Any Advice To Offer This Future Infosec Professional?

For All Things IT Security Conference Related

Join Our Newsletter [Over 50K Subscribers]

Let us send you information on ticket discounts, speaking opportunities and a ton more!

Home / Blog / Any Advice To Offer This Future Infosec Professional?

Any Advice To Offer This Future Infosec Professional?

Tagged Under:

This blog post has been written by Joshua Coppola who is starting his career in cybersecurity. We are very grateful to Joshua for having taken the time to write this and we welcome all feedback and help that you can extend to Joshua! Thanks! The Concise Team

Update! We’ve a major update to this content: we’ve gone ahead and interviewed literally dozens of Cybersecurity Professionals to ask them to share their experiences and what advice they had with regards to getting started in the industry. So, if you are interested in become a Penetration Tester hit this link, or a Cybersecurity Analyst here’s that resource.

The below is written by Joshua Coppola.

Let me start this blog post by sharing a little bit about myself.

I am a student who is majoring in Computer Information Systems. The way the degree program is structured, the only difference between a computer information systems major, and a computer science major is one is more business orientated, whilst the other is more science focused.

Originally, I had intended to study computer science at a private college, but was falling behind as I had never had much experience with computers and was in classes with those who had. As such, I switched the major field to Criminal Justice, attempting to get into private security. Due to loans and other concerns, I decided the financially best situation would be to pursue my first love in computers. As such, I began self-teaching myself courses in programming and security.

As I delved into the security world, I realized that I would not be able to get anywhere without a degree in that field. With that in mind, I have returned to school and am currently using federal funds to pay down my private loans (I was young and naive and failed to realize the difference).

Currently, I have been taking CompTIA’s Security+ with Concise Courses, and Top-Hat-Sec’s SQL Injection course. Also, to further my learning, I set up a virtual lab and used it to learn about Kali and Metasploit as well to gain familiarity with Linux based environments and commands. I also made a Twitter account to follow security persons such as Kevin Mitnick and others from Top-Hat-Sec (a big shout out to R4V3N and H4V0k who have helped me).

Meanwhile, I have been employed as an End User Device Administrator in order to gain hands on experience, but still pursuing what I can to learn about security. Currently I am attempting to get into a security analyst position with a local university, but it is one that receives thousands of applications and as such, with my current credentials, I do not believe I will have a good shot at this place. I have found interest in the area of both network and malware analysis. Upon graduating from college, I would like to pursue a career with a focus in those fields. To further my development on those, I have started familiarizing myself with Wireshark and Cisco CCNA in 60 days.

The reason for this blog post is that in my current situation, I have realized that I am really the only one around who is interested in security and that makes it difficult to find like-minded people. And I would really like to surround myself with like-minded individuals and mentors in this field. I hope we can start a discussion on this post that leads to (maybe) the creation of a group. Concise Courses are open to facilitating this resource.

And, I’d welcome any constructive criticism on my approach, and any tips from those already established in the field. Simply put, what advice do you have for somebody who does not physically have like minded (InfoSec) peers in close proximity.


Here’s an update from Joshua

[Joshua posted the below in response to some of the replies: 2015 January 20th]

“….As an update to my blog, I am looking at attending Western Governors University through their Bachelor’s in Information Technology field as it is low cost and it provides in the tuition the money for certs such as A+, Network+, etc. You graduate as fast as you can study and do the coursework.

I want to thank everyone for their constructive criticism and am working on better understanding Kali, Metasploit, and Snort. I don’t really have anyone or any organization near me that would provide a networking aspect for myself. However, I am doing what I can. Thank you all….”


Please drop a comment below to help out Joshua and all the other beginners within our extended community. We all had to start somewhere and any advice that you can give will be hugely appreciated!

Thanks again to Joshua and Good Luck!

  • Mike

    If you’ve got plenty of spare time, get really really good with Nessus, Metasploit, SNORT. Also some commercial companies will provide students with free versions of their software if you ask real nice. They don’t advertise it, but I’ve found lots of companies are willing to help out a poor student who wants to get good with their systems. I assume b/c they may pay for it in the future.

