InfoSec skills and competences

Monday, December 7, 2015

InfoSec skills and competences


This is a follow up post on the one i did here on how to get started in infosec. This blog post will focus on the skills and competences required in the InfoSec profession. What i document is not the gospel truth but rather some pieces of wisdom i have picked up along the way alongside some observations and lessons i have learnt.

As InfoSec is a technical field, the basic understanding of key IT concepts in critical, e.g. Networking, Programing, Scripting, Virtualization, Operating Systems and Computer architecture. These are not technical skills you can survive without. I have seen one to many individuals purporting to be InfoSec professionals and experts overnight with little or no evidence to support their career. This is basically due to the fact that we live in a country where anyone with an opinion, automatically becomes the subject matter expert. Mostly, the reason why we have so many Wikipedia experts in Kenya today. I challenge you to look for the number of information security professional in Kenya, on LinkedIn. They are quite a number. It will make you wonder what value they are adding towards growing InfoSec in the country, more so in the banking sector. Anyway, this is a rant for another blog post :D

Some common misconceptions about this field are that, it is difficult to get into, you have to be super technical and know your way around every single piece of technology among others. This in fact is quite false. All you need to become an ethical hacker is passion, patience, ability to think critically, ability to learn on your own, ability to use Google effectively (btw this is not a joke, a lot of people do not know how to use Google in their problem solving process), and lastly a knack for research and off course the stereotypical ability to stay up for long hours, preferably at night tinkering away.

Infosec as a profession is quite challenging and not for the faint hearted. It is not for those looking for a 9-5 kind of job. It is not for those who do not enjoy intellectual challenges and lack interest in research. It requires passion, commitment and drive in order to make strides in the profession.

All the above are quite easy to achieve, as long as you have a positive attitude,and you can apply the tips given above. Be sure to brush up on your hands on skills and you will be well on your way to becoming a skilled ethical hacker.