There’s just so much happening in the information security community, from knowledge sharing, to businesses, to combating cyber threats, to security updates and releases and recently to arrests from the government. With all of these happening, a lot of people get drowned and ignore the facts or reality, while others allow their beliefs to cloud the real essence of what information security is really about; Lets share with you 10 Information Security truths you must know if you are in the industry
So yesterday, i came across this superb twitter thread started by Meg Layton, who is just amazing at what she does as a cybersecurity professional.
OK… twitterverse – what’s the one thing about the industry you wish people understood but likely don’t? Tell me and tag with #infosectruth
— Meg Layton (@Vamegabyte) August 31, 2017
After reading over 80+ replies, we decided to put them together. We futher streamlined them to 10 most important #InfosecTruths you should know if you’re in the industry, planning to get into it or know someone who is.
Top 10 Information Security truths you must know if you are in the industry
- Invest in people, not just in tools: It’s pretty much cool to have the latest best vulnerability scanners, the best Intrusion detection tools,etc. But, the weakest link still boils down to “people”. When you don’t invest in people, you deliver less quality products and services and often times become targets of cyber crimes.
- In this industry, Things move pretty fast. You will never know everything, so stay humble: Don’t assume that because you have a pile of hot certifications piled up somewhere, you know everything. Perhaps you have been in the industry for 5-10 years, you know better. No you don’t! There would definitely be someone who knows just a bit more than you know and as technology changes, what you know kinda becomes obsolete.
- Information security is a way of life, not just a job. Also, if you are not careful, it can consume you. Don’t get overwhelmed by it. Stay dedicated and committed to fixing those problems.
- Cybersecurity is something you DO (Configure) not something you buy: There’s no shop for cybersecurity, or a pre-configured cybersecurity shelve. You have to configure what you want, hire the right people and make the product work for you.
- Tech skills gets you to the final interview Soft skills get you the job. It’s okay to know how to do a pentest, perform source code analysis, etc. But how about communication, creativity, passion, collaboration, knack for problem-solving, etc.
- Security is never “done” it’s an ongoing, never ending activity
- Punishing & Mocking users for ‘stupid’ mistakes means they won’t report issues in the future and multiply the response effort.
- Developers aren’t purposefully writing insecure apps. Application Security is hard. They want to do better, but need your help.
- There is a lot more writing than you’d think. You often get paid because of your report and how well you explain technical items to C-level
- Be honest with yourself about what you know and have accomplished & focus less on the difference.