  • John Becker

    Sounds like you’re doing much of what you should be doing, learning the ropes, doing due diligence, learning about everything computers you can lay your hands on, etc.

    Here’s the thing …

    IT Security is full of some true bad asses in the IT industry because we basically need to know a lot more than everybody else … especially the bad guys!

    Be patient. Keep an open mind. Let your heart lead you to those people and business opportunities that will truly nourish and appreciate you for what you currently have to offer, and in time you’ll get your opportunities … security-wise and/or otherwise 🙂

    I guarantee it.

    May I be so bold as to ask …

    Where abouts are you located?

    John Becker
    Chief Governance Officer
    Phenix Energy Group

  • Stu Heller

    Josh,
    It’s great that you got Security +, but that’s not enough. You need to pursue more advanced certifications in Information Security. Also, it’s very important to network with others and to join organizations that have local meetings (e.g. Infragard)

    Hang in there. It’s tough to land a job, but not impossible.

  • Walter G. Hooks

    Hello Joshua,
    I too am taking the plunge into IT Security. I have a BS in IT Management and a MS in Homeland, Security and Safety. I am A Plus, Network Plus and Security Plus certified. Currently I am working on CISSP, CCNA, and Computer Forensics/Ethical Hacking through Bluestarlearning. I have 20 years of Military service and over 8 years in the IT field. An excellent resource for EVERYTHING i.e. mentorship, IT groups, plenty of educational resources, job referrals, Resume writing resources, Professional profiles which are searched by IT headhunter, resources for starting your own business and much, much more are on http://www.linkedin.com feel free to contact me directly.

  • Daniel

    Hi Josua. I’m from Brazil, and I’m a student as well. I’m also trying to pursue a career on infosec. I had the same questions in the beginning. The problem is I discovered that true infosec professionals are hard to find. Having mentors is almost impossible. Most people I know who work with security are not in fact infosec professionals, they are just sysadmins with higher firewall and management knowledge. I know people who works on ‘security’ but does not know about Kali. Metasploit? What is that, Food? So the internet is important, the world is online, thinking in this way, I started to pursue information as you did. I discovered that the internet is the best place for it. Just keep going, do courses, make contact with people far away from you, do certs and try to get experience. At least is what I’m doing, and it is working well so far. By the way, sorry for my poor English. Good Luck

    • Marcos Paulo

      Hey man, i’m seeing you advice and i agree with your all words. I’m from Brazil too. Have you already worked with InfoSec ? I’m looking for professionals for advice and networking. If you wanna talk more about that here is my email. [email redacted]

  • sourav roy chowdhury

    i will help you joshua. connect with me on facebook.

  • Walter G. Hooks

    Hello Joshua,
    I too am taking the plunge into IT Security. I have a BS in IT Management and a MS in Homeland, Security and Safety. I am A Plus, Network Plus and Security Plus certified. Currently I am working on CISSP, CCNA, and Computer Forensics/Ethical Hacking through Bluestarlearning. I have 20 years of Military service and over 8 years in the IT field. An excellent resource for EVERYTHING i.e. mentorship, IT groups, plenty of educational resources, job referrals, Resume writing resources, Professional profiles which are searched by IT headhunter, resources for starting your own business and much, much more are on http://www.linkedin.com
    feel free to contact me directly.

  • Esteve Mede

    Hello Joshua,

    From what you have stated, it appears that you’re going on the right direction. Infosec is not a single topinion type of field, so you must decide what are you want to concentrate your efforts in; for example, you can be a digital Analysis (forensic), Network Security, hacker (red team and blue team), policy, and more.

    To be an effective Infosec analyst you must know system/network administration and/or development, even how build scripts is very helpful. Yes, you can be a digital analyst, but that is very rare. The policy side is usually reserved for experience folks who no longer want to deal with daily work, but want to influence the way things go in the organization (usually in the leadership team).

    If you’re really interested in Infosec, you to look at the CIA, FBI, DHS and department of state for federal government and department of defense opportunities. They have programs that will pay for your school and are currently looking for college students to bring on-board.

