My interest in InfoSec started nearly 10 years ago. At that time I was working as a consultant for an IT Consulting Firm. My primary client was a large law firm specializing in mortgage servicing and foreclosures. That’s around the time that the infamous “robo-signing” hit the news and spurred tons of government regulation in the industry. What did this mean to me? Auditors. Lots of them!
Soon after that I started receiving spreadsheets with all sorts of color codes and formatting that simply made my brain hurt. These spreadsheets were being sent by auditors from all the major banks across the United States. They were full of both technical and business layer questions questions about things I had never given much thought to. There were even questions about technologies that I did not understand.
This was my first experience with security compliance. It was a roller-coaster ride that only picked up speed as the next three years progressed. I had to learn and adapt with my client over that time. My client leaned on me through it all. The first year was really hard because it required a lot of operational changes and new solutions to get them under compliance. When I left that role I felt extremely comfortable during audits, knew what they were looking for, and had gained an invaluable skill set and “security mind” that helped round out my experience that it is today.
Breaking into InfoSec can be difficult. I have been doing security work, primarily as a secondary function, throughout most of my career. However, in 2019 I accepted an internal position that would be my first full time security role. Follow me on this journey and I’ll share everything I’m learning.
If you’re just breaking into InfoSec then check out Daniel Miessler’s blog and read this excellent tutorial on how to build a Cybersecurity Career!
https://danielmiessler.com/blog/build-successful-infosec-career/
LaRon Lumpkin 
Leave a comment