(Technical) Infosec Core Competencies

Every so often, I get asked how people can enter into information security, what they should study or what certifications they should pursue. I don't have a good answer to this question. Or rather, I don't have an easy answer to this question.

I don't find much value in any specific certification program, and I know that everybody's path is different, so I'm hesitant to give any more specific advice but a broad recommendation to work with your organization's security team on practical projects to gain experience and an understanding of how the team functions.

However, at the same time, there are a number of things that I regard as, well, a common body of knowledge in the field, a set of core competencies.

Now granted, the above list is shaped by my own personal background and experience, and you may do well without many of them, making up for gaps with experience and knowledge in areas that I lack. That's quite ok.

You may also notice that a lot of this overlaps with a general understanding of... well, computering on the internet, with operations and system administration concepts. This is no coincidence. Good ops is good security.

Leave a Comment