Whether you are looking to get started or are already well down the path of an IT security career, continuous learning should be top-of-mind to keep your skills fresh and your confidence high. The good news is that with a shortage of skilled security experts in the market, any amount of dedication to continuous learning will be both valued and sought after.
Tip #1: Get involved in an open source project, preferably related to security
In full disclosure, part of this recommendation comes from our passion for open source here at Profian (after all, we are the custodian of the Enarx project and several of us grew up at Red Hat). But we also know that hiring managers look for this on CVs. You don’t even need to be writing code, necessarily: there’s a huge need for documentation, testing, UI design, evangelism and the rest, but it’s great exposure, and can give you hands-on experience with what’s going on. You can even choose a non-security project, but consider getting involved in security-related work for that project.
Tip #2: Learn a new language with security in mind
There are a couple of ways to think about this.
First, it would be worthwhile to explore languages aimed at security use cases, such as Rust. Rust has been adopted by many industry leaders including AWS, Google and Microsoft because it’s considered ‘safe’ and it’s also fast and efficient, requiring less memory than other alternatives. Rust is also the most frequently used language for developing WebAssembly (Wasm) applications
The other way to approach this is by learning any new programming language while thinking about how it handles (or fails to handle) security. You’re going to want to do this through a lens that ultimately:
- shows that you understand what’s going on with key language constructs to do with security
- shows that you understand some of what the advantages and disadvantages of the language
- (advanced) shows how to misuse the language (so that you can spot similar mistakes in future)
Tip #3: Learn how security impacts other areas of your company – and how to talk about it
There is certainly a deeply technical aspect to security IT with all the skills and knowledge that implies. But understanding how to communicate with other departments, listen to their business objectives, identify the risks involved and explain in a language they understand are key skills to have. Consider the following:
- risk and compliance
- legal
- marketing
- strategy
- human resources
- sales
- development
- testing
- UX (User Experience)
- IT
- workplace services
Get to know people from each of these departments and start to understand somebody else’s mode of thinking, what matters to them and what makes them tick. Next time you design something, make a decision that touches on their world or consider installing a new app, you’ll have another point of view to consider.
Tip #4. Learn to think about systems
Nothing that we manage, write, design or test exists on its own: it’s all part of a larger system. Think about the larger context of what you’re doing, and you’ll be a better security person for it. Here are some suggestions:
Read a book about systems, e.g.:
- Security Engineering: A Guide to Building Dependable Distributed Systems, by Ross Anderson;
- Beautiful Architecture: Leading Thinkers Reveal the Hidden Beauty in Software Design, ed. Diomidis Spinellis and Georgios Gousios;
- Building Evolutionary Architectures: Support Constant Change by Neal Ford, Rebecca Parsons & Patrick Kua.
Arrange for the operations people in your organization to give a 15-minute presentation to your group (we guarantee that they think about security differently).
Tip #5. Keep up with what’s new
Getting into the habit of reading something security-related on a regular basis or making the effort to attend conferences means that you’re going to stay on top of innovation. Just in the last few years, we’ve seen the emergence of Confidential Computing, Cyber Asset Attack Surface Management (CAASM) solutions and the emergence of start-ups that can now monitor unstructured data in chat tools – to name a few.
It’s an exciting time to be in IT security and we wish you every success on this journey. Happy learning!