How can I get into computer security?
Our chief research officer Mikko Hypponen seems to get some version of that question whenever he does an online Q&A.
The industry he joined more than 25 years ago has transformed as radically as digital technology itself. Viruses no long travel via floppy disk and your refrigerator will soon have more computer power than the world’s most souped up 486.
But the industry is growing, possibly faster than ever. Even if a report from last year that showed 1 million cyber security openings was inflated, the demand for expertise in securing things that connect to the Internet is extraordinary.
The problem is how to gain that expertise.
Here’s what Mikko told an aspiring hacker hunter during a recent reddit AMA:
You want to learn as much as possible, but you need to pick your focus area. What do you want to do? Penetration testing? Encryption? Malware analysis? Forensics? Underground intelligence? Counter-espionage? Pick a niche, as narrow as possible. Then become as good as you can in that narrow niche.
As a good all-around backgrounder, start by reading Bruce Schneier’s books. All of them.
Then you need to find mentors and coaches. The easiest way to do this is via online forums dedicated to your focus area.
SANS has some great online resources for people starting up in this area: check them out.
Don’t waste your commute to listening to pop music. Listen to infosec lectures and podcasts.
Check these resources:
- Careers in security, ethical hacking and advice on where to get started
- So, you want to work in security?
- Entering The Infosec Biz
- Starting an InfoSec Career
- Career Advice
- How to Break Into Security
- Also see our course material at http://mooc.fi/courses/2016/cybersecurity/
I wish I could give more guidance, but it’s a fast-moving career. Nothing’s constant for very long.
[Image of younger Mikko reverse engineering from “BRAIN: Searching for the first PC virus in Pakistan.”]