I want to get into computer security, where do I start?
- Thread starter DPK
- Start date
Lots of networking knowledge will be helpful, although plenty of security people seem to get by without it *grumble*.
Decent OS knowledge also. You will probably be checking security logs such as log ons / log offs / etc. If you know how to script, it will probably help to automate aspects of your job.
A lot of it is knowledge of company standards though. I'm sure rules and regulations are pretty common between companies, but I don't really know most of them.
Knowledge of security tools such as the Istac tools / etc will probably also come in handy. Like what products on the market clean hard drives the best.
Actually, I'm not sure how much of this deals with the common computer security job, but this is my outlook from working with them (I'm a systems administrator).
Decent OS knowledge also. You will probably be checking security logs such as log ons / log offs / etc. If you know how to script, it will probably help to automate aspects of your job.
A lot of it is knowledge of company standards though. I'm sure rules and regulations are pretty common between companies, but I don't really know most of them.
Knowledge of security tools such as the Istac tools / etc will probably also come in handy. Like what products on the market clean hard drives the best.
Actually, I'm not sure how much of this deals with the common computer security job, but this is my outlook from working with them (I'm a systems administrator).
Take the CISSP or SSCP exam and become and associate of ISC(2). You will then have 5 years to get the requisite experience (4 years or 3 + Bachelors degree for CISSP, 1 year for SSCP) and you will be awarded the certification.
I think these are the most highly-regarded certs in the field, and in passing the test, you will have learned a lot of the theoretical side of security.
Then....well finding a job is the tough part, but being an ISC(2) associate may help since having passed the test demonstrates a certain level of competence.
I haven't made much use of the programming side of my undergrad education working in security. I do a lot of scripting to automate tasks, but it's fairly "light" as far as programming goes. A good knowledge of networking, security philosophy, and the OSes you will operate is very helpful.
I think these are the most highly-regarded certs in the field, and in passing the test, you will have learned a lot of the theoretical side of security.
Then....well finding a job is the tough part, but being an ISC(2) associate may help since having passed the test demonstrates a certain level of competence.
I haven't made much use of the programming side of my undergrad education working in security. I do a lot of scripting to automate tasks, but it's fairly "light" as far as programming goes. A good knowledge of networking, security philosophy, and the OSes you will operate is very helpful.
As Saltin said, there simply are no security consultants of high-quality that are *not* programmers. A large part of what a security consultant does is test the unknown (i.e. custom applications, etc.), and to do that you can't just buy some tool from real security consultants 
An extremely profound of networking protocols is absolutely required as well. I am talking about down to the specification level; how many bytes for each respective portion of a TCP packet header, for example. You need to be able to identify vulnerabilities at the protocol level.
You also have to have an extremely profound understanding of many different operating systems, accounting systems, ad nauseum. You need to know the nuances of each respective system to help when mapping out a network. Knowing the nuances of each respective systems' TCP/IP implementation, for example, can help penetrate a network *blind*.
Social skills are great as well. Although it's less common, some companies desire an attempt to penetrate company perimeters by way of social engineering. For example, they might ask you to take your findings of the penetration test from the external to the CEO's office without signing in at the front desk.
Anyway... it's a long road, but a great one. If you don't have a background in it already, I honestly wouldn't even know where (or why) to begin.
An extremely profound of networking protocols is absolutely required as well. I am talking about down to the specification level; how many bytes for each respective portion of a TCP packet header, for example. You need to be able to identify vulnerabilities at the protocol level.
You also have to have an extremely profound understanding of many different operating systems, accounting systems, ad nauseum. You need to know the nuances of each respective system to help when mapping out a network. Knowing the nuances of each respective systems' TCP/IP implementation, for example, can help penetrate a network *blind*.
Social skills are great as well. Although it's less common, some companies desire an attempt to penetrate company perimeters by way of social engineering. For example, they might ask you to take your findings of the penetration test from the external to the CEO's office without signing in at the front desk.
Anyway... it's a long road, but a great one. If you don't have a background in it already, I honestly wouldn't even know where (or why) to begin.
It really depends if you want to go into a more R&D position or just pure consulting/implementation position at a company.
Very good point. If you want to be like Chief Asshat Marc Maiffret or someone who ferrets out security holes or does 3rd party white-hat audits on contractees, you will need a lot more technical background as opposed to being the security guy for an enterprise who focuses more on "defense."
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter