Don Parker, 2008-01-31
A lot of the emails sent to me ask a basic question: Just how does one break into computer security or what skills should you learn to get that first security job. Lately though, I have been receiving many more queries on specifically how one can leverage an existing skill set to become an information-technology security analyst.
Colapse all |
Post comment
Skills for the Future
2008-02-01
Grant Bugher
Grant Bugher
Some good advice here! I took a different path into the security industry, by way of app development, and have seen a lot of other pats into the industry, too. I have a post on Perimeter Grid about other ways to get a job in information security -- http://perimetergrid.com/wp/2008/01/31/how-to-get...
[ more ] [ reply ]
[ more ] [ reply ]
Skills for the Future
2008-02-01
Anonymous (3 replies)
Anonymous (3 replies)
What about the skill of WRITING CODE? This is by far the most vital component to security because all of these systems are software. If you don't know how to write code you are totally useless. ...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Skills for the Future
2008-02-02
Don Parker
Don Parker
Hola Anonymous,
Well writing code is of utmost importance to programmers actually. It is most certainly a huge advantage to security personnel as well. That said, you can certainly do an excellent job without having programming skills. Then again, programming skills come in various shades in my u...
[ more ] [ reply ]
Well writing code is of utmost importance to programmers actually. It is most certainly a huge advantage to security personnel as well. That said, you can certainly do an excellent job without having programming skills. Then again, programming skills come in various shades in my u...
[ more ] [ reply ]
Re: Skills for the Future
2008-02-02
Anonymous (3 replies)
Anonymous (3 replies)
I don't need to write code when I can hire 100 Indians do it for me at $10.00Hr...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Re: Skills for the Future
2008-02-07
Anonymous
Anonymous
For network security, Don's advice is great. For Application security, you need additional skills. You cannot just take for granted that having one skill set, you will be comfortable with the other. It's apples and oranges and that is what most recruiters and managers don't understand.
...
[ more ] [ reply ]
...
[ more ] [ reply ]
Re: Skills for the Future
2008-02-13
Anonymous (1 replies)
Anonymous (1 replies)
Re: Re: Skills for the Future
2008-02-26
Anonymous
Anonymous
No, I believe he meant writing. I have been doing this for a very long time and while my background is in sys admin and network engineering I have also, for fun and out of necessity learned many languages.
Sys admin and network engineering skills for a very rudimentary basic foundation. Without ...
[ more ] [ reply ]
Sys admin and network engineering skills for a very rudimentary basic foundation. Without ...
[ more ] [ reply ]
Skills for the Future
2008-02-13
Anonymous (1 replies)
Anonymous (1 replies)
I think these skills are needed for a sysadmin job. Not security. You really should have a lot more 'skills' than just knowing what a 403 means or know what a port scanner is. Understanding of basic protocols is a requirement for a system admin job, knowing whats broken about them and how to fix the...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Skills for the Future
2008-02-14
Anonymous
Anonymous
Hey ho anonymous,
I would say you are doing a disservice to both the info sec community and the sys admin one by your post. My rebuttal to you would be as follows. If you want to attain status as an upper end info sec analyst then yes indeed you need to be able to code and read C and ASM plus scr...
[ more ] [ reply ]
I would say you are doing a disservice to both the info sec community and the sys admin one by your post. My rebuttal to you would be as follows. If you want to attain status as an upper end info sec analyst then yes indeed you need to be able to code and read C and ASM plus scr...
[ more ] [ reply ]
Skills for the Future - HA!
2008-02-14
Anonymous (1 replies)
Anonymous (1 replies)
No wonder why most security folks don't know security. You're basically saying that you don't need to understand what XSS, SQL injections, encryption, or buffer overflows mean.
Only Windows and firewall experience is all you need along with a CISSP.
For the past few people I've interviewed for...
[ more ] [ reply ]
Only Windows and firewall experience is all you need along with a CISSP.
For the past few people I've interviewed for...
[ more ] [ reply ]
Re: Skills for the Future - HA!
2008-02-18
Don Parker (1 replies)
Don Parker (1 replies)
Hi there,
The list of skills that I presented were not an exhaustive one. Also as mentioned, I said that if you wish to specialize in web app security that you will need to build upon the base of skills that I listed. I'm not sure why you equate skill with explaining what a buffer overflow, or SQ...
[ more ] [ reply ]
The list of skills that I presented were not an exhaustive one. Also as mentioned, I said that if you wish to specialize in web app security that you will need to build upon the base of skills that I listed. I'm not sure why you equate skill with explaining what a buffer overflow, or SQ...
[ more ] [ reply ]
Re: Re: Skills for the Future - HA!
2008-02-19
Anonymous
Anonymous
There is MUCH more to security than just system administration. System administration, while important and gives a hands-on experience, is not the same as understanding security as there are many bad sysadmins out there.
I come from a sysadmin background, and I still think your list is bogus. You...
[ more ] [ reply ]
I come from a sysadmin background, and I still think your list is bogus. You...
[ more ] [ reply ]
Skills for the Future
2008-02-20
Savik (1 replies)
Savik (1 replies)
While I understand that the skills listed are not exhaustive they are naked -- or rather useless, even when combined, unless you know and understand how to apply basic tenets of security that have been around since time immemorial. These principles are barely given notice and hardly ever expounded u...
[ more ] [ reply ]
[ more ] [ reply ]
Skills for the Future
2008-02-20
Oliver Lavery
Oliver Lavery
For the future? This article describes a very infrastructure-centric skill set. As more and more security companies are moving towards the application security space, it's definitely worth pointing out that development skills are increasingly valued as a background for infosec.
In transitioning p...
[ more ] [ reply ]
In transitioning p...
[ more ] [ reply ]
[ more ] [ reply ]