I am totally into this field as a bystander. When many people would watch late night TV or listen to music or a podcast, I'll scour YouTube for defcon and CCC talks I haven't seen yet. I am good with python, Javascript, web and graphic design, technical writing, all kinds of stuff. I live in rural neighbor-island Hawaii and the only tech jobs I ever see out here are military, which I deeply respect but don't think would be a good culture fit for me. I've just transitioned to working part time and intend to dive in to some open source projects with my extra time. Is there a good path of entry for someone with a deep natural curiosity about the field, self-trained in coding but with no industry connections or much in the way of related professional experience?
3) Finally, each of these popular "Getting Started in Security" guides has a slightly different, but useful, opinion on the specifics of the path to take:
There is a bias against certifications by some (but by no means all) professionals in InfoSec, since it is a heavily "hands-on" field. There is more emphasis on demonstrating actual ability through CTFs, bug bounties, published exploits, etc.
However, unlike Certified Ethical Hacker, CISSP, and other "mile wide, but inch deep" certs, the OSCP is a heavily hands-on certification that tests actual ability. No knowledgeable employer would discriminate against you for earning it.
And CISSP or CISSM are valuable if you're applying for a management job. For government defense-sector jobs, they are often required.
