Alyssa Columbus

The exponentially increasing volume and variety of data being generated today is proving to be an unequivocal target for cyberattackers who see great value in destabilizing enterprise and national ecosystems to create political chaos and drive financial gain.

The SolarWinds hack successfully penetrated the executable files of a leading network monitoring system and is a stark example of the future of cyberattacks. To thwart future attacks at this level of sophistication, change management and ongoing education are needed at a professional level. Personal responsibility and ownership of staying current in information security on the latest vulnerabilities and exposures and with the latest technologies aren’t optional anymore. What’s needed is a framework for continual self-improvement. I have provided the foundations of a framework that has worked for me here:

Learn with a community

I’ve personally found that I’ve developed new and existing skills much faster (by a magnitude of months) when I’ve joined a community of learners than when I was trying to learn the same skills alone. By attending local and online user groups, conferences, and other events, you can discover new concepts, hone new skills, and network with possible future colleagues. Also, in a community, you will gain a more holistic perspective of information security and a more complete picture of how others are managing successful information security programs.

Learn the fundamentals of effective communication

Although an emphasis is often placed on learning the technical skills necessary to succeed in information security, you also need to bring a similar level of intensity to improving your communication skills. Understanding how to secure a network or be in compliance with a privacy regulation is just as important as understanding how to communicate reports on these technical responsibilities to diverse audiences. Information security is a shared responsibility among every member of an organization, so the real impact of an information security professional’s work depends on how well other people can understand their reports and make informed decisions to improve their security program.

Learn concepts hands-on, as it’s the best way to grow and progress your information security skills

Participating in a CTF (capture the flag) or completing a basic project (e.g., securing a WiFi router) for a relative or friend and writing about your experience is often much better than only reading through abstract concepts in textbooks or certification exam study guides. Your experience using real-world tools is just as necessary as your experience studying for academic credentials and certifications, as it translates theoretical ideas into practical outcomes.

Learn how to ask the right questions

By far, the most challenging aspect of any profession to learn is the intuition for what questions there are to ask and which questions you should ask. The more experience you have and the more you engage your intellectual curiosity, the easier it will be to ask the right questions. Developing information security literacy, or knowing how to find the answers to these questions, can be achieved through risk assessment and mitigation education and practice.

By following this framework, you will be able to not only keep up with the most up-to-date information and protect against the most advanced current threats, but you will also have an enhanced ability to protect against future threats facing tomorrow’s technology.