How to be an InfoSec Guru

Occasionally people ask how I got where I am. I’ve been meaning to add an ‘about me’ but haven’t gotten around to it. A question earlier this week reminded me that this post was sitting in my draft folder.
A lot of people are sniffing after information security because they think they smell the green. They see CISSP average salary $93k and they think they deserve some of that cash. It was the same thing with Windows Systems Administrators. People who should be driving a beer truck are instead studying for their MCSE because the ad said they’d make $70 doing that. The flood of paper MCSEs just about destroyed the market for being a Windows Sysadmin, and I would guess led directly to some of the security desasters that have occurred in the past 6 years.
So if you’re in it for the money, move on. Go train to be an Oracle DBA or something. If you dont truely love the Information Security than dont waste your time. Its a lot of hard work, and just speaking for me the salary quotes you see are really high.
There is a common debate on which is best. Experience, education or certifications. I read an article about 5 years ago that would answer “all of the above”. The article argued that these things are the foundation of a solid career. So pick one and work at it. That’s the best way to get ahead.
Another article I read recently on this subject is by Roberta Bragg in Redmond Magazine “How to be a security babe” You may need to digg it out of the Google cache.