I see the tweets and comments everywhere that Infosec is not an entry level position, and for the most part those statements are correct. It is an unfortunate thing, because Infosec should be an entry level position.
Hear me out on this, before you tie me up to be eaten alive by the bugs of crappy software. The helpdesk should be getting trained in Infosec from day one. They are the eyes and ears of the IT world. They deal directly with the end user more than anyone, and they have the most insight into the plain and ordinary. They know if something looks off, if someone is having weird issues, and what the norms should be. With some basic training, they can be that extra set of eyes finding the anomalies that we need. In fact, every level of IT should be part of the Infosec team. Each level learning a bit more, able to remediate more, and being that extra set of eyes.
So why is this not a thing? Training, lack of staff, lack of training funds, who knows. It is definitely an opportunity missed, and one we need to start using. After all, one more set of eyes is a good thing, and if they are trained on what to notice to send to the SOC (which should be a level just above field services so two levels above the helpdesk), it gives them a narrower area to focus on at times, and can allow for faster response and remediation.
It is just a thought. Ok, let me get into that Speedo so you can all put me out to be eaten alive by bugs.