I’ve been getting a number of contacts via LinkedIn or networking organizations I belong to about how does one pursue a career in infosec. Even from university students in various areas of the world saying I showed up in their LinkedIn search.
Of course people ask about needed certifications, technology, and the best resources available on the Internet. I figured I would cut and paste a few paragraphs from a recent response I sent out.
Most important is to have common sense and an inquisitive nature on all things – wanting to know how and why things work, thinking outside the box, what happens when you draw outside the lines. I place more value on personal initiative, ability to rapidly ingest new knowledge, and demonstratable experience in applying it to business/mission objectives over whether a candidate has a particular certification.
Certifications do have value in career development but not as a discriminating factor used against you in furthering your career.
With that understanding I can recommend pursuing the CISSP and CISM certifications in time. I hope I’ve answered your question and given you some direction. Know the most valuable security professionals are those who align security to the business/mission objectives. As I always say
If there is no business/mission, there is nothing to secure.
For what it’s worth,