Essential Advice for Information Security Professionals

Information Security

Embarking on a career in information security is both rewarding and challenging. Aspiring information security professionals enter a dynamic field where the landscape is ever-evolving, and adaptability is key to success.

Here are some valuable pieces of advice for those on the path to becoming information security experts.

1. Business Before Technology

Always prioritize business over technology. Technology is a means to solve business problems, not an end in itself. Resist the urge to apply the latest technology to every problem; instead, focus on understanding the business context of the issues at hand. Information security solutions should align with organizational goals and policies.

2. Source of the Problem and Organizational Policy

When faced with a problem, identify its source, analyze contributing factors, and consider organizational policies before proposing a solution. Design solutions independent of technology and only leverage technology to implement necessary controls.

Strive for a balance between elegant technological solutions and pragmatic problem-solving.

3. Protecting Information is the Goal

Never lose sight of the overarching goal: protecting the organization’s information and information systems. Every action, decision, and solution should contribute to this central objective.

4. Be Heard and Not Seen

Information security should operate transparently to end-users. While periodic communications like awareness messages and training announcements are essential, the day-to-day actions taken to protect information should not interfere with user activities.

Information security should be an enabler, supporting end-users in their work.

5. Know More Than You Say

Demonstrating expertise is important, but avoid overemphasizing your knowledge and experience. Always be prepared to learn, as the field of information security is vast and continually evolving. Humility and a willingness to expand your knowledge will contribute to professional growth.

6. Speak to Users, Not at Them:

Use language that resonates with users, avoiding technical jargon and acronyms. Communicate in a way that is accessible to non-technical individuals, ensuring that security initiatives are well-understood and supported by the broader organization.

7. Continuous Learning

Information security education is an ongoing process. Stay attuned to changes in threats, protection technology, the business environment, and regulatory requirements.

Attend seminars, training programs, and engage in formal education to stay informed. Subscribe to relevant publications, join professional associations, and participate in online forums to foster continuous learning.


Entering the field of information security requires a commitment to ongoing learning, adaptability, and a holistic understanding of the intersection between technology and business.

By adhering to these pieces of advice, aspiring information security professionals can navigate the complexities of the profession, contribute meaningfully to organizational security, and build a rewarding and impactful career in this dynamic field.

You may also like:

Related Posts

Leave a Reply