Finding What You Love in Infosec

SecFlux

“There will always be more you don’t know” is an evergreen sentiment across all disciplines of infosec.

No matter what someone does, it’s likely they’re well aware of how fast things change in the field. Plus, there are a lot of different roles, responsibilities, and options when it comes to infosec jobs. Some more varied than others. The question remains, how many people are exactly where they want to be?

Maybe it’s her, maybe it’s analysis paralysis

When someone asks you “What is your favorite ________?” are there times when you freeze up?

Sometimes, choosing a specific… [insert whatever here] can be difficult, particularly if you like a lot of the options in front of you. Have you ever been in the cereal isle? Certain people may know exactly what they want right off the bat while others might struggle to pinpoint their preferences or objectives.

And, that’s totally fine.

For those who struggle, it could take a bit of self-reflection mixed with some trial and error to discover a right fit scenario. The thing is, this topic is multi-dimensional. Not only should it involve what interests you, it should also include what you desire in terms of output.

To be clear, this is in reference to professional working environments as opposed to more hobbyist scenarios. Touching on the basics first, the idea here is to create a decision tree or a type of framework to work from if you’re struggling to find something that not only speaks to you, but sings your name.

As an additional disclaimer, let it be known there is a school of thought suggesting the idea of “passion as a requirement.” Look, it’s great to enjoy and have passion for what you do, but it’s not a requirement. It certainly helps, though it has its own consequences, too. Now is a good time to point out the two primarily definitions of passion include phrases like “uncontrollable” and “suffering” to put things into perspective.

A lot of people will say “Do the thing you love!” while the other side of the fence insists “Don’t mix money with the things you truly enjoy.” The win condition is somewhere in the middle: Do something that interests you and makes you money.

But, what’s right for me?

So, what’s right? Well, that all depends on you.

If you’re the type of person that simply wants to collect a paycheck matched with an interest in technology or information security, more power to you. The important thing here is to know what your motivations and priorities are and make adjustments accordingly. Because, look, we all gotta eat and makin’ dat cheddar is what puts food on the table.

You can be on either side or somewhere in the middle– What matters is your comfort and what works best for you and your lifestyle specifically. In making these types of decisions, you can create a decision matrix and prioritize what’s most important to you.

Start at square one and ask yourself, “What do I want to do?”

Perhaps followed by, “Am I satisfied with where I’m at?”

Then explore, “Do I have the opportunity to, or am I willing to try and change my circumstances?”

Followed by, “Is there a direct line to what I want, or are there some things I will have to do to get there?”

Look, you could be thinking, “I’m not reading this to ask myself simple questions!” Understandable. However, those simple questions can lead you down different paths when it comes to discovering what you’re really after. Taking that time to really give it some thought instead of jumping to the next thing can be invaluable. Brainstorming is a very valuable and highly underrated process.

It’s possible you’re at the start of your career, mid-level, even in a senior-level position or higher. Assess what you need, what interests you, and where you want to be. Categorize your wants and needs into different tiers, if that’s helpful. Consider non-negotiables, flex territory, and other miscellaneous factors that could impact your decision.

For instance, non-negotiables could be your salary requirements, what benefits you desire, the type of work you’re doing, what role you’ll be fulfilling and so on. This will look different for everyone as different people have different needs.

How do I find something that’s interesting?

Work that interests you is often work that engages you. Engagement correlates with enthusiasm which directly corresponds with your satiation, commitment, and overall happiness. Granted, interest can wax and wane. If you have varied work with balanced tasks that keep you feeling “in the zone”, you have a better chance of achieving contentment in whatever role you seek to fulfill.

The best way I can describe this is by breaking my typical writing convention I’ve clung to thus far and move from instructional speaking into first person. (Don’t tell my college English teacher, they hated when I did that.)

I do a decent amount of public speaking and on more than one occasion, I've shared my story on how I got into infosec. When people ask me, "How do I get into cybersecurity?" I'll often counter their question with "Well, what is it that you want to do?" The most common response I get is a shrug or something along the lines of "Anything, really."

I've already touched on it, but there are a lot of different areas of cybersecurity. Someone could work in digital forensics, incident response, cyber defense, penetration testing, cybersecurity frameworks, cloud engineering, DevSecOps, technical content writing, research and development, cybersecurity leadership; I can keep going, but you probably get the point. 

Even if you ask me to this very day of "What exactly is it that you want?" I still might give you a mushy answer that is more based around concepts, flexibility, and camaraderie more than any specific topic.

