantly growing and changing. Whether you are subscribed to learning/training platforms, whether you continue to hunt down certifications, whether you pursue a Degree (Cannot be the only thing... a degree is one and done and doesn't expire to stay updated), or whether you love to dive deep with home labs (cannot be the only thing because you DON'T know what you don't know. Therefore you may not be learning enough or challenging yourself

In information security, staying relevant is like running a marathon, not a sprint! Here's your pro tip: - Be a lifelong learner: The threatscape is a chameleon. - Embrace the hacker mindset: Think like the enemy to find weaknesses before they do. Bug bounties and ethical hacking tests are your allies. - Don't be afraid to experiment: New technologies like AI and blockchain emerge daily. Evaluate their security risks before diving in. - Network with the security community: Join online forums, conferences, and connect with other experts. Sharing knowledge strengthens everyone. - By constantly learning, adapting, and collaborating, and become a true information security leader!

Well, diving into the deep end here, the key to staying afloat in the ever-turbulent waters of Information Security isn't just about keeping your head above water. It's about swimming ahead of the tide. I've rubbed elbows with folks like Vinod Singh Adhikari and Raymond Teo who advocate a mix of relentless learning and practical hands-on experience. They're not just talking shop; they're in the trenches, evolving with the tech. So, keep your toolkit sharp and your mind sharper. That's the real secret sauce, folks.

There is no substitute for life long learning. The technologies will keep on evolving the only relevant criteria will be how well we fit in with those changes. One has to be proactive and committed to the field of information security to be relevant to this ever changing field. Continuous Learning is the key ....

Information security is not a destination but a lifelong journey, where learning is the key to staying ahead of emerging threats and safeguarding what matters most.

Human interaction is most impactful. Networking with like minded people helps to build a knowledge base which books or other training materials may not be sufficient to impart. Exchanging ideas and brainstorming on common issues foster collaboration.

Building a network of like minded professionals is invaluable in todays cyber landscape. Colleagues in similar fields or vertical can help and may provide important and relevant information specific to your needs. Industry professionals or those considered “rockstars” in their specific field always have relevant and pertinent information often within a much larger perspective. One does not need the entire XDR team of a particular vendor in their contact list but a working relationship can lead to additional networking opportunities and information.

When I first started out I continually felt strong feelings of imposter syndrome. Like I should not be in the room with others who knew so much more than me. What I quickly learned was that most people are happy to answer questions you have. Asking the simple question is not going to get you kicked out of the room, it is what is going to bring you into it further. People are far more willing to talk, help, and answer questions than you might think. On top of just knowledge sharing. People in our industry talk. So the more you talk with people, the more your name might pop up in other conversations. This is how so many people get their next jobs through word of mouth! Step up and step out! Network as much as you can!

Networking is almost akin to soft salesmanship. It requires one to put themselves out there. Listen in and lean in. Remember names, connect on linkedin and check your contact list to refresh your memory on who you know. Reach out for a cup of coffee esp. when you don't need any help.

In my experience, Networking is an indispensable tool for professionals Attending industry conferences, seminars, and workshops not only provides opportunities to meet peers and thought leaders but also serves as fertile ground for exchanging ideas and gaining insights into emerging trends before they become mainstream. By actively participating in these events, individuals can engage in meaningful discussions, forge valuable connections, and establish themselves as part of a vibrant professional community. By harnessing the power of networking, professionals can enhance their visibility, broaden their perspectives, and stay at the forefront of the ever-evolving Information Security landscape.

Hands on experience will make the path easy. What If you know everything in theory and in the practical world the application is zero? This will reflect that you are not a go to person on the subject. This will also impact the credibility of the person. Having a home lab and simulating the the attacks advocate one's dedication to the subject.

In my experience, to master my skills, I had put a lot of hours studying and practicing at the same time, the concepts and attacks that I have learned has come with practice. If I say about web app security, the best resource these days is the portswigger labs. It's designed amazingly well and gives a great hands-on experience which at times you can replicate during actual penetration tests. For network security, solving challenges on HTB, Proving Grounds, THM. Additionally, THM & HTB has subscription based pathways to have hands-on practice, it's very helpful for people who are confused on where to start.

This is one area that I have seen is now being neglected by some professionals in favour of certificates especially in developing countries. The truth is that while certifications improve your chances of getting a job, maintaining and excelling on the job depends on how skilled you are practically. In all we do as technology practitioners, we must never forget that while it is nice to have these certs and the big titles, what will make you stay relevant is being able to solve a practical problem, at any stage of your career. As a manager, you will struggle to adequately supervise a group of technical people if you yourself lack basic technical hands-on practice. Never stop practising.

The value of hands-on practice extends beyond theoretical knowledge. It provides an opportunity to apply learned concepts in practical settings, enabling professionals to gain real-world experience and hone their skills. Capture-the-flag (CTF) competitions and engaging in ethical hacking projects are effective ways to immerse oneself in authentic scenarios, where the application of security principles and problem-solving skills is paramount. Moreover, engaging in practical exercises demonstrates commitment and dedication to mastering the craft of Information Security.

hands on practice is essential to grasp the intricacies of information security. setting up a home lab to experiment with different security tools and scenarios allows one to gain practical experience, when a staging environment is hard to come by. using virtual machines to emulate attacks and defense configuration creates a safe environment for learning without risking actual systems. engaging in capture-the-flag (CTF) competitions or ethical hacking projects helps one apply his skills in real world. practical experience not only reinforces your knowledge but also demonstrates your commitment to mastering the craft.