    Hope this helps.

    Esteve Mede
    Chief Information Security Officer
    Federal Election Commission

  • lanre

    I have the same ‘general’ issue as josh. But in my own case, my university degree is not anywhere near IT. But i want a career in Infosec. Please advice on how i can start from the very scrath. Thank you.

  • Joshua Coppola

    As an update to my blog, I am looking at attending Western Governors University through their Bachelor’s in Information Technology field as it is low cost and it provides in the tuition the money for certs such as A+, Network+, etc. You graduate as fast as you can study and do the coursework. I want to thank everyone for their constructive criticism and am working on better understanding Kali, Metasploit, and Snort. I dont’ really have anyone or any organization near me that would provide a networking aspect for myself. However, I am doing what I can. Thank you all.

  • Kitty Kat

    Hey Josh .. Best of luck with it all, and keep up the good fight !

  • Desmond Goosby

    Thank you josh for putting this out there. I am in a similiar situation as yourself. Ive attained my bs in computer information systems but fell into IT sales position right out of college because it was easy money. I really want to get into the infosec field. If you all do open a network for beginners with mentors Id love to participate in it. Im currently looking for the best option to gain security + cert.

  • Pam Armstrong

    Hi Josh,
    I’m in a similar position. Only I am taking courses with American Military University. I also have a handicap in that I’m older so I cannot do Internships or employment with Federal Government entities. Check into the ISSA. It might be a drive for quarterly meetings but it might well be worth it to get some networking in and learn some things. Good luck!

  • haseeb

    i am a student recently graduated from college and i need to know about cyber security too make it my career for future can u please suggest me any university ……… for this degree ………

    • Henry Dalziel

      It all depends on what you’d like to be – first thing to do is specialize! What is it that you are interested in? Forensics? Penetration Testing? Establish that then reverse engineer your way to seek appropriate training programs.

  • Jacob M.

    Finding mentors can be very difficult in this industry and to my own dismay I have yet to find a technical one and the only one that should/could be goes back from early 20’s and 2000’s, but as he went to Seattle and expanded his reach getting time from him is near impossible.

    Building great mentors has been a blessing in my life except for in the technical arena as several board members, community leaders, Executive’s, and business owners top in their fields all have a mutual benefit as they lack technical expertise due to generation gap (Avg age Mid 50’s).

    I’d have to believe now with collaboration tools beyond iRC this just takes a bit of effort and finding a talent to trade off, so it is not just a give and take relationship. Possibly focusing on a skill set they can offer to others in return and really build the relationship and for interpersonal long term desires as technology seems to take away from this generation after generation as each complains/feels.

    Also what appears common among HFT’s like HFA’s they tend to go their own way and have a hard time taking leadership as they’re used to being the smartest in the room and now is about the worst time in our industry to not find a small ego boost among peers after years of denial and attempts to prove their worth.

    I personally found conferences, events, and having an open door always brought new opportunities and though InfoSec mentorship was/is scarce it forced leadership skills to emerge and allow for coaching several others over the years which has been helpful with the one’s who appreciate it as I can count on them when I need a resource for a project or admin to assist and utilize their strengths while coaching them further on the InfoSec areas and concepts that apply to their foundation and InfoSec has come a long way that we all know pure technology knowledge is not the solution and has become far easier to accomplish tasks that building mentors strong in finance, management, and in various business industries can still provide the edge needed! Not to mention help navigate corporate America, sales, corp politics and all the area’s where buy in will prove far more valuable then someone to teach you a few technical concepts. Let alone we are loan wolf’s who need to assess every imaginable risk and impact of change that is often overlooked early on by others who fail to realize the business impact and user acceptance is a large measure of your success as if the C office and Sr. Leaders don’t adopt it why will others and will you even have an office in 6 months by securing an environment, but slowing productivity by 20% and lowered morale by 40% regardless how many Sec geeks agree if sales doesn’t then soon enough your salary is not being generated, when there’s many ways to accomplish the same results…

