Getting started in the security field [books, resources, advice]

Re: Getting started in the security field

IMO, in general, certifications are only as good as the experience that backs them up.

Re: Getting started in the security field

"I feel concerned about computer security as a daily user and the only IT literate of the company."

You really need qualified IT profesionals if your company runs internal networking or an online server.

"What do you think about EC-Council certs?"

I think there are certifications for "chicken pluckers" but really "certifications" are baselines for what? I know guys and gals (PC Crap) that are "IT boxjobbers" and never see the "real" Internet, never have time to hack, crack, or test and could not hack a toaster oven. I see the same thing in University IT instructors who for one reason or the other are as outdated as an Eniac when it comes to corporate, Internet, and even their own home PC security because they aren't out here enough and are constantly using outdated classroom texts. On the other hand there are those out here who have an incredible grasp of hacking for the best and worst of reasons who may or may not also hold an "IT boxjob" that have skills abound. All I know is that if you work hard enough at anything you can become so good that a certification may only have meaning for those who believe it holds meaning. While certifications may or may not hold some sort of baseline they do not define hard work, intelligence, or dedication to ones field. On the other hand you could read every current tech manual on IT security and still not know how to hack a toaster.

Re: Getting started in the security field

Just want to pop in and say that this thread has been a big help for me, and the articles have only reinforced my belief that it's better to start with the technicals and then move on to sec management.

Just introducing myself, I've always had the hacker's thirst for knowledge -- I first got involved with computers/hacking around 6th-7th grade when i got my hands on a copy of the anarchist's cookbook, and started out doing some phreaking -- red/blue/beige boxing...taught myself a bit of programming [a little bit of java, html, perl, cgi, lots of web languages] -- then when i got to hgih school I kind of fell out of it, and back then back in at teh tail end, so I lost touch with it, but still went to college with a computer related major in mind. I graduated in '06 with a B.S. in CIS and am finishing my MBA in Information Assurance and Security Management this June (I'm 22). I have the degrees, and will work on certs in my free time after graduation, since they should help me market myself better to potential employers.

What would you guys suggest for a first cert? I've been thinking of doing the easy ones like Net+, Sec+, then A+, and 70-290 MCP...and of course, eventually CISSP, though I have already been studying and slowly working toward my SSCP until I can get the experience needed for CISSP.

Also, Ive been trying to land some internships, but am also having a hard time finding a place that's willing to give me a chance, and even harder finding a place with a security division where I can learn things. I have very little professional work experience (mostly help desk tech jobs, and asst. sysadmin, but nothing with a security related job title) -- any tips? I know experience counts for so much in this field, and I need a place to start.

My program, being a Business Admin Major, has obviously focused more on the management aspects of security with regard to continuity planning, incident response, architecture, policy, and regulations (SOX, HIPAA, etc), but VERY little (read: almost no) focus was put on the technical aspect. Over the last year or so i've taught myself some basics like packet analysis with tools like nmap, wireshark and the like..I just need some help with finding a place where I can apply that and grow my knowledge, then hopefully [later on] get into mgmt.

Re: Getting started in the security field

All that you mentioned is sound AFTER you get your typing speed and accuracy in order. If you like money there is another credential you may want to consider:

http://www.sans.org/training/description.php?tid=362

Gotta run.. I hear the hall monitor.

Re: Getting started in the security field

This has been quite an intriguing thread. I myself am looking into an INFOSEC career after spending several years as military intel. The articles have been great, and I've taken in a lot of knowledge. I do hope to see more threads like this in the future.

Re: Getting started in the security field

By all means pony up to the thread and share. Will we have to shoot ya' if you divulge the military stuff? ;~)

Re: Getting started in the security field

Ha. You don't have to worry about shooting me. Uncle Sam will be nearby to sit me down on a sandpaper-covered road cone after dosing me with some chloroform XD

I've touched on a lot of infosec areas, having worked with DARPA programmers/engineers (hell, I've gotten drunk with a few of them), and the regular gamut of protocols you have to deal with when you have a clearance. Unfortunately, yeah, I can't talk about most of what I have dealt with due to security issues. But I am working diligently on an associates in networking, and am trying to get all the knowledge and wisdom I can on the area(s) of network security. Even though I've been exposed to a great deal of experience, I'm now trying to get my knowledge and skill on the same level.

Tough row to hoe, I tell you.

Re: Getting started in the security field

Anything here dealing with programming or security specifically interest you?

BTW, the associates is a fine launch but also consider a BS or MS CS, along the way. It's actually a tougher row to hoe without these moving toward the top whence you plant youself .

Re: Getting started in the security field

Much interests me. However, I lack the time to learn as much as I wish. As of right now, I'm working on prepping for A+ cert, IT professional cert, network+ cert; learning SQL, vb.net, and linux. I have access to all materials related to an MSCS, it's just on my to do list. I'm also going to be gunning for a CCENT and/or CCNA cert in the future, and as for the BS, I'm currently attending ITT for that. Hopefully, all this adds up to something profitable and fun! Yayyyy.....

Re: Getting started in the security field

Impressive! But I'm not your teacher.
http://www.youtube.com/watch?v=Wm6IA_sZ1lw

Re: Getting started in the security field

Try not to get too hung up in the idea of IT Security. There's lots of areas in IT that are just as much fun, and are severely lacking in people. One field that's going to continue to grow is Industrial Automation and Control. Look into PLC Programming, HMI and SCADA control systems, there's alot of really cool things that you can do in that field.

Re: Getting started in the security field

Perhaps, but aren't you in that?

Re: Getting started in the security field

Excellent play on the youtube clip. It's favorited.

I will definitely look into PLC, HMI and SCADA. At this point, I know that security does pay well and there's always a place for it, but I am very open to other areas. Perhaps it's my own fault for not researching more. Thanks very much for the suggestions, streaker. :)

Re: Getting started in the security field

Plus there's big roles in security related to SCADA systems, but you really should have a firm understanding of how those systems work before dealing with security on them.

It's my own feeling that the really exciting/sexy security jobs are few and far between, but there's a big need for really good automation engineers.

Besides, where can you actually design your own Star Trek screens to control stuff?

Re: Getting started in the security field

I'm going to get the shit kicked out of me but u gtg, unless a fairy lifts you out of your dream soon.