In InfoSec, versatility is key. Aim to be a 'jack of all trades,' with a solid grasp of the field, then sharpen your edge in a few select areas. As threats evolve, your broad foundation and targeted expertise ensure you're always in demand, ready to tackle the industry's latest challenges.

After a broad but deep understanding of security principles including networking, operating systems, risk management, vulnerability management, forensics, SIEM tools, XDR, cloud, scripting languages… one might be able to narrow the focus and then start a deep dive. A working balance of generalist and being an SME is important in any area. Versatility in this industry will provide ample opportunities to become more focused in a highly specialized and interesting skill set.

Cyber security is a broader field of knowledge. We need to understand what we are hooked on. Some may like to be a SOC analyst, some may love to be a digital forensics expert the list is never ending. The career path should be chosen wisely it's very easy to get lost in this ocean of knowledge. One should not end up working as an incident responder rather than a pentester which he or she wanted to be.

In an earlier contribution, I stressed on learning everything you can, but then the truth is that not everything is selling at the same time. In today's world, AI is the in thing. That means that the information security expert who turns their attention to AI security will be the next focus. Therefore, we must specialize smartly. It makes no sense to go and learn an archaic technology because no one is looking for people with such knowledge. You must learn to follow the trend of technology and specialize accordingly.

Identifying niches that align with your interests and market demand can significantly enhance your relevance in the industry. You can start by pinpointing areas in cybersecurity that captivate you and match your strengths. You can research current and emerging trends to uncover high-demand specializations like cloud security or OT. By pursuing specialized training and certifications in your chosen niche, you can become an expert in a specific domain. You can stay on top of new trends in your domain by regularly reading industry publications, research papers, and news.

The compliance is the top most priority in infosec. Today what makes something a risk may be considered as a normal event in infosec. The policy changes can impact the entire threat landscape. GDPR, HIPPA and other compliance frameworks should be consulted to understand the applicable compliances for a particular field.

More often than not, compliance being paramount, InfoSec requirements are regarded as cumbersome by end-users. "Why should XYZ be encrypted if we're already on a secured network?" is a common question for users to have. The impact of non-compliance can be easily seen and expressed when telling a good story. Every mandatory requirement on every standard has a story behind it (some affected company/government/public entity) and this fact can be leveraged into providing awareness to users and devs alike. "Why is it that now we have to follow XXXX guideline? What happened when? Who was affected? How did they handle it?" Good communication fosters early adoption. Early adoption ensures a swifter transition. Awareness is always met that way.

the number one thing that made me swallow to regulatory controls and grow to appreciate them is, staying informed about regulations like GDPR and PCI DSS in information security can actually save time by providing established guidelines and best practices. instead of reinventing the wheel, you can leverage these regulations to streamline your security efforts. they offer frameworks and requirements that, when implemented correctly, not only ensure compliance but also enhance overall security posture. understanding these regulations helps you adopt industry standards efficiently and effectively, ultimately saving time and resources.

In the fast-paced field of Information Security, staying relevant is key to success. To maintain your edge, it is crucial to stay informed about policy changes and regulatory requirements. Laws such as GDPR, DORA, NIS 2 or PCI DSS…. have major implications for security practices. By staying up-to-date on legislative developments, you not only enhance your ability to protect organizations but also position yourself as a compliance expert. This knowledge is essential for understanding how regulations impact both technical and business aspects of Information Security. By staying informed and adapting to changes, you can ensure you remain a valuable asset in this ever-evolving field.

The policies keep coming (lol). This means the information security practitioner must always be ready to read these huge documents. Read the policies no matter how boring they sometimes are. It is therefore incumbent on you to learn the policies as well as the regulations governing your business environment. Also know the standards and best practices.

I will use a personal example. I had love for this profession and was already working as an auditor but it was when I became supervised by a particular boss that I actually started learning and acquiring practical skills so mentorship is important. Sometimes, you can look at a person and make them your mentor from a distance. Mentorship is very important. Another angle to it is volunteering to mentor people. By making yourself a mentor, you are forced to learn more. People also start referring more to you as a source of knowledge. Do this two and you can stay relevant.

Mentorship provides a unique opportunity for individuals to tap into the knowledge and experiences of seasoned professionals who have already traversed the Information Security field. A mentor can offer guidance on various aspects, including career growth, skill development, and navigating the industry's challenges. Furthermore, mentors can provide invaluable advice on career progression. They can offer insights into different career paths within Information Security, helping mentees identify opportunities aligned with their interests and strengths. Mentors can share their personal experiences, highlighting the skills and attributes that have propelled them forward, and provide advice on how to overcome obstacles and advance in the field.

To be relevant in the ever changing infosec field, it is important to be aware on what changes are coming up on your way or in this field. Learn about them and train yourself to be fit into. You need to skill up and understand how you can act towards the change. You should be well trained on those changes to take good command. Through your network, you can stay updated and adjust yourself for any upcoming challenges due to such changes.