Monday, February 9, 2015

How can I get ahead in infosec?

I get asked this question a lot, particularly by interns who want to get ahead.

My first advice is usually this:
More than anything, you should work on your writing. No matter how smart you are, if you can't communicate coherently it doesn't really matter. People, especially those who hire you because they lack your technical skills, will judge the quality of your work based on the quality of your writing.
Now some have pointed out to me that this isn't fair.  Fine. I won't argue about what's fair and what isn't, but at the end of the day a company will choose to hire you or they won't. Once you get that first job, they either choose to hire you again or they don't.  That decision is based mostly on your product and its perceived value.  Sure, technical skills rule. We don't need any more paper tigers in this industry.  But for goodness sakes - if you want a prime job in infosec, you MUST be able to write coherently.

Now this isn't to say that if you can't write, then there's nothing for you in infosec.  You can ride your tech skills and someone else will turn your gibberish into a product they can put in front of a client.  But is that really what you want?  Imagine the opportunities that will silently pass you by because you don't know the difference between "there", "they're" and "their" (and management knows it).  Bottom line, if you have some tech skills and want to take your career to the next level, solidify your writing.

6 comments:

  1. Jake,

    Interesting approach...how should one go about working on their writing?

    ReplyDelete
  2. Look at good writing examples - there are many examples of professionally edited papers and product reviews in the SANS Analyst program site. It sounds cliche, but you can always take a class. Most of the bad writing I see in infosec could be corrected with any night class at an adult continuing education institution (community college or community center).

    ReplyDelete
  3. Someone who writes gibberish most likely didn't attend college. At least not a reputable college. There are countless infosec related degrees available. If you have to work around a full time job, I would recommend UMUC. That's not my college but I've heard their cyber / infosec degrees are second to none. Most people can handle 1 or 2 classes a semester and your employer will most likely pay for all or most of it.

    ReplyDelete
  4. I'm not entirely sure that college is the determining factor here. Take this little gem:

    https://www.binarydefense.com/bds/active-phishing-campaign-with-powershell-injection/

    The author lists three schools on his LinkedIn profile.

    I have seen similar work on internal teams...the determining factor to someone improving their writing is, do they have any sort of external stimulus? Is their writing peer reviewed? Or reviewed at all? I've worked on teams where some have not had their reports reviewed prior to going to the client...and it shows. I've seen a lot of reports (and still do) with little regard for the intended audience.

    My point is, *just* writing isn't the way to improve.

    ReplyDelete
    Replies
    1. Harlan,

      I can't argue with you that college or education, in and of itself, will not necessarily make you a better writer. But I think there's a strong correlation.

      I also agree with you that peer review by teams certainly can help. Unfortunately, not everyone has that opportunity in their environment. These folks are left with the option to seek self improvement on their own, in which case taking a class is probably an easier option than starting an internal peer review program.

      Delete
  5. Sounds like exactly the kind of article someone who claims to know something ( just check the blog name ) but hides behind words and other peoples research to get anywhere in the industry....

    ReplyDelete

Note: Only a member of this blog may post a comment.