One way to build a portfolio of technical expertise without necessarily having the job experience to back it up is to create projects surrounding topics that interest you. Creating those projects to a level where they’re reasonable to complete can be a challenge in and of itself, especially if you’re looking to challenge yourself or if you want to show growth from previous projects.
When entering an industry on your own - no university plan to follow, no teachers to hold your hand - it can sometimes be overwhelming to see just how many topics relate to that industry, and it can sometimes be overwhelming to find quite where you feel like you’d belong best in that industry.
This case definitely applies to Information Security. InfoSec has so many different fields that fall under its umbrella that it can be daunting to find where to start, what to look at first. So how to go about it?
In the past year that I’ve involved myself with the infosec community, I’ve done my best to stay as open to everything as I can. No avenue is left unwalked, no stone is left unturned. Of course, it’s impossible to keep that up but a broad focus that gets narrowed down and wittled into shape is probably the best way to venture into a new industry unguided.
Imposter syndrome. It’s only two words but it’s the bane of many people’s lives, not just people involved in infosec or technology.
It’s so easy to turn around and think so-and-so is so much better at a certain subject, or you’ll never catch up to so-and-so’s knowledge of this area of interest.
Honestly, this thought did cross my mind while I was writing the post.
What led to me still posting it is the fact that a lot of these elements I’ve spoken about have been spoken about for years - or at least, I’ve recognised them for a long time and I’m sure it’s been mentioned to me in the past regarding elements of “dodgy” emails to avoid responding to. I’d like to think that most of these elements are primarily common knowledge (though from personal experience I know it isn’t a knowledge as common as I would like it to be). I think if they were going to have improved based on this sort of information, it would’ve happened already.
Of course, a breakdown like this might contribute to future improvements, and if my post ends up a contribution to that then I’ll accept the part I’ve played.
I tweeted this photo last night because I like to mock some of the phishing emails that come through on one of the several email addresses I have. As per usual with my tweets regarding those emails, I made some sarcastic commentary about things I noticed with it. These emails will always be coming into one mailbox: this is an email address I’ve had since I was 13, and it is an email address that is likely to be on a lot of various mailing lists both good and bad due to the extent of usage it’s had. I’ve accepted that. Most nefarious emails do get blocked, but there will always be some that get through the net. Things happen.
Now I have this blog set up and running, I figured I might break it down a little bit more - hopefully leaving out the sarcasm, but I can’t make any promises about that.
