IT security is a complex field for those of us that do not have any sort of background to begin. Here’s a few tips for getting into IT that we found via Quora on how to gain traction in the field:
-
Be paranoid – Check everything.
-
Think like a hacker – It isn’t always about tools. Understand both the defensive and attacker mindset.
-
Start a responsible disclosure program – This can be described as a simple page with rules that allow security researchers to submit vulnerabilities securely to your team. A program doesn’t cost anything to create, so it’s a no brainer as an extra layer of security.
-
Write clean code – As a code builds up and gets sloppy, it becomes more prone to hacks. Make sure to refactor your code. If you don’t know what it does: figure it out or get rid of it!
-
Think with the business mindset – Without understanding the business, you cannot secure the assets. Understand what information drives the business.
-
Measure, Measure & Measure – As an IT Security person, assess the true value the tool provides for the organization and report to your management. Analyze the false positives, compare the true incidents/breaches to incidents undetected by the tool. Whether it’s an antivirus tool or intrusion detection one, measure and monitor these statistics. Communicate the security value to the business executives.
-
Prepare – Knowing how to analyze the security event logs, where to search and what to look for can spell success in organizations to prevent attacks in real-time and take appropriate actions.
-
Create an awareness culture – Security must be a business enabler and everyone’s responsibility. Presenting the facts, leverage the industry statistics and case studies.
Thanks to the help of Quora users Sai Raman, Erik Fair and Drew Sing.
Leave a comment