Careers in InfoSec - My Mentorship program

Remember when I initially started the InfoSec Career mentorship program? Well, I'm back again and available to mentor anyone interested in starting or improving their InfoSec career path, and yes it will still be completely free! The small difference is that now I will be doing this in front of my newly founded and kick-started non-profit organization ABIIS Montenegro as InfoSec Education is a big part of it's goals and objectives. With this program I will try to "pursue" as many people as possible to consider InfoSec as a career path. But before that yields any meaningful results lets talk about this subject in a wider format and possibly create a bigger thread where potential future colleagues might get the best info on what to do next.

Before we jump head first into the topic let's just touch on why is this so important? InfoSec roles are in great deficit and proof of that I personally obtained through my professional experience, more so during the security conferences I attended in the past few years where this topic was talked about very often. It was brought up more than the current threats in the industry boldly and ironically making it the biggest threat - if we lack talent to defend us, what chance do we really have against cybercrime?

I will start with sharing a descent overview of InfoSec career paths I stumbled across in an article https://learntocodewith.me/posts/cybersecurity/

I am quoting the article highlight about job types in InfoSec below, but the full article is well worth a read:

"Keep in mind that exact job titles can vary from company to company, but in general, here are some common roles:

• Security generalist: a jack of all trades for smaller companies
• Network security engineer: a role found at large companies, these people are involved in managing the security of their company’s network hardware and software, from firewalls to routers to VPNs
• Cloud security engineer: as the title indicates, this role involves providing security for cloud-based platforms
• Application security: specializing in protecting applications from threats using a mix of hardware and software skills
• Identity and Access Management (IAM) engineer: a sub-field of cybersecurity focusing on digital identities and access rights within an organization to ensure correct levels of system access for all employees and prevent unauthorized use
• Security architecture: designs, builds, and manages the implementation of network and computer security for a company
• Penetration tester: get paid to legally hack into software, systems, etc., in order to identify security vulnerabilities
• Malware/forensics analyst: job title could be “cyber forensic malware engineer” or “analyst.” They dig into malware to figure out what it does, where it came from, and so on.
• Incident response analyst: first responders to any type of security breach or issue, rapidly addressing threats to find the cause and limit the damage
• Cryptographer: builds ways of encrypting sensitive information to ensure individual and corporate privacy
• Security trainer: trains employees in security best practices
• Security auditor: report on a security system’s effectiveness and suggest ways to improve it; different than penetration tester because a security auditor is more high-level and uses established standards to evaluate a system
• Governance, Risk and Compliance professional: a more senior role with oversight of regulatory and legal compliance and overall business practices"

Be wary that many titles of roles in InfoSec you stumble upon on job hunting websites can be very misleading and there is no general agreement how certain roles are named, as well as what are their job descriptions. CISO is a prime example as that role comes in so many forms to make your head spin. But hey, let's talk about it!

As an InfoSec professional myself I like to spread the good word about our career paths and the wonders and benefits it brings and hopefully attract more people to it, the biggest benefit - making the cyberspace a safer place for everyone.

So how does this "program" work? The first step would be to schedule a call with me so we can get to know each other and talk about what are you most interested in. After the call we will stay in touch where I will provide you with further reference material based on our talk and guide you until you have what you need to start working on your new awesome career path! What is the catch? Well, there is none if you don't want to, but I will ask for your permission to record our session and progress so I can use that data for research purposes as I will be writing a paper on it at some point, naturally, all data will be anonymized. For anyone interested in joining this program you can book your call with me here (All calls will be done via Zoom): https://app.acuityscheduling.com/schedule.php?owner=18439388

How would you go about recommending a InfoSec career path to an interested candidate?