The sphere of information security is very extensive, so not everyone understands where they should start becoming in this area and what development paths there are in general. We decided to ask the experts what they can advise those who decide to become an expert in information security.
Information security is a very versatile field of activity, ranging from organizational and legal protection of information to engineering and technology. Most employers require a higher education degree in the field of information security, so you still need to study at the university. Here you can get the organizational foundations, and the legislation does not change so rapidly. But universities may not keep up with technological progress. The teaching staff is often middle-aged. You will have to pump skills additionally.
An excellent example is the information security competition (Pen Testing wise) Capture The Flag aka CTF. Such events are held around the world every week, and if you participate in them as a student, then thanks to team motivation, passion and knowledge sharing with other participants, you can increase the level in the administration of operating systems, web security networks, gain information retrieval and forensic skills (investigations). computer incidents). The CTFtime website provides information on various CTF events.
Of course, there are many training centres where you can get such education or advanced training, online resources where you can learn how to search for vulnerabilities for a different budget or for free, etc. It is perfectly legal to train in the search for vulnerabilities in real conditions. Many companies organize so-called Bug Bounty programs, where you can even get a reward for a found vulnerability. An example of a Bug Bounty site is HackerOne.
In addition, information security companies hold conferences, master classes and online seminars, and publish a lot of information that is also useful for self-education.