For those that are thinking of security...

For those that are thinking of the opportunities in network security take a look at:

http://www.dslreports.com/forum/remark,17049513

 

Interesting perspective on IT Security and how one attains such positions. I would say try teach security thats help me.

Rich

 

I just landed my first fulltime position in Infosec. I will be working on our Host / Network Security Team. IDS / IPS, AV, Network Forensics ...

I will post back on my "path" when time permits (not that anyone should follow it).

-Steve

 

I thought I would post a reply I made to www.security-forums.com. A poster wanted to know how he, a programmer, could go about getting into security.

Link to my post at www.security-forums.com
Registration required, I know. Dumb.

Hello,

Use your background as a web programmer to boost your chance to get into infosec. Start looking into application security, something like owasp. I would also recommend you also shore up any weakness in networking or systems administration.

Pass. Pass on the hype. As far as certs, pass on the CISSP - that is a management cert. You are not ready for it anyway. The CISSP is a management-centered cert for people with 4 years direct, full time security experience. I recognize this cert blows the doors off the HR dept door. I am not addressing this amazingly confusing fact in this post.

Read. Read blogs, read books, just read. Make best efforts to learn while reading.

Here are some of my favorites

*Protect Your Windows Network

*The TAO of Network Security Monitoring

*Inside Network Perimeter Security

*Malware: Fighting Malicious Code

*Counter Hack Reloaded

Volunteer. Find a church, school, a not for profit, or a networked dumpster that might let you help. Maybe they need some help rolling out a new AV solution, maybe they do not have one, and maybe their only server sits under a sprinkler head – who knows. Who cares?!? You do! Help them, make something better, and build your experience.

Build a lab. Learn VMWare. Understand the value of a good lab. Get access to some networking equipment. Do not forget to download your favorite ISO files from the newest *.nix distro. Download / Burn / Install or if using VMWare, download the distro, mount it under “use ISO Image” and boot away. Simple.

Team Up. Find someone who will have nerd-night with you. Nerd night is your officially allocated learning time, with someone who has similar interests. Build that VM server, test running IE as an unprivileged account using psexec and visit a bunch a bad sites and scan for malware …. This is something I will be testing soon, for no real reason.

Get your degree. If you do not have your BS, go get it. View the "centers of academic excellence" of the NSA. Google on it. I am working on my masters in information assurance / network security at Capitol College.

Meet people. Want to learn more and meet others in the industry? Search for local 2600 or ISSA groups. If nothing is available or if those groups do not meet your needs, start your own group. I started IndySec -> Indysec.blogspot.com

Do not quit. I put a lot of time, money, and effort to get my position in Infosec. I failed several times to land a position in Infosec. I could have quit and not swallowed my pride to try again, but then I would not have a rewarding career.

Who am I? I am a simple person that works hard.
I understand I have a lot to learn. I am also somewhat of a newbie to Infosec.

Know your goals, do your best, when unsure – ask someone who knows, and never quit.

 

I think steve has done a good job summurizing. It is incredibly difficult to "break in" so to speak. Although the CISSP is a toughie, and requires 4 years, Certs definatly help you stand out of the crowd. ( and yes HR does get "GUI" over some of them) A Web programming background is hughly beneficial since alot of pentesting is done from this angle. Id work for the CEH



My thoughts
-Definatly Read, Read, Read, Read
- Understand a broad set of systems- MS, *nix, Cisco IOS, so on...
-Learn to think outside the box, not an easy task.
-Patience is a virtue, but percistance to the point of success is a blessing..Dont quit
-Levearge all previous experience. Web, Network Admin, Organizational
-Finish the degrees, both of them-Usually a requirement to thin out number of appliacants
-Build a lab and practice-Get VMware and go to town.


Good luck...