Security Basics mailing list archives
RE: Getting In
From: Joe McCray <joe () rootwars org>
Date: Thu, 21 Aug 2003 14:16:34 -0400
Hey Louie, I started as a Network Geek too (Windows/Cisco)a few years ago, and my Information Assurance Officer at my job asked me to go to Def Con. I really enjoyed the Con and I soon found myself at the hacking competition Capture The Flag (CTF). I'd never used Linux, and had never even heard of BSD at that point. I was fortunate enough to find a 17 year old to show me around and introduce me to people. He also had to explain what an and exploit was, buffer overflow was, what a port scan was, and several other things (yes, I was an MCSE). I learned more in that weekend then I did from doing any of my Microsoft/Cisco certifications. Ever since that Def Con I've been hooked. I started buying a lot of books and magazines on security, and that helped but most of that type of stuff just teaches you to run a bunch of tools. I kept going to CTF each year at Def Con, and I soon realized that the people that were really good all had a few things in common: 1. Proficient a few OSs (Unix variants/Linux variants/Windows) 2. Deep understanding of TCP/IP 3. Programming background (C, perl, scripting, etc...) 4. Up to date on vulnerabilities and common hacker tricks/tactics I guarantee you if you have these skill sets someone will hire you. As far as places you can go on the web check out: Good general sites: http://linuxsecurity.org/ http://infosecwriters.com/ Logging/IDS: http://honeypots.org/ids/links http://loganalysis.org/ http://www.counterpane.com/log-analysis.html Wargame/RootWar Sites: http://www.hackerslab.org/eorg/ http://roothack.org/ http://quiz.ngsec.biz:8080/ Hope this points you in the right direction.... Joe McCray joe () rootwars org http://www.rootwars.org Hacking Games Hands-on Courses HackLab Access Quoting Louie <tech.louie () verizon net>:
Hey Joe McCray, I was wondering what other sites would I be able to learn about security? I check out the url that you posted on here. I myself have been in the tech world for about 5 yrs. I would like to move on to security and intrusion detection. So any other sites that you could think of can you post them for me or anyone else? Plus I notice that your part of root-wars. You must be very good in linux also too? Louie -----Original Message----- From: Joe McCray [mailto:joe () rootwars org] Sent: Wednesday, August 20, 2003 12:24 AM To: chort Cc: security-basics () securityfocus com Subject: Re: Getting In As far as getting the security experience - your software development background should be real plus. A lot of people come into the security field from the network administration side of the house (myself included). There are a lot of groups out there on the net that are good for learning about security. Some places that you might want to check out are honeypots.org, sans.org/rr, infosecwriters.com, and then there are the sites that are more geared toward what I'd call "functional knowledge" places like pulltheplug.com, roothack.org, and ngsec.com. Joe McCray joe () rootwars org http://www.rootwars.org Hacking Games Hands-on Courses HackLab Access Quoting chort <chort () amaunetsgothique com>:On Sat, 2003-08-09 at 04:28, Mike Westwrote:Guys I know you have probably been askedthis question many times but heregoes.I am currently a security enthusiastand employed as a software developerfor a large Telco company however Iwould like to get into the securityfield but I am finding it a verytight market to get into.How would be the best way to make astart in the Security field. As I havefound that most company's will notlook at your CV unless you have had 2years proffesionalexperience/certification and you can't get acertification until you have theexperience etc.Thanks in advance MikeFor me it was dumb luck. I jumped outof University half way through aCIS degree to get started in techduring the boom. Initially I was anadvanced troubleshooting technicianfor an ISP, then I moved to anotherISP, then to an e-mail hostingprovider where I spent several years.After the hosting provider laid me offfor the second time I did theusual round of posting resumes on jobsites and re-motivating myself toself-educate. I finally finishedreading Building Internet Firewallsfrom O'Reilly, which turned out to bea very smart move.By dumb luck one of the leading e-mailsecurity companies contacted me(because of my e-mail background) andthanks to the fact that I wasaware of security best practices andtechniques, I got the job.Now I'm loving InfoSec. It'severything I always wanted to do, butnever thought I had enough experiencefor.My advices is to read some good books(such as Building InternetFirewalls, and Hacking Exposed) andtake some time to play around withsetting up different operating systemsat home, then locking them downand connecting them to your network(it helps to buy cheap old boxes ata used computer shop or on eBay).Obtain an entry level certificate ifyou have the time and money (maybe theSecurity+ or SSCP). Then justcross your fingers and hope for anopportunity.-- Brian Keefer ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------------- ---------------------------------------- ------------------------------------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Getting In Mike West (Aug 11)
- Re: Getting In chort (Aug 15)
- Re: Getting In Joe McCray (Aug 20)
- RE: Getting In Louie (Aug 21)
- RE: Getting In Joe McCray (Aug 21)
- Re: Getting In Joe McCray (Aug 20)
- Re: Getting In chort (Aug 15)
- <Possible follow-ups>
- RE: Getting In Duffy Hazelhurst (Aug 12)
- RE: Getting In David Gillett (Aug 12)
- RE: Getting In Jay Woody (Aug 12)
- RE: Getting In Michael LaSalvia (Aug 12)
- RE: Getting In Manuel Lanctot (Aug 12)
- RE: Getting In Michael LaSalvia (Aug 13)
- RE: Getting In Michael LaSalvia (Aug 12)
- RE: Getting In Michael LaSalvia (Aug 12)