I read Daniel Miessler’s article and liked it. So I tried to evaluate myself against it.
- ✅ come from one of these backgrounds
- system administration 👈
- networking
- development
- ✅ have a good foundation in all these and a decent strength in one
- system administration (Linux, LDAP, hardening, …)
- networking (TCP/IP, switching, routing, protocols, …)
- programming (concepts, scripting, OOP basics) 👈
- ✅ have some relevant certifications (CCNA, CISSP, LPIC-2, CCENT, CKAD)
- ✅ nurture your programming skills; you can build websites, tools, PoCs, …
- ✅ stay up to date (twitter, email digests, …)
- ✅ have a lab (AWS + home server)
- ✅ be always working on (GitHub) projects
- ✅ make contributions (on GitHub)
- 🚫 practice with bug bounties (BugCrowd, HackerOne)
- ✅ have a presence (web site, blog, Twitter)
- ✅ network with others (interact on Twitter, go to conferences, …)
- 🚫 respond to Call for Papers (CFP)
- ✅ professionalism
- dependability
- speak concisely
- tighten up you writing
- learn to present
- ✅ understand the business
- ✅ have a passion
- ✅ you’re in your 30’s, 40’s, or 50’s, and things are looking good :-)
- 🤏 financial knowledge
- ✅ management experience (managing people not only projects)
- 🤏 extensive network (know a good percentage of the major players in infosec and business)
- 🤏 dress/etiquette :-)
- ✅ advanced education
- 🚫 media savvy (trained to speak with the media about various topics)
- 🤏 tech/business hybrid (be able to speak and work with devs and managers)
- 🤏 creativity (able not only execute what you’re given but come up with new ideas and approaches to problems on a regular cadence)
Some of the above attributes are applicable only to certain career phases (junior, senior, team lead). Others are universal.