Bruce Scheneier has a good post up on his blog on how to break into the computer security industry (phrasing intentional). It’s nothing too earth-shattering, but a good, short reminder of how easy it is to pick up on the many different aspects of computer security. I agree with Mr. Schneier that the biggest asset that a security expert should possess is an attacker’s mindset – this means always poking and prodding at things to figure out how they work, and coming up with ways to make them work better. Certain types of people enjoy learning about new things all the time, and these people are a very valuable resource in the security industry.
There are plenty of free online resources available for self-starter types – if not for those resources I certainly would not be in the position I am in today. I do find it mildly amusing that the second comment down on Bruce’s post is a poster complaining about the relationship between certifications and experience; technical fields are a meritocracy, and it’s easy to contribute. While I’m sure for those who have a degree it’s a nice leg up, but infosec is about “what have you done for me lately?” not necessarily demonstrating what you’ve done several years ago. You need to prove that you’re on top of the latest technology, and it’s easier than ever to demonstrate that.