The cyber security job market is experiencing a major workforce shortage. Millions of positions will be unfilled in the next few years as companies try to shore up their defenses against threat actors in our connected world. If you’re technically inclined, and if you’re willing to work hard, there’s a place for you.

For the second episode of our new podcast, F-Secure principal security consultant Tom Van de Wiele sits down to talk about what it takes to break into this exciting and rewarding field as an ethical hacker or security consultant. What exactly is a hacker, anyway? What kind of background do you need to become one? How valuable are conferences and certifications? What kind of questions will you be asked in a job interview? Tom answers all these questions and more. Listen to episode #2 here.

Plus, here are Tom’s top 21 tips for getting started in infosec:

Read books, magazines, articles, and blog posts. Don’t get hung up on one book, publication or author. Don’t get hung up on a certain technology or the users of that technology. It’s just bits and bytes. Technical religion will stifle your progress. Hone your communication and presentation skills. You’ll need not only technical chops, but also to be able to explain why certain things might be a problem and how to improve them. Proficiency in English in written and spoken form, on a technical and executive level is also important. Learn how to program in a few languages and learn them well. Learn about cryptography by doing. Play wargames and hack to learn, don’t just learn to hack. Cryptopals and OverTheWire are good ways to start. Read more. Learn how to take apart and reverse engineer software and hardware. Find your own vulnerabilities and understand how they work. Fuzzing is great but you need to understand what it is you are doing and understand whatever vulnerabilities you will come across. Contribute to an open source software project. Learn about operational security and privacy. Find likeminded people as part of research groups, hacker/maker spaces, social media and free or cheap meet-up possibilities. Learn about security management concepts and what processes make up a sound information security strategy. Learn TCP/IP on an expert level and learn how to do packet crafting. Know operating systems. Well. Refurbish an old laptop, run virtual images with different operating systems and test out attacks and defenses. Try out new code and tools and learn how to adapt them to your needs. Don’t just trust anything coming from the internet though. Did I say read? Install some games and try to cheat at them on your own machines and network. Can you hook up a bot or computer player to the game and make the computer play itself? Hackers write tools. Write your own tools and publish them. Try to scratch an itch for a particular subject. Not just for yourself, but for the whole community. Teach someone else. Explaining something to someone else when they need it not only helps you better understand, it also ensures we keep the community going by giving back. Always, always keep it legal.

Do you have questions for Tom? Check out his “Ask Me Anything” session on Reddit.

For free infosec training materials from F-Secure, check out our Cyber Security Base course. And while you’re at it, stop by our Career pages to see our openings.

Photo by Jefferson Santos on Unsplash