Not too long ago, I decided to take a penetration testing course for the first time. Somewhere along the line, I'd realized that my work hadn't been technical or engaging in some time. For those that are already familiar with me, I talk about my experiences in dealing with Attention Deficit Hyperactive Disorder (ADHD) quite often. 

I bring this up specifically because it's very influential to how I operate on a day to day basis. Frequently, ADHD causes me to "chase the shiny" which is largely why I enjoy "solving puzzles." I get a lot of excitement (and dopamine) out of breaking things, fixing things, and finding solutions to problems. 

The work I do right now, though relatively enjoyable, isn't always as technical or engaging as I'd like for it to me. I find myself managing projects, writing correspondence, doing presentations, with the occasional technical consulting smattered in between. Even though I like all of these things on a surface level, it's rare I ever get to "chase the shiny" unless I'm taking a course or running through a lab as a demonstration. 

Unquestionably, it's easy to tell I don't like to feel like I'm getting stagnant. I like to learn new things on a somewhat (at least) semi-regular basis. Not so much that I'm overloaded or overwhelmed, but that sweet spot to where things won't get stale. 

During the pentesting course, I felt the heat of a small spark I hadn't felt in a while. A little fire inside of me was lit. (I suppose you'd say it was a somewhat contained electrical fire.) I was brought back to an earlier time in my life where I would find ways around certain perimeters or controls just for "the fun of it." I started thinking about all those times in school where I would come across a directory or file system I wasn't supposed to, or how I'd use a proxy to get around their rudimentary block lists. 

I was reminded of the keytraps I'd install on our family computer so I could play Starcraft whenever I wanted. Back then, those types of limitations gave me purpose in finding a solve. On some level, I think that's still true now, but maybe not in the same ways as it once was. 

To me, activities like pentesting, troubleshooting, and reinforcing defenses can feel like a game. The answer or the solution feels like a reward. In fact, I've often compared my preferences to that of playing a Real-Time Strategy (RTS) game. The blend of strategic analysis matched with tactical implementation is a headspace I rather enjoy. 

Discovering the “headspace” you enjoy is what it’s all about. If you like finding the needle in the haystack, maybe forensics is for you. Or, if you really lie working under pressure, cleaning up messes, and handling problems, incident response could be up your alley. Take time to assess what gives you that spark and makes you feel like you’re being driven by a motor.

Some roles may even offer the capability to work and perform different tasks or functions in a variety of ways, but be careful of being the everything to everyone in an organization. That can go sideways very quickly.

Work to Live, Don’t Live to Work

Practically everything in infosec requires a lot of you. There is a fine line between doing something you enjoy and completely investing yourself in your work. The whole point of this blog is for you to absorb some of this information through osmosis and consider where you interests lie and how to effectively balance and prioritize your wants and needs.

If you’re spending too much time, effort, and energy in doing or thinking about you’re work when you’re not “supposed” to, that can be a problem in of itself. Finding activities, events, and hobbies that exist outside the realm of your work is a healthy way to manage your motivation. Because, as rewarding as the dopamine hit is for solving problems, it can’t be an always-on mentality. None of us are the Energizer Bunny, and if we were, the world would be a better place because of it. (Come on, he’s just really cute!)

Giving yourself a diverse and eclectic approach to mental and physical stimulation is bar none the nirvana of personal idealism. A fourth wall breaking moment is needed once again!

These points are so important to me because I've fallen into a lot of these trappings. I wanted so much to be successful that I completely poured myself into my work. On some levels, I still do that. I'm a recovering workaholic, in so many words. I hope this serves as a cautionary tale for many. 

It's easy to get swept up in. It encompasses a huge part of most of our lives and is intrinsically tied to practically everything we do from a digital perspective. How do not think about it when we walk into our doctor's office and see an unlocked computer with patient information clearly visible? How do we not think about it when we see our own cell phone provider breached for the sixth... seventh... maybe eighth time... KNOWING it doesn't matter what provider we use, that it could be an inevitable outcome no matter what we do. 

As someone who is an expert in dissociating, sometimes distracting yourself is ok. There are plenty of way to accomplish the feat of distraction whether it's walking your dog, working out, going on a hike, playing a video game, drawing a picture, writing a short story, making a scrapbook, building a model kit, watching Star Trek Deep Space Nine for the 5th time, you name it. Point being, you're not a planet that revolves around your work. At the very least, you should make that part of your life as enjoyable as you can. 

Find that spark, that fire within you and keep it fed. It's electric, boogie woogie woogie.

Your Home Page for Information Security News