If I could build the perfect information security engineer, what technical skills would she have?
I realized that whatever I came up with, the person would have to have some background in IT to build on - the point of a personal security certification isn't to create a program that someone with no experience could use. But, given some rudimentary background in IT (e.g. a computer science degree or a couple of years in the industry), I came up with the following 10 domains that comprise a Super-Star Security Engineer:
Domain 1 - Information Security Concepts
Domain 2 - Business Concepts
Domain 3 - Data Networking
Domain 4 - Problem Solving Skills
Domain 5 - Software Engineering / Coding
Domain 6 - Quality Assurance
Domain 7 - Time, Life & Career Management
Domain 8 - Operating System Internals
Domain 9 - Penetration and Exploits (i.e. Breaking In to Things)
Domain 10 - Reverse Engineering Software
The list isn't meant to be in order - while there are some domains that definitely build on others, most can be taken in any order, based on experience and interest. I recommend starting with the domain that interests you best - the point is that, over the course of a year or two, mastery of each of these 10 domains is required to really become an incredible security engineer.
The next post in this series is going to be about the things you need to learn in the first domain of Information Security Concepts.