Getting started in the security field [books, resources, advice]

Re: Getting started in the security field

You are not paying attention. In addition:

http://www.washingtonpost.com/ac2/wp...nguage=printer
http://www.state.gov/m/ds/clearances/c10978.htm

For your future reference:

https://www.cia.gov/careers/opportun...y-officer.html

No, you don't qualify. No, I'm not ex-CIA. Hush, erehwon. Stop laughing.

BTW, it's not "experiancing" it's experiencing, and you're right about your inability to communicate. You're just wrong about everything else. Reading comprehension 101, boy.

To Be Merged with Getting Started.

Demystify the 'getting started in Security' process.
-Go to one of these schools listed at: https://www.sfs.opm.gov/ContactsPI.asp?p=st#Institute2
for the security program.
-Submit a request for the 'years for service' program for the DHS.
info here: http://www.dhs.gov/files/programs/cybersecurity.shtm
So now you're in school, payup between $1500-3200 during your 2nd year of school to get a security clearance. graduate from one of those schools, work for DHS for 1-2 years under 'years for services' program. After your time with DHS, you should be ok to find something else.

Re: Getting started in the security field

If I had seen the job description for my current job, I wouldn't have even applied, much less expected to get hired. So I think job descriptions in some ways are pie in the sky. That being said, there are still certain things they're going to be looking for.

Bottom line, find a way in from someone you know.

Re: Getting started in the security field

Good point on that one. Someone who is 25 and has been hacking since they were 10 can claim to have "15 years of IT Security experience". And experience with anything beyond 10 or 15 years back might not be very helpful for some jobs since technology changes so quickly. Some basic skills/knowledge are applicable in any situation, while some are worth squat within two years.

Re: Getting started in the security field

Does anyone have any advice to get past the bull when looking through job openings? Looking on dice, most of the jobs I saw were like "needs over 9000 years of pentesting experience with a bajillion certs, DoD clearance and a doctorates" In all seriousness, a majority of the places were looking for people with more experience than the field has been alive, and someone with that much experience would be a Defcon speaker with an established job already.

tl;dr I got the impression that they are looking for people that don't exist.

I understand that 9/10 most job listings are garbage and you can ignore what is posted, but the starting entry looks like it is a steep climb compared to getting into the regular IT sector.

Re: Getting started in the security field

I am a Senior at Towson University, and the major is the Bachelor of Technical and Professional Studies in Information Systems Security. Most of our professors are associate professors who are Masters level, and have never worked in the private sector / government. We have a few programming courses open to take, but are mostly designed for the programming side. Most of our classes are dealt with managing the networks, not going in depth with them. I want to get more into the in-depth part of all of it.

from what I have done on my own time, the structure of most of the languages is pretty similar, so I have been learning the structure of how things are composed. I will pick up a java book today when I get out of class.

Re: Getting started in the security field

Haha it's alright. One of the first that I read was Beginning Programming for Dummies which uses Visual Basic for the examples. It was all the library had The programming language wasn't useful to me, but the underlying concepts were (BTW, that one isn't a recommendation lol). I don't know if you've seen the Head First books, but the way they break down the concepts is why I recommended them, since a lot of the concepts discussed apply to multiple programming languages. I know those won't cover everything, but they did help me. To me, that's better than nothing if the OP can't get into a real beginner programming class (provided that he/she is good with self-learning that sort of thing).

Re: Getting started in the security field

I agree that the OP should have been exposed somehow to programming, but want to caution that buying a book will be worse than useless.

Take a beginning programming class, one specifically aimed at CS students, so that you can learn the concepts and underlying structure. As long as it's a real language, with data structures, and a formal compiler, you'll learn what it is you need to know. It doesn't matter whether it's widely used or cross platform, since you aren't planning on writing code (or else you've wasted your bloody time with your current degree).

Personally, I still favor Pascal as a teaching language, specifically because it is not used much any more, and yet contains all the important elements that are introductory in nature. Java is my least favorite (unless you count C#), because it lacks certain elements that you will otherwise need to learn.

Not trying to pick on "AgentDarkApple" but I do think that the point here is to learn about programming, not to learn how to program.

Re: Getting started in the security field

Angel x Jess, I have to agree with shrdlu on this one. Something like Java, which is cross-platform, or one of the C (C, C++, C#, etc) languages, which are widely used would be a good choice. I am a junior majoring in information systems security and started studying up on some of that before I started on my degree. If you just want to learn some of the basics and more of how to "interpret" code, then check out Head First Programming http://oreilly.com/catalog/9780596802387/. Being able to at least read code is better than nothing at all. It's like learning a foreign language and being able to read it but not fluently write or speak it - you might not be able to write a program, but you can read someone else's and make sense of it.

If you are interested in learning something like Java, then O'Reilly's Head First series has books on Java and C# as well. Those are good beginner books that can help you understand the fundamentals, then you can move on to more complex stuff later. What kinds of courses do you have? In some of mine, we were given general examples of snippets of codes from viruses or examples of SQL injection. It's hard to fathom that you wouldn't have at least been exposed to some sort of programming language, even if only on a generalized beginner level.

Re: Getting started in the security field

So, first you say "every professor I have spoken with has told me that a knowledge of the base functionality of coding is a huge asset to anything in this field" and then ...it's "a shame that most of them have never worked, save for in the education field." I'm thinking that you need to reread that last sentence a few times. That said, here's my opinion.

I think that understanding the basics behind writing code is potentially useful, but your desire to know which language is misguided. You need to learn the how, not anything specific. Any beginning programming course will do, as long as it focuses on an actual programming language, and is intended to provide you the basics. I would expect such a class to use one of [Pascal|C++|Java] or other similar languages. I would NOT expect this class to use a scripting language, no matter how fashionable (such as Python, Ruby, or Perl).

I'm puzzled as to what you *are* learning in your IA classes, and am curious as to the name of the school, and the formal name of the degree.

Re: Getting started in the security field

After reading this entire thread, I have something to add. I am currently a senior majoring in Information Assurance, and every professor I have spoken with has told me that a knowledge of the base functionality of coding is a huge asset to anything in this field. Of all of these languages, which would you say would be the most useful for students to learn? They only teach programming if you are in the Software track of CS, so our professors are wanting to find out what is needed in the real world. It is a shame that most of them have never worked, save for in the education field.

Re: What to learn, and how? - Beginning an IT Security Career...

You don't say which university, and you don't say where. I doubt strongly that this university is in the US (from the descriptions you give). I'm not familiar with the "STAT" certification; please elucidate. I note that someone else advised you to participate in an open source project. This will not help (or hinder) your attempt to gain access to higher education.

More information on location and university, please.

Re: What to learn, and how? - Beginning an IT Security Career...

I would begin by contributing to an open source project that is developed using one of the languages/technologies that you are interested in learning. http://sourceforge.org or http://projects.apache.org/ are good places to start.

Re: Getting started in the security field

Yeah that's something I would love to do, eventually, but as I live in Ireland it's going to take a while to get the cash together to get there.

But one year I will.........

Re: Getting started in the security field


In the interest of pimping out my vendors....

No Starch will be selling their books in the vendor area at DEF CON again this year. Stop by their table and check them out. They have a lot of author signed stuff (at least they have in past years) too.