3 Steps to Highly Efficient News Reading

A recent poster in an information security forum
asked
what it takes to succeed in the
information security
field. Having met with moderate success in the field myself, I decided to
offer a few of my own thoughts on the matter:

1. Be Passionate About ItYou can’t get to the top if you don’t truly
   love what you do. You can do decently well by grinding through, of
   course, but you won’t ever see the upper levels. This is especially true
   in infosec where it takes so much continual effort to stay current. I’ve
   seen dozens of “security professionals” in the field because they heard
   “there’s money in security”. That’s simply not good enough.

2. Be An Engineer, Not A TechnicianIf you don’t understand
   how things work then you will stay at the bottom of the ladder in
   this field. Knowing how to operate things isn’t going to cut it.
   Problem-solving, which is ultimately what good consultants and other
   infosec professionals do, requires an understanding of the problem at
   hand, as well as how any proposed solution functions. You can’t be a
   button-pusher and get to the top.

3. Don’t Be Intimidated By AnythingMany people in I.T. are pretty
   solid with a few technologies but have areas that they’ll never get into
   because they view them as scary. I often hear, “Oh, that’s programming,
   I’m not touching that.”, or “I don’t mess with that Unix stuff.”That
   kind of approach will keep you limited for life, and for a security
   professional it’s pretty much a sign you aren’t going anywhere. The top
   security pros approach the unknown very similarly, i.e. by saying, “That
   can’t be too hard…” That’s the attitude you need to have.

4. Combine Book Knowledge with Hands-OnMany screw this up in one
   direction or the other, and it’s not something you can get away with
   easily in information security. In this field you need to not only study
   theory but also know how to implement that knowledge in real-world
   situations. If you study diligently but can’t apply it, you’re dead.
   Alternatively, if you can implement but don’t understand underlying
   concepts you’re dead there too (see above).I strongly recommend that
   beginners invest in a serious lab environment and implement what they
   find interesting during their studies. Nothing is more effective as a
   learning tool (for me, anyway) than studying something
   academic/theoretical and then seeing it come to life in your lab.

5. Sharpen Your Communication SkillsFew things are as important as
   the ability to communicate well. This includes both verbal and written
   communication. It’s not enough to know lots of things; you have to be
   able to get that knowledge to your clients/users/management in a way
   that is useful to them.Imagine you have two ratings on a scale of 1-10 —
   message and interface — and that the overall impact of your
   communication is the product of the two. So if your message is a 10, but
   your interface to the client (how well you communicated it) was only a
   2, your overall score is just a 20. But if your message is a 9 and your
   interface is an 8 then your score is a 72. You need both solid content
   and the ability to convey it to others.

6. Keep In Mind That There Are People Out There That Make You Look
   SillyStaying humble is another key attribute. If you think too much of
   yourself you’ll relax and stop growing. It’s important to realize that
   there are others that completely dwarf your skills in many areas. Check
   out some different newsgroups, browse different IRC channels for
   security related content, etc. Seek out those you can learn from.