Hello everyone,
Just wondering if anyone has any good advice on how to get into an InfoSec career. Been circling the idea for over a year, but can't seem to find any real solid career path or solid program. Looking to switch careers. Have a BA and 7 years professional experience, project management in book publishing industry.
ITT Tech seems a little sketchy, and there is this National Security program in Livermore from UNH (www.newhaven.edu/psps/nati...rity.html) that seems very interesting, just can't find quite enough info on it.
Also not sure about job viability post-training. Seems like it's such a new field, not a lot of openings. I don't want to spend a few years getting another degree or MA and then have no job prospects on the other side of it.
Just wondering if anyone has any good advice on how to get into an InfoSec career. Been circling the idea for over a year, but can't seem to find any real solid career path or solid program. Looking to switch careers. Have a BA and 7 years professional experience, project management in book publishing industry.
ITT Tech seems a little sketchy, and there is this National Security program in Livermore from UNH (www.newhaven.edu/psps/nati...rity.html) that seems very interesting, just can't find quite enough info on it.
Also not sure about job viability post-training. Seems like it's such a new field, not a lot of openings. I don't want to spend a few years getting another degree or MA and then have no job prospects on the other side of it.
-
Re: How to break into InfoSec career?
Wed, March 31, 2004 - 6:49 PMYou need to study computer science, learn to code in C and solve problems in the information security area. I would not agree that infosec is a new field, it is a field that has not been taken seriously or to be more specific when information exchange is designed the security aspect is not paid attention to.
When you say you have been looking for a solid career path what do you mean? Do you mean security engineer? security consultant? Firewall admin? Sysadmin? -
-
Re: How to break into InfoSec career?
Fri, April 2, 2004 - 3:24 PMWell, initially computer forensics investigator was what piqued my interest.
I figured I'd have to get back into programming at some point (get back in, heh, haven't done any since PASCAL in high school) w/ C. -
-
Unsu...
Re: How to break into InfoSec career?
Mon, April 5, 2004 - 7:45 AMAs for a career path, most of the interesting work right now is in research or working for the government. Most of the everyday forensic work is actually done by FBI field agents nowadays. There's not much practical (paying) work out there aside from consulting or creating a product or service. Most of security services out there are also bundled together with 'systems admin' work by IT companies.
To businesses, the idea is still to just 'ship it' without much investment in security. Another thing is that when businesses make decisions about money, security is one of the first things that gets cut from their budget.
Also to be competitive security, you must have a reasonably broad expertise in networking, systems admin, programming, and actually breaking systems (it helps if you have authored a few exploits or viruses). -
-
Re: How to break into InfoSec career?
Mon, April 5, 2004 - 11:29 AM"(it helps if you have authored a few exploits or viruses)"
I'll agree with the first but strongly disagree with the second. If you want a career in InfoSec, DON'T WRITE ANY VIRUSES EVER. There's a real difference between the two.
Tim -
-
Re: How to break into InfoSec career?
Thu, April 15, 2004 - 3:49 AMi'm a bit late for this thread, but hey, i just joined...
Tim is right on here. If you're looking toward a white hat future, i would even avoid writing any "exploits" as i define them. (although the definition is a bit broad in this sense.)
i think my point is that throwing together some concept code and understanding how things like stack and heap overflows work will help you to understand the mechanics of software security. if that's what you want to do with your time.
as for breaking into the industry; in my opinion, avoid any "traditional" education, and go for a certification or thirty with a specific group of technologies or concepts. then build on those skills.
a far from exhaustive list of examples can be found at
technology.monster.com/articl...tycert/
-jeph
extraneous definition: (because if i didn't add it...)
(i agree with the second half)
<snip>
exploit
<security> A security hole or an instance of taking advantage
of a security hole.
"[...] hackers say exploit. sysadmins say hole"
-- Mike Emke (emke.com/).
Emke reports that the stress is on the second syllable. If
this is true, this may be a case of hackerly zero-deriving
verbs (especially instantials) from nouns, akin to "write" as
a noun to describe an instance of a disk drive writing to a
disk.
(2001-11-24)
Source: The Free On-line Dictionary of Computing, © 1993-2003 Denis Howe
<snip> -
-
Re: How to break into InfoSec career?
Fri, June 4, 2004 - 12:32 AMI figured I'd add my $0.02 in here since I actually do this for a living :-) There are three major "learning curves" that lead you towards the nirvana of InfoSec technology. Expertise in Application development, expertise in network engineering, and expertise in systems administration (various OSs help). The problem is that most people become an expert in one of these three areas and only touch on the other two. To really get to the architectural stage, you sort of have to experiance all of them as a real work implementor rather than an experimenter.
Its hard to define this well since there are a lot of people out there that hack away and know a lot about security. What they miss out on is the architectural arena. That is, the more experiance you have in real world situations, the more you can apply this to architectural design. Hmmm, I'll have to think of a better analogy.
To give you an idea how hard it is to find someone who *really* understands this area and is good and design and implementation, we had an opening that took over 9 months of a search to fill. In those 9 months there were probably around 30+ team interviews (this is discounting all the resumes that never made it that far).
Ok, so thats near the top of the arc. How do you get started? Well, start taking jobs where you can learn from someone else who is better than you in one of the three areas. Learn from that person and move on to a different job, a different mentor, and a different topic. Learn to both develop/build systems as well as *operate* them. By operations, deal with a 24/7 NOC and field all their calls for engineering support. Work yourself into remediation of InfoSec violations. Learn about equipment and how to use *multiple* vendors for the same piece...
Hm, in re-reading this, it looks like I'm rambling. Maybe I am, but its a start :-)
Marcos (www.geekstyle.net)
-
-
Unsu...
Re: How to break into InfoSec career?
Wed, November 17, 2004 - 6:55 AMI agree...
I would also recommend that you get experiences in a broad range of IT skills. Another entry point to look at is IT auditing... IT auditors seem to burn out pretty quickly and companies love to hire ex-auditors because they are viewed as insiders that know how to make them audit proof and as a result secure. Although this maybe a wet dream on the part of the companies, it is an entry point in to InofSec. It also exposes you to a lot of difference areas / functions within a company which helps you learn and apply.
-
-
Re: How to break into InfoSec career?
Sat, November 6, 2004 - 1:25 AMthat is funny.. mostly the govt outsources this stuff to private companies...
-
-
-
