Cybersecurity is becoming more complicated and entangled with all aspects of business and society, and with that comes a growing demand for skilled information security (InfoSec) professionals. But breaking into this field in 2024 is no easy feat. While headlines often highlight the shortage of cybersecurity professionals, the reality is that entering the industry can be challenging. InfoSec requires not only technical expertise but also a mindset built on curiosity, problem-solving, and resilience. In this deep dive, we explore the key traits, skills, and knowledge that aspiring InfoSec professionals need to succeed in 2024.

The Harsh Reality: Cybersecurity Is Tough

“Cybersecurity is hard,” says a seasoned Security Operations Analyst (SOC) who has been working in the field for years. While many assume that the abundance of job openings makes it easy to enter InfoSec, the truth is more nuanced. “There are too many things to understand when you’re just starting out—everything from basic computer knowledge to the security architecture of an entire organization,” the analyst explains. Cybersecurity is a highly technical field, and newcomers can easily become overwhelmed by the complexity of its systems.

Unlike many other IT fields, there is no fast track into InfoSec. “A lot of people don’t start in cybersecurity,” the analyst continues. “They start in more general IT roles, like help desk positions, where they can build a solid foundation of knowledge.” By working in roles that involve diagnosing hardware and software issues, aspiring professionals can develop the skills needed to transition into more security-focused roles over time. Building this foundation is critical because cybersecurity requires a deep understanding of how different systems work together and how to secure them effectively.

The Key Traits of a Successful InfoSec Professional

Breaking into InfoSec requires more than just technical knowledge. “One of the most important characteristics you need is the drive to learn,” explains a SOC Analyst. InfoSec professionals must stay on top of the latest threats, vulnerabilities, and technologies. The constantly changing nature of the field means that those who are curious and committed to continuous learning will thrive, while those who expect to stop learning once they’ve secured a job will struggle to keep up.

“If you hear about a company getting hacked on the news, the average person will just move on,” the analyst explains. “But if you’re the type who starts Googling why and how the hack happened, that curiosity is a great sign that you’ll be successful in cybersecurity.” This innate drive to investigate, learn, and understand beyond the surface level is what separates the best InfoSec professionals from the rest.

In addition to curiosity, technical aptitude is a must. “You need to understand the basics of how systems interact—things like securing new devices, cloud security solutions, network traffic, and access control,” says the analyst. Without this foundational knowledge, it will be difficult to navigate the complex ecosystems that InfoSec professionals are responsible for protecting. From securing endpoints to understanding how web traffic should be monitored, knowing how to address each of these layers is crucial.

Key Knowledge Areas and Skills for Success

One of the biggest misconceptions about InfoSec is that it’s all about hacking or penetration testing, as seen in popular media. However, the most common entry-level role in cybersecurity is that of a Security Analyst, typically on the “blue team,” responsible for defending against attacks. “Most people won’t start as a penetration tester,” the SOC Analyst says. “They’ll likely begin by monitoring systems, responding to incidents, and remediating vulnerabilities.”

The analyst emphasizes that this role can be overwhelming at times, especially when you’re flooded with alerts and incidents. “It can feel like a constant grind, and burnout is common,” they note. With the growing sophistication of attacks—especially as artificial intelligence (AI) evolves to power tools like deepfakes and adaptive email scams—the job is only getting harder. “AI is making it more difficult for us to defend against certain threats, especially phishing scams that trick people into sharing sensitive information.”

Given the increasing complexity of the field, InfoSec professionals need a wide range of skills to succeed. Some of the key technical skills include:

• Understanding networking and infrastructure: Security starts with knowing how systems communicate. Understanding IP addressing, firewalls, VPNs, and network traffic is foundational to any InfoSec role.
• Familiarity with security tools: Endpoint Detection and Response (EDR) tools like CrowdStrike, firewall solutions like Palo Alto, and monitoring platforms like Splunk are widely used. Knowing how to use these tools effectively is crucial.
• Knowledge of cloud security: With more organizations moving to cloud environments like AWS, Azure, or Google Cloud, it’s essential to understand cloud security concepts, such as identity and access management (IAM), security groups, and encryption.
• Coding skills: While InfoSec professionals may not be building applications, understanding programming languages like Python and SQL helps with automating tasks and analyzing logs.

“A lot of our job involves automating repetitive tasks,” says the analyst. For instance, one of their daily tasks involved manually uploading suspicious PDF attachments to a sandbox environment for investigation. “I automated that process, freeing up time to focus on more critical tasks.” Being able to automate workflows is a powerful skill in cybersecurity, allowing professionals to spend more time addressing advanced threats rather than routine processes.

The Importance of Resilience and the “Grind”

Breaking into cybersecurity is not a quick process. “When you’re starting out, you need to appreciate the grind,” the SOC Analyst warns. For many, this grind involves working longer hours, self-study, and continuous training. “When I first started, I didn’t know much about security concepts, so I had to grind hard to catch up,” the analyst recalls. Whether it’s learning how to use security information and event management (SIEM) systems like Splunk or mastering network security concepts, you need to be prepared to dedicate personal time to learning.

This grind can take a toll, particularly on those new to the field. Long hours, challenging incidents, and a steep learning curve can lead to burnout. However, the rewards are substantial for those who can persevere. “The key to staying consistent with the grind is discipline. I blocked out time in my personal schedule for self-study every day. If you don’t make time for it, you won’t progress.”

Resilience is another critical trait that cybersecurity professionals need to cultivate. “The reality is, the threats never stop,” says the analyst. “You could prevent 99 attacks, but the one that gets through is what everyone will focus on. That’s part of the job—you have to be ready to keep going, even after setbacks.”

Preparing for a Career in InfoSec

So, how can aspiring InfoSec professionals prepare for success in 2024? The SOC Analyst offers several practical tips for getting started. First, they recommend pursuing foundational IT certifications like CompTIA’s A+, Security+, and Network+ to build a baseline understanding of computers, networks, and security concepts. “Professor Messer’s free YouTube playlist is a great resource if you’re just starting,” the analyst suggests. After building a foundation, they recommend expanding into more specific certifications like Certified Information Systems Security Professional (CISSP) or Certified Ethical Hacker (CEH), depending on your goals.

Additionally, hands-on experience is crucial. “Build a home lab,” advises the analyst. “It’s a simulation of an environment where you can practice securing devices, managing firewalls, and monitoring traffic.” Using platforms like Splunk’s free trial can help aspiring professionals get hands-on experience with the tools used by SOC teams.

Creating projects that simulate real-world scenarios—such as investigating network traffic for signs of compromise—will also give job seekers a strong edge in interviews. “Showing an interviewer that you’ve taken the initiative to build your own lab is far more impressive than just talking about certifications.”

Can You Make It in InfoSec in 2024?

The cybersecurity field offers exciting opportunities, but it also comes with challenges. As threats evolve and organizations become more reliant on technology, the role of InfoSec professionals will only become more critical. But success in this field requires more than technical skills—it demands curiosity, resilience, and a relentless drive to learn.

“Cybersecurity is not for the faint of heart,” the analyst emphasizes. “But if you’re passionate about solving puzzles, protecting systems, and constantly learning, it’s one of the most rewarding fields you can enter.”

In 2024, as AI-driven threats and digital transformations increase the complexity of cybersecurity, the need for well-rounded, highly skilled InfoSec professionals will continue to grow. For those willing to put in the work, the opportunities are endless—so, do you have what it takes to become an InfoSec professional in 2024?