    You say you feel incapable of getting the SOC job due to thousands of applicants, but yet also feel all alone in the InfoSec journey… Not to be the jerk, but everyone I’ve mentored and way’s I’ve learned the most about myself was by choosing to find Dutch Uncles who I give full authority to shoot straight and be open with knowing no topic is off limits and getting raw feedback which has been hard only to find out a 125 lb Asian Mick apparently terrifies grown men that if they cross me, I’ll make them cry to their mothers and feel like a 2yr old with a unique talent to read people overtime and no so great quality to tear apart the cocky fakes feeding bad advice to my teams or friends. Took 10 years, but 1 person finally told me this who I mentored and had it confirmed by others after asking and since 2010 have changed greatly in these areas.

    Whether it is a lack of confidence as usually is the case with most technical individuals or you maybe fooling yourself into the fear or some weird anomaly in your situation,

    I don’t believe a degree is needed to date still if you have the skills and passion. It is becoming harder for low experience individuals as they decades turn, but my best hires have no degree and best project members made leads were hired as NIC installers and left Team Leads in Network Analyst for the 3rd largest LAN in the US in under a year.

    I joined the deal at the bottom just as a temp contract, I felt was out of my abilities and before week 1 I was put as a temp lead, to find out my coach and Lead wasn’t gone Wed. and instead reported to me. That was difficult as the young guy replacing a 20yr+ experience leader let alone just starting while they had built a relationship over 8 months and forced me to step up be honest about what happened and was said and fortunately earn their respect and prove my technical abilities in that same week to the point that left me to build a field team of 30 and 5 leads for 5 teams while training my new supervisors for our 2nd year contract 3x’s the size and taking over operations above my bosses I trained. Between that and ending up in a business at 21 with my house on the line all from a loan to a friend for his business and never having business desires or risk taking tendencies (beyond compromising every school/job’s enterprise) only because I knew I wouldn’t get caught, but turning both highly challenging situations into successes that I never was the type for and usually afraid to raise my hand with answers in meetings (but would takeover r console on NetWare and display it in classes), I learned we can do a lot more then we give ourselves credit for as I’m not special and the more I learned from customer service, management, and people skills mixed with the eccentric technical knowledge from 16hr days of studying the more I realized and saw as a mentor that the best potential were usually the most reserved, but as one person explained the squeaky wheel gets the grease I noticed that was true also, but they better be able to back it or they might get replaced the 1st week a new kid starts that the Director can manipulate to take your lead role on the project…

    If your in Chicago area I’m always looking for trustworthy people and others to mentor and work on contracts part-time or trade skills with.

    To Max my biggest issue years ago was being poor and tech $$$, so I made up for It and dropped $150k on a server cage in-house of Cisco gear and now on Security gear and have access to all these programs, tools, training, and new space for it that a user lab/dojo whatever could be setup in which I have 100+ VMWarw licenses and MS ones for their product lines along with RSA, Symantec, everything below my name and more that could be utilized and explored, along with 70%-80% off new purchases if people want to chip in. Maybe even something we could take as far as being an ATC with your niche for learning and teaching and mine in other areas or coaching people/groups, but face to face oddly…
    We can talk if you’d like I don’t need to be rich and wish an affordable solution existed for myself to get trained early on that why not offer it to others and if it keeps the DC bills paid and enough to maybe bring in students to maintain and learn labs as an option even better.

  • Dean R.

    Most states have ISSA groups and other user groups. That would probably be the best way to understand what is going on in the “CyberSecurity” Space and also what jobs are open. He should join his local ISSA chapter and possibly attend local “Cons” in his area. The more people you meet the more opportunity you will get. Let me know.

  • Fausto

    Hi Josh,
    Have you achieve your goals about cibersecurity after the different advices you have got in this blog?

  • Joshua Coppola

    As an update to this. The current area i am pursuing is Malware Analysis/Reverse Engineering. At this point in time, I am finishing up a Pentesting Student Certification. I have been using sites like hack.me and crack.me to study up on my infosec abilities. Meanwhile, I have also started pursuing learning about powershell and python.

  • Leave a comment or reply below...thanks!