Having a good knowledge of the major protocols is also part of the core system administrator skill set. After all it is the system administrator who sets up and configures the web server.

Knowing what HTTP status codes are, for example, and what they mean would be useful knowledge for both system administrators and security analysts. Understanding the need and process to lock down a web server, even only taking care of the worst misconfigurations, is also a key skill. The same applies to FTP which is likely also in use. Being able to read and understand those FTP status codes will also bear fruit to both the system administrator and the security analyst.

Both HTTP and FTP are services which are often targeted by malicious hackers. So it is no surprise that understanding how these protocols works is valuable to not only the system administrator but also the security analyst.

Network architecture is an often neglected area for most corporate networks, and system administrators are also the people who are most intimately aware of the network and its layout. With a few changes and tweaks the network can be greatly hardened to attack from both within and without. Such common practices as having a DMZ are now commonplace amongst other more advanced techniques. The whole network architecture and design is therefore a knowledge area that, again, system administrators and security analysts have in common.

Every corporate network today consist of various security devices, including firewalls, anti-virus solutions, content filters, and proxies. Usually, these are all administered by the system administrator. The only difference then between the system administrator and the security analyst is the depth of the knowledge they possess when it comes to the output of the devices. The one defining difference would be that the security analyst is able to actually parse through captured traffic and definitively say if a security alert is valid or not. There are not too many system administrators out there who are comfortable with reading captured packets. That will come with time though, the big thing that system administrators do have is that they are familiar with the setup, configuration, and maintenance of these security devices. With that knowledge you are on almost even footing with the security analyst.

Project management experience is one area of expertise that is always in demand. It is no different then whether you learned and practiced it as a system administrator or as a security analyst. The project management approach applies to any undertaking. You may ask yourself just how it is that a system administrator could gain this body of knowledge. Look at it this way. Every time your network upgrades its operating system or incorporates new services you are in effect applying project management principles to accomplish that task. Upgrading from Microsoft Windows 2000 to Microsoft Windows XP on a corporate network is no small undertaking. A lot of planning must go into it. To have successfully pulled off that upgrade means that you indeed managed a project.

How does this port to the world of the security analyst then? Often security analysts, acting as consultants, will be brought in by large companies to perform large tasks such as Threat Risk Assessments (TRA), design patch management systems as well as other like minded tasks. What all of these have in common is that they require a methodical and structured approach. While it may sound simple to perform a TRA or re-architect a network it most certainly is not. If you are not organized from the start and use a project management approach you will quickly be overwhelmed.

Taking stock

It should be evident by now that many system administrators already have the skills required to be a security analyst. Conversely, you cannot be a security analyst without having knowledge of various operating systems, major protocols such as HTTP, and other such bread and butter system administrator skills.

The relationship between the two jobs is really fairly symbiotic. A good system administrator will not only worry about having a functional network, they will also try to ensure its secure operation. You can’t secure something if you have no knowledge of how it works. A security analyst is a person with a fairly broad based body of knowledge. It is only if you choose to specialize in areas such as penetration testing or Web application security that one must build upon skills already in existence.

For most system administrators, transitioning to the world of the security analyst is not that farfetched.