• CSNP

My Advice? Take All The Advice You Can Get

Author Gaylynn Fassler

Group of women in a meeting

I am one of those people who never wanted or intended to work in tech. I didn't think I was smart or technical enough, and I also thought "tech" jobs sounded vague and boring.


I had never even heard of the field of information security until a family member encouraged me to join the field after I graduated undergrad. I attended several networking meetings and organized the annual InfoSeCon conference put on by Raleigh ISSA, all the while intending to never go into tech.


After I finished my masters in criminology, I still didn’t really know what I wanted to do. However, I knew I already had connections within the infosec industry, so I turned my time and attention to participating with more groups, attending trainings, and trying to learn all that I could. The community I found myself in was full of wonderful, smart, encouraging people, and I started to get really excited about my future and career.


But I couldn't get my foot in the door. In the span of a year, I applied to over 100 jobs, and only heard back on two of them. I didn't make it past the first round for either of those jobs.


When you are trying to get into information security on the ground level, it’s really difficult to know what you're interested in, and what career path you want to pursue. It is both a blessing and a curse to have so many options and opportunity in one field. There is also the ever frustrating conundrum of "you need experience to get a job, but you need a job to get experience", so I floundered for a while. But then I found purpose.


One thing that I was pretty confident about, despite getting rejections left and right and sideways, was that I would be fine. I knew I had the privilege of being educated and likeable and smart, so while my goals didn’t happen in the timeliness I had hoped, I knew I would eventually end up where I wanted to be. So, I turned a lot of energy to helping the community, while continuing to study and network.


I started volunteering for a women’s networking group that focuses on helping women get into and succeed in infosec. I also became very active with my local chapter of ISSA (Raleigh), and made a huge effort to be involved.


Now, I’m a board member for a different women’s networking group, and I’m still very involved with ISSA, albeit in a mostly unofficial capacity.


I have four things that I tell people who are trying to get into infosec on the ground level. I feel these things helped me finally get my foot in the door:


  1. Get your Security+ certification: I go very back and forth about certifications. You need the cert to get the job but you’re supposed to have the job before you get the cert, so in my mind it’s a trap. However, I didn’t get any real attention for infosec roles until I got Sec+, and I would be remiss to not acknowledge it. My first role in the industry came from a recruiter who found me on LinkedIn because he saw that I had just gotten sec+.

  2. I also enjoy studying for certs because I always learn a lot that I feel helps me in my current role.

  3. I highly recommend getting a certification study buddy, because it’s much easier to get those done when you are accountable to someone else. And you get to feel good that you both achieved something great.

  4. Be involved: hiring takes a lot of time and energy, and for these types of roles there is likely going to be a lot of on the job training, so companies want to know they will have a return on investment in hiring you. I felt that my involvement in networking groups showed my enthusiasm and passion, and helped that first company feel comfortable taking a chance on me.

  5. And last: be persistent. Getting hired in this industry is hard, and it very likely won’t happen right away, especially if you’ve never worked an infosec role before. But it is SO worth it. Not only is the infosec community wonderful and welcoming, there is immense satisfaction when you get to work a job where you feel like you make a difference. I help my company stay safe, and that is important.

  6. Ask as many questions as possible: this career doesn’t look the same for everyone, so I also think that people should have conversations with anyone and everyone. Having a mentor is great, having a few is even better.

  7. Even with a mentor though, your career is up to you. No one can tell you what job to work, or path to take, but mentors can certainly help you figure out what you might be good at.

I’m not going to say that working in infosec is perfect. It’s not. I’ve already seriously considered leaving the industry once, and I’ve only been in it for about two years. I often tell people it’s not a career you that allows you to go home at the end of the day and leave work at work. There is always more to learn, more to do, and more people to meet. But honestly, I can’t imagine doing anything else.


I’m currently an information security analyst focusing on security education and awareness for a very large academic organization. I didn’t know how or if I would ever get here, and now I’m all the more excited to see where I’ll go from here.