Many career paths in information security are well-established and new ones are emerging. Although there are specific skills required for each career path, some skills are fundamental and essential for each of these career paths. These essential skills are listed below and anybody wishing to be successful in information security should build a strong foundation in all of these.
- Foundational information security principles
- Confidentiality, Integrity and Availability (CIA), fundamental security architecture, least privileges, need to know, access controls,
- Operating Systems and Cloud – Linux/Unix, Windows, Cloud, Mobile operating systems. Fundamental hardening methods for these operating systems
- Networking and application protocols
- Very good knowledge of common Internet and application protocols TCP/IP, DNS, HTTP, SMTP, SSH, routing protocols etc.
- Knowledge and hands-on practice for routers and switches, packet capture tools, nmap, curl, and other tools to be able to know what is happening on the network.
- Scripting and Programming
- Shell scripting, Python, understand how web applications are built, HTML, JavaScript, SQL/Databases
- Encryption technologies – PKI concepts, TLS, data security
- Written and verbal communication