I get asked a lot how to get started in the computer security field and how to become an author. I figured I would try to cover both questions in one article. This will probably be a “living document” with things being added or changed as time goes on. If you any questions, please let me know.
Learn the Craft
As with the normal IT field, the security field changes almost every day, so it is good to constantly be a student. There are a lot of outlets to learn from:
- Local security groups have regular meetings
- SANS classes are a great place to build your career, they also have free webinars
- Pentester’s Academy, Cybrary
- Youtube – Irongeek’s channel is awesome!
- There are tons of technical books & classes available from publishers like Packt, O’Reilly, etc.
- Capture the Flag practice sites & competitions
- Magazines, like Hakin9, Pentest Magazine, etc.
- There are also numerous Security Certifications you can pursue
- Technical Schools, Colleges
- Google is your friend!
As mentioned earlier, most security professionals have a blog, or video channel, check them out. For example, City College of San Francisco Security Professor Sam Bowne offers a lot of his class material to the public.
Follow & Network
Find people in the field that do what you want to do and follow their social media accounts, check out their books, blogs, watch their training or conference videos. Get connected with local security groups – there are multiple groups available, ISSA & OWASP are just a couple. The security groups are normally very open to new comers and those willing to learn.
Many (not all) security leaders are willing to help people new to the field if they ask good questions. But realize they are very busy and may not answer if you ask a question that you could have easily Googled.
Start a Blog
Write about what you like, what you are learning, what interests you. On my blog I simply wrote about the new things that I was learning as I explored cyber security. It wasn’t long before I had a very popular security news site contact me and ask me to write regular posts for them.
From there I was contacted by a top security magazine and asked to write articles for them. After I wrote for them for a while, I was asked to join their “beta test” team, a group of individuals that tech review articles and classes for the publisher. Around the same time, I was contacted by a book publisher and asked to be on their tech review team.
Even though I am pretty busy now with writing my own books and training material I am still on the tech review team for both publishers. It is a great opportunity to help out people new to the field and provides a great chance to meet & network with other like-minded security professionals.
Get Real-world Experience
I am all for people moving from other IT jobs into the security field. I think the previous experience dealing with hardware, software and people really helps. I started in the IT field ages ago and worked up through the ranks. I think I have held or performed about every IT job possible, lol.
Things have changed a lot in the security field since then. It is pretty well formed now, and with the proper education/ experience it is possible to get an entry level security job. When I started in security everything was new and pretty fluid.
I was one of our city’s first Microsoft MCSE’s. I learned everything I could about server security and support. Later, I dived into Ethical Hacking after the IT field started going through some changes in NY. Even though I was well versed in networking, servers, Linux, and corporate IT security, many of the techniques were very foreign to me, and eye opening.
I’ll never forget the day that I had an interview with one of the top server support companies in an adjacent city. It was when I was trying to explain what ARP attacks were to their top server guy, and the “what in the world are you talking about” look on his face, that I realized that there was a huge need for Ethical Hacking training.
I have performed security research and consulting now for years and really enjoy it. It is kind of funny, having military knowledge, being a weightlifter & martial artist, along with a security trainer has really opened up some very interesting client opportunities for me. I would really advise – be yourself!
Write for a Magazine
If you have been established in the field for some time, and want to try to take the jump from a blogger or trainer to published author, go for it! If you have never published before I would highly recommend approaching a magazine publisher first.
Magazines like Hakin9 are always looking for new authors, and it is a great way to “test the water” to see how your articles are received. It is also great for marketing as it will put your material in front of a lot of people worldwide.
When you submit an article for publishing it is reviewed by their tech review team, and you are given feedback as to whether the article is a fit for publishing. The article tech review process will also provide you with invaluable feedback on any technical issues or improvements needed with the article. If you are turned down, take to heart the review feedback, make changes and try again!
Write a Book!
Writing for a book publisher is similar, but a more involved process. Usually the publishers are looking for specific themed books to be written, so they want authors with that experience, and will want you to write along with their topic. Some book publishers have tight deadlines, so you should be prepared to invest a lot of time into working with the publisher. The publisher will normally have a specific format that they want you to use, and as you complete each chapter, it will be submitted to a tech review team for feedback.
Use great pictures! A picture is worth a thousand words – Screenshots are always helpful, use large high contrast fonts (bold white text on black works great), and make sure the picture clearly shows what you are trying to do and that the text is easy to read. For example, don’t use a screenshot of the entire desktop when just a snip of the terminal line will do.
For technical procedures, write down every step that you do to produce the desired results. When done, go back over the procedure just using what you have written down to make sure it includes all of the steps and more importantly, that it actually works! 😊
Use layman, non-technical terms as often as possible. The best teachers can break down very technical procedures into common language that is easily understood. Still interested in writing for a book publisher? Reach out to them! Packt & NoStarch Press have “write for us” type webpages, or you can try the “contact us” links on the other publisher’s websites.
Self-Publishing
What if you want to write a book, but don’t want to write on a topic provided to you by a publisher? Services like Amazon’s Kindle Direct Publishing allows you to be your own publisher.
Self-publishing is a great option, but I will warn you from experience, it is a huge time sink – be prepared to set a lot of life aside to get this done. Book publishers provide you with a pre-existing format, editing & art services, and marketing. If you self-publish you will be doing all of this yourself, or will be paying for someone to do some or all of the steps for you.
Get a good editor, better yet, get three! I have been blessed with the help of an exceptional main editor. You have to love someone with multiple Doctorate degrees. Everything I write is run by him, and his input has been invaluable over the years. It is good though to have multiple people review your chapters for both technical and grammar issues.
Just remember, no matter what, mistakes will always make it through to the final book, so have a plan to deal with corrections. An errata/updates website for the book is always a good idea.
Plan your book covers – you will need graphics and a good layout for your book covers. Hire a graphics designer or do this yourself if you have the appropriate skills. But the book covers are usually something that are overlooked in self-publishing, until the last minute. It is good to work on them early and get them squared away, you can always tweak them later.
As you write, you will have self-doubts, and want to give up, this is normal, and usually the strongest when you start, at the mid-point and in the final crunch period. Believe in yourself and persevere, you will thank yourself when you are finished!
CYBER ARMS - Computer Security 