Occasionally I get asked about how to get started in the information security (also "infosec", "cyber") field. Since that's not my primary area of expertise, it's my intent to keep this post updated with the best guidance I've come across to answer this question.
Of course, one of the best ways to get started in a new field is to get connected with people who are already doing what you want to be doing. But how do you figure out what you want to be doing? And what skills will you need for that?
Here are a couple of guides that provide a sense of the skills and credentials that the industry values:
For example, on Twitter the infosec community uses a few common hashtags that can be used to find information security related people and projects. You can web search for these of course, but here are a few to get you started:
The Twitter community also participates (in 2019) a couple of weekly recurring events that can be really helpful to newcomers. Combine these hashtags with one or more of the above in your search to locate relevant tweets:
"Follow Friday" ("#FF") is a weekly callout where influencers and non-influencers alike post lists of should-be-influencers for everyone to follow. This is a great opportunity to make a few Twitter lists and get familiar with clusters of interest-related people in the industry.
"Mentoring Monday" ("#MentoringMonday" / "#MM") is a weekly prompt to help connect would-be mentors and mentees. Podcast listeners may be interested in the NSC42-produced "Mentoring Monday Podcast", a call/slack/ at https://www.nsc42.co.uk/mentoring-monday. Tanya Janca (@SheHacksPurple) has a compelling introduction to infosec mentoring at https://youtu.be/knxoIwfdQxE (also included on the NSC42 site).
At a conference, you can not only build your knowledge, but you can also meet even more people doing interesting things.
Here are a few lists of conferences that might be helpful with that: