Getting started in the security field [books, resources, advice]

Re: Getting started in the security field

Well, it's true, to an extent. Folk with high cisco certs have an average of 115k annual salary. I could use a bit of that. And fear not, it takes a lot for me to start an ass kicking contest.

Re: Getting started in the security field

Ok I have seen the date and realise that its been a while since anyone has posted to this thread but I think the information and links found in this thread are still relevant and have provided me with some really good information and have reaffirmed my determination to get into the infosec field.

Although I now realise just how long that path might be and when you are standing at the start of that path it looks an awful long way just to get up to speed.

So its back to college for me this year to do a networking degree and at age 46 thats going to be a tough one. I already have a few IT certs so hopefully with the degree on top of those I should at least get a start in the infosec field.

Does anyone have anymore links to articles with a more up to date look at the infosec field and maybe an idea as to where new trends will be appearing?

In one of the articles I read the book titled, "TCP/IP Illustrated", was mentioned as a good book for TCP/IP, does that still hold true or has anyone got any better suggestions?

Re: Getting started in the security field

I have never had the inclination to buy TCP/IP Illustrated, but I have found the TCP/IP Guide to be an excellent reference (although it's length is on par with the complexity of the subject). I must admit that part of its appeal is that it is freely available online.

http://www.tcpipguide.com

Re: Getting started in the security field

I love the No Starch Press TCP/IP Guide

Re: Getting started in the security field

I have found this: The Illustrated Network: How TCP/IP Works in a Modern Network (The Morgan Kaufmann Series in Networking)
for now so that should keep me going for a bit.

But I have bookmarked the 2 that have been suggested for later reference. Thanks for those links by the way. It is so hard to get good recommendations from people who actually use this stuff.

Ah I just found the TCP/IP guide so I'll use that as well as the one I already have.

Re: Getting started in the security field


In the interest of pimping out my vendors....

No Starch will be selling their books in the vendor area at DEF CON again this year. Stop by their table and check them out. They have a lot of author signed stuff (at least they have in past years) too.

Re: Getting started in the security field

Yeah that's something I would love to do, eventually, but as I live in Ireland it's going to take a while to get the cash together to get there.

But one year I will.........

Re: What to learn, and how? - Beginning an IT Security Career...

I would begin by contributing to an open source project that is developed using one of the languages/technologies that you are interested in learning. http://sourceforge.org or http://projects.apache.org/ are good places to start.

Re: What to learn, and how? - Beginning an IT Security Career...

You don't say which university, and you don't say where. I doubt strongly that this university is in the US (from the descriptions you give). I'm not familiar with the "STAT" certification; please elucidate. I note that someone else advised you to participate in an open source project. This will not help (or hinder) your attempt to gain access to higher education.

More information on location and university, please.

Re: Getting started in the security field

After reading this entire thread, I have something to add. I am currently a senior majoring in Information Assurance, and every professor I have spoken with has told me that a knowledge of the base functionality of coding is a huge asset to anything in this field. Of all of these languages, which would you say would be the most useful for students to learn? They only teach programming if you are in the Software track of CS, so our professors are wanting to find out what is needed in the real world. It is a shame that most of them have never worked, save for in the education field.

Re: Getting started in the security field

So, first you say "every professor I have spoken with has told me that a knowledge of the base functionality of coding is a huge asset to anything in this field" and then ...it's "a shame that most of them have never worked, save for in the education field." I'm thinking that you need to reread that last sentence a few times. That said, here's my opinion.

I think that understanding the basics behind writing code is potentially useful, but your desire to know which language is misguided. You need to learn the how, not anything specific. Any beginning programming course will do, as long as it focuses on an actual programming language, and is intended to provide you the basics. I would expect such a class to use one of [Pascal|C++|Java] or other similar languages. I would NOT expect this class to use a scripting language, no matter how fashionable (such as Python, Ruby, or Perl).

I'm puzzled as to what you *are* learning in your IA classes, and am curious as to the name of the school, and the formal name of the degree.

Re: Getting started in the security field

Angel x Jess, I have to agree with shrdlu on this one. Something like Java, which is cross-platform, or one of the C (C, C++, C#, etc) languages, which are widely used would be a good choice. I am a junior majoring in information systems security and started studying up on some of that before I started on my degree. If you just want to learn some of the basics and more of how to "interpret" code, then check out Head First Programming http://oreilly.com/catalog/9780596802387/. Being able to at least read code is better than nothing at all. It's like learning a foreign language and being able to read it but not fluently write or speak it - you might not be able to write a program, but you can read someone else's and make sense of it.

If you are interested in learning something like Java, then O'Reilly's Head First series has books on Java and C# as well. Those are good beginner books that can help you understand the fundamentals, then you can move on to more complex stuff later. What kinds of courses do you have? In some of mine, we were given general examples of snippets of codes from viruses or examples of SQL injection. It's hard to fathom that you wouldn't have at least been exposed to some sort of programming language, even if only on a generalized beginner level.

Re: Getting started in the security field

I agree that the OP should have been exposed somehow to programming, but want to caution that buying a book will be worse than useless.

Take a beginning programming class, one specifically aimed at CS students, so that you can learn the concepts and underlying structure. As long as it's a real language, with data structures, and a formal compiler, you'll learn what it is you need to know. It doesn't matter whether it's widely used or cross platform, since you aren't planning on writing code (or else you've wasted your bloody time with your current degree).

Personally, I still favor Pascal as a teaching language, specifically because it is not used much any more, and yet contains all the important elements that are introductory in nature. Java is my least favorite (unless you count C#), because it lacks certain elements that you will otherwise need to learn.

Not trying to pick on "AgentDarkApple" but I do think that the point here is to learn about programming, not to learn how to program.

Re: Getting started in the security field

Haha it's alright. One of the first that I read was Beginning Programming for Dummies which uses Visual Basic for the examples. It was all the library had The programming language wasn't useful to me, but the underlying concepts were (BTW, that one isn't a recommendation lol). I don't know if you've seen the Head First books, but the way they break down the concepts is why I recommended them, since a lot of the concepts discussed apply to multiple programming languages. I know those won't cover everything, but they did help me. To me, that's better than nothing if the OP can't get into a real beginner programming class (provided that he/she is good with self-learning that sort of thing).

Re: Getting started in the security field

I am a Senior at Towson University, and the major is the Bachelor of Technical and Professional Studies in Information Systems Security. Most of our professors are associate professors who are Masters level, and have never worked in the private sector / government. We have a few programming courses open to take, but are mostly designed for the programming side. Most of our classes are dealt with managing the networks, not going in depth with them. I want to get more into the in-depth part of all of it.

from what I have done on my own time, the structure of most of the languages is pretty similar, so I have been learning the structure of how things are composed. I will pick up a java book today when I get out of class.