PassionAbove all else, you need to embody passion for information security. One of my favorite statements is: “The security realm is an ever-evolving creature.” To work in this field, you need to be able to learn constantly, adjust to change, and push forward at all times. A successful incident response analyst is eager to learn and does not shy away from accepting failures as a means to improve. Sounds great, right? Sure, but how does this translate to interviewing skills? Simple: The interviewers, who will henceforth be referred to as “the panel,” are going to want to know that you embody passion for your career. In an interview, be prepared to explain how you stay abreast of news in the security realm. “I read blogs and articles.” “Great. Which ones?” “Oh, you know, like… Reddit and stuff.” FAIL. Your interview panel wants to hear about the Twitter feeds, blogs, and news resources that you read. Name them. Explain why you like them. Are you able to do that right now, this very moment? They want to know the names of people you follow on Twitter. Why do you follow those people? They want to know the last article you read that sent you into a research frenzy. For that matter, they want to know what you learned from said research. Be able to explain what you learned and why you found the research important.
Skills to Pay the BillsPlease keep in mind that this article is specific to my experience with hands-on security positions, such as those in a SOC or a Computer Incident Response Team (CIRT). With that in mind, let us evaluate the skills you will need for such a position. I present a few of the pillars upon which the security realm sits: Foundation These positions require a solid foundation in computing, networking (LAN/WAN), and information security. If you are a command-line junkie in both Windows and Linux/Unix-based environments, awesome. That is just the beginning. Are you familiar with how inter-process communication and memory management work at a low level? Taking a course or reading a book on operating systems (OSs) concepts is a great way to start down this route, as this provides a solid jumpstart into OS methodology, design, and programming. Network-Security Monitoring A team cannot monitor the security of a network without employing task-specific tools. If you have never touched a security information and event management (SIEM) platform, you will want to review some of the tools listed here: https://en.wikipedia.org/wiki/Security_information_and_event_management#Vendor_products. Additionally, you will want to have knowledge of some basic intrusion detection systems (IDSs), such as snort. In fact, if you are not familiar with reading and/or writing snort rules, it is time to hit YouTube. You will probably also want to look into another popular IDS, bro. For some awesome hands-on learning, try to spin up Security Onion. Security Onion is “a Linux distro for IDS (Intrusion Detection) and NSM (Network Security Monitoring)” (Burks, 2015). This tool affords an amazing academic environment, providing numerous task-specific tools for your learning pleasure. Get your hands on this puppy and go nuts. The key is to look “under the hood” at all times. If you do so, you will be surprised at how much you can learn. Think about this: The information shown in Snorby, how is that populated? Those snort signatures that are firing, why are they firing? Other Related Skills Computer forensics, network forensics, malware analysis, and penetration testing are all skills that fall into the “you should know about these bad boys” realm. However, I am going to cut this particular article short and simply mention them. If you would like to know more, you can Google around or simply ping me for additional details. To discover more about landing a hands-on security job, stay tuned for part 2. To learn more about what types of high-paying jobs you work towards in information security, please click here and here.