Entering the world of Information Security and opting for a career path can be very confusing, especially for a fresher in the field. Knowing where to begin and what to learn.
Now there are a lot of sources people turn to for advice but very rarely you’d find a rule of thumb or a proper progress plan to proceed which is still okay considering everybody has their own plan to make their career.
Here’s my attempt at clearing out some of those doubts and giving you a progress plan of courses to do and certifications to get that may help you advance in the world of information security.
The 5 step process of decision:
- Know your position
- Know your stream
- Know the kind of knowledge you want
- Analyze your options
- Set a progress plan & go
- Know your position:
Knowing where you stand in terms of knowledge and expertise is a must, this will help you decide a proper training path. There can be 3 classifications under this point: (i). Fresher (ii). Pro (iii). Expert
(i). Fresher is somebody with no experience in the field what so ever. You have just started out and you need to start from the scratch. A good plan for this category is explained in the example below:
(ii). Pro is somebody who has a basic working knowledge of the concepts and processes, typically somebody with 0-2 years of experience
(iii). Expert Somebody with 5 or more years of experience in this field with ample knowledge and generally opts for higher level courses for certification purposes.
Knowing the direction, you want your career to grow on is of utmost importance.
Information security has two correlated streams under IT Audit & Compliance (i). Technical (ii). Non- Technical
(i). Technical has verticals like Network Security, VAPT & SIEM under its belt and the hierarchy of courses/training & certifications under this [among many] is:
Network Fundamentals, CCNA R&S and Security, CEH, CHFI, ECSA, VAPT, WAPT, CPT
(ii). Non-Technical has verticals like the ISO Standards, ISACA, ISC2, GDPR under its belt & the hierarchy of courses/training & certifications are usually requirement specific as non-technical certifications are generally opted by Pros and Experts.
However, ISO 27001 Lead Auditor is a good place to start before opting for ISACA courses.
Which we will discuss about in the next Blog.