Career Advice Tuesday (late) – Learning Impaired

September 22, 2010

(Wow. After more than a year on schedule, we managed to be late on this one.  Sorry about that, and we’ll be back to the regularly scheduled CATs next Tuesday.)

Dear Mike & Lee,

I have a question: how do you gain knowledge for inforsec career if you do not have money for certs or a degree? I mean, I can learn without tutors, by myself, but the problem is to find the relevant information and to prove later that you have the knowledge.

Learning Challenged


We get this kind of question a lot, and it’s incredibly difficult to answer so generally.

Knowing what learning to acquire is an incredibly personal question – you need to figure out where you want to go first.  Do you want to be a PCI auditor?  A firewall engineer?  A penetration tester?

Each of these require radically different learning paths.

The key to knowing what to learn is simple once you’ve figured out what you want to be: do your reconnaissance.  Find a bunch of people who already are what you are and figure out what they know.  You can do this directly (by asking them) or covertly (by using Linkedin or the like to read up on backgrounds of people with job titles you’d like).

Once you have the knowledge, proving it is a matter of demonstrating your skill.  You can do that a million different ways: through writing, speaking, joining industry working groups and boards, working on open-source projects, etc.  Again, it depends on which skills you wish to demonstrate.

Once you’ve figured out what you want to do, feel free to email us again for more concrete advice.

Lee & Mike

Posted by mmurray | Filed Under Career Advice Tuesday 


Comments are closed.