quote:

---

I'm actually putting most advice in a word document for future reference. A lot of this stuff is gold, exactly what I was looking for.

---

•Be Passionate About It
You can't get to the top if you don't truly love what you do. I think you can do decently well, but you won't ever see the upper levels. This is especially true in Security where it takes so much continual effort to stay current.
•Don't Be Intimidated By Anything
Many people in I.T. are pretty solid with a few technologies but have areas that they'll never get into because they think they are "above" them. I often hear, "Oh, that's programming, I'm not touching that.", or "I don't mess with that Unix stuff." That kind of approach will keep you limited for life, and for a security professional it's pretty much a sign of death. The top security pros approach the unknown very similarly, i.e. by saying, "That can't be too hard..." That's the attitude you need to have.
•Be An Engineer, Not A Technician
If you don't understand how things work then you will stay at the bottom of the ladder in this field. Knowing how to operate things isn't enough. Problem-solving, which is ultimately what consultants and most infosec professionals do, requires an understanding of the issue at hand, as well as how the solution functions. You can't be a button-pusher and get to the top.
•Combine Book Knowledge with Hands-On
Many screw this up in one direction or the other, and it's not something you can get away with in Security as easily. It's related to the previous one, but is different enough to mention. In this field you need to not only study theory but also know how to implement that knowledge in real-world environments. If you study but can't see how it applies you're dead, and if you can implement but don't understand underlying concepts you're dead too (see above). You have to have both. I strongly recommend investing in a considerable lab environment and implementing what you find interesting during your reading.
•Sharpen Your Communication Skills
Few things are as important as the ability to communicate well. This includes both verbal and written communication. It's not enough to know lots of things; you have to be able to get that knowledge out there to your client/users in a way that is useful to them. Imagine you have two ratings on a scale of 1-10: message and interface. Well, the impact of your communication is the product of the two. So if your message is a 10, but your interface to the client (how well you communicated it) was only a 2, your overall score is just a 20. But if your message is a 9 and your interface is an 8 then your score is a 72. You need both.

•look at a firewall log and see if you can characterize what's going on.

•Help somebody free a machine of spyware (i.e., hone your Hijack This! skills)

•Post a review of a security program you've discovered.