I’ve had a lot of conversations with high school students and students in their initial years of university who don’t particularly know what they want to be when they grow up. Heck, I’m still trying to figure that out! The advice you hear from most guidance councilors and others who mean well is generally to find something you like to do, something you have a passion for, something that you’ll enjoy so you’re not stressed at work all the time. Having received this advice before, having now gone through university and worked for a number of years, there are some things I’d go back and add to that. The biggest issue I found with that advice is that I wasn’t able to explore various fields to find something I liked. I was good at math, science, computers, and gym class (especially gym class!), so I continued on with those. Math eventually turned into more English than math. Science theories keep changing (in one year they taught you electrons are in an orbit, then in the next they said, ‘yeah we knew it’s all wrong but taught it to you anyways’… what?!) Thus, I was left with computers and gym. It didn’t take long to realize I wasn’t going to be a professional athlete, so I decided to study computers. Good ol’ Comp Sci! Oh man, did I ever hate programming. Just when I was about to quit, I stumbled upon this magical unicorn called information security. For fear of being shamed out of my family for quitting school, I decided not to quit and instead pursue this degree. After having finished the degree and worked in the field for a number of years now, I’ve learned a thing or two that I want to share with anyone who is thinking about what they want to do. The most interesting thing I found is that there are folks in this field from all different backgrounds and walks of life. There are people in this field with degrees in astronomy, mediation, math, engineering, and even no degree at all. The questions at hand here are what do all the successful people in this industry have in common? Is that something that I, as a student, also have? If so, maybe this field is something I want to check out. The first thing is a passion for tinkering; a passion for wanting to know how things work. If you can figure out how something works, you can figure out ways to manipulate that design and make it do things beyond it’s original intention.This is what defines a “hacker”. The term gets tossed into all sorts of definitions and often thrown under the bus, but in essence, this is what a hacker does. A great example is the website www.lifehacker.com. It looks at everyday things people use and finds different uses for them. Another example is http://www.ikeahackers.net/. It is a site dedicated to taking Ikea furniture and unlocking it’s potential. If this is something you like to do or know someone who does, keep reading. The second fundamental characteristic that is required is the ability to effectively communicate. In today’s digital world, it’s more common to text message someone than to call them. That’s fine and well, but can you effectively carry a conversation? Do you think before you speak? This is a skill that today is often lost. The key here is to be able to take a thought that is in your mind and relay it to another individual. It seems simple enough, but to paint a picture in someone else’s head with just words is actually not easy at all. The third one is a little tricky... this one is more of a balancing act. Think of walking on a tight rope across Niagara Falls. On one side, being in information security requires a certain confidence, a swagger so to speak. But on the other side, staying humble is extremely important. Humility is one of the key factors to being successful in many fields. The thing about information security is that no matter how much you think you know, the second your ego begins to waiver, someone will outsmart you and knock you back down to earth. I don’t care how good of a swimmer you are; you don’t want to fall into Niagara Falls. Once you’ve decided that this is the field for you, there are many different opportunities to become successful. Those who are more technically inclined can lean towards areas such as penetration testing, secure coding and forensics. Those who are great at thinking outside the box, but not so great at the technical aspects, can look at areas like analyzing risk or threat modeling. Those who like blogging and public speaking with interests in information security can look at evangelism and industry analytics. The range of possibilities is quite vast. I encourage you to do some research, read some blogs and check out an information security conference or two. There are plenty that are offered free or heavily discounted for students. Find a mentor in the field – there are plenty of us willing to help out. The more informed you are, the better of a decision you can make. And hey, if you don’t like where you’re headed, it’s not too late to explore other fields, as well! Title image courtesy of ShutterStock
