
Things to know before getting into cyber security (2018) - Tomte
https://doublepulsar.com/8-things-to-know-before-getting-into-cyber-security-ab9010a4ff1c
======
RobPomeroy
I'd add to this list: try to understand the commercial context of your
organisation (or altruistic context, for non-profits). Other than security
vendors, orgs don't exist for the purpose of security. So learn how infosec
can add to the org's mission. That may be through controlling risk,
differentiating your org from others ("Hey, we have ISO 27001!") or if
necessary ripping out and eliminating expensive security snake oil.

Also, which applies to any job in any organisation - try to understand pain
points higher up the organisation. E.g. does your board struggle to justify
infosec spend, since they can't measure its value/ROI? Then develop some
metrics and report on them! (Perhaps start by learning about ROSI, in that
case.)

