Hey InfoSec newbies and students: you don't have to know everything! Here's a matrix of 34 anonymized respondents with 5+ years' experience, across 19 skills (I'm P01). Black cells show knowledge gaps. NOBODY KNOWS EVERYTHING, and InfoSec is very broad - pass it on! :) 1/n
This InfoSec skills matrix was made using a non-scientific, mostly-manual survey from Sunday to today; it is NOT career advice. Every respondent - thank you so much for answering, and feel free to respond to this thread or make your own. 2/n
Notice that there are some columns in the InfoSec skills matrix where almost *nobody* has experience. This survey has biases, but it's clear that you can still have a long career without knowing exploit devel, bug hunting, pentesting, etc. 3/n
Note that these InfoSec skills categories are not complete at all; one respondent has been doing InfoSec for 8 years in completely unrelated areas! Future studies (not necessarily from me) should cover a broader range of skills. NIST's NICE framework may be useful here. 4/n
There's a lot of cool stuff in this InfoSec skills matrix, so I won't go into a long thread. Newbies, the main point is: you can make a great career without being an expert in everything. Period. Don't let gatekeeping or others' success keep you from forging your own path! 5/5
Loading suggestions...