Security Basics mailing list archives
Re: Career Choice
From: Michael Booxbaum Sardinas <michael.sardinas () worldlearning org>
Date: Thu, 10 Mar 2005 11:11:58 -0500
Richard:Definately take the advice given so far. The one piece I have not heard yet is to run your own server somewhere seperate from work. If you can get a box hosted somewhere, I would recommend that.
I am not an expert in the field, but I do have a personal server located off my work network. Because it is not behind a firewall (aside from iptables) I get to see all kinds of very interesting network traffic. Exploring all the log entries, and what causes them is a real good intro into network security.
Besides, the fear of having your own box hacked because it is on the front lines is a real motivator to hone your security skills. And if you do get hacked, you can even hone your forensic skills!
just my $0.02 Michael. --"Why shouldn't we give our teachers a license to obtain software, all software, any software, for nothing? Does anyone demand a licensing fee, each time a child is taught the alphabet?" -- William Gibson.
// Michael Booxbaum Sardinas Student Computing Specialist Educational Technology World Learning (802)258-3513 michael.sardinas () worldlearning org \\ Richard Kirk wrote:
Britton, Forbes, Fuhriman:I am currently a low-level admin assistant (not security related but I have been asked for suggestions). I have known since before I started my major that it would be years after I graduate that I would actually get a position that titled me as Computer Forensic Specialist. I also plan on taking some "specialist" courses outside of my current school (TBD) and even possible get my Masters. My dream job would be to work with FBI/CIA/NSA. I have even talked with people from each to get an understanding of what they are looking for but the gentleman from NSA (who has been doing security for them for years) was the only one that was helpful the others did not know because they where recruiters or representatives. I know that "personal/work" experience is the best and knowing someone is the best way to go. Thank You Forbes for the offer as an Intern; you are correct I'm not located near you. David: I have been getting more into this and have set up my own "lab environment" to hack and secure my systems. The more I look into this I see that everything (vulnerabilities, flaws) are based off the programming. Using already created tools is fine but I want to know "how" that X virus abused Y vulnerability and that lies within the code (right?) As far as making a website, I'm actually currently working on this. I believe it will act as a great resume reference to show my knowledge, skills, and even the experience alone, as far as securing it (on my own server). I have a lot of thoughts on this about setting up a honeypot (honestly, I don't know if that is a good idea without a dedicated connection just for that...so this will probably be put off). When it comes to "design" I lack the skills to make unique logos and "visual" style (the organization is simple) If you have any suggestion on how I can increase the "visual" aspect of my future website please feel free to share. Kleiman: Your suggestion is great! I never gave consideration to looking into local law enforcement or state attorney offices for additional experience and idea of what skills are needed. I will defiantly look into this option now. On Tue, 8 Mar 2005 22:11:53 -0500, dave kleiman <dave () isecureu com> wrote:Richard, One thing you can definitely do if your goal is Forensics. Find your Local Sheriff's / Police department that has Computer Crimes Unit and volunteer your free time. Trust me they can use the help, most of them have a work load that is beyond belief. Almost all PD and SO's have volunteer programs. It will give you the opportunity to see the skill sets you will need. You will of course be limited to what you are allowed to be involved in, but experience is experience, I volunteer 100-200 hours a year to my local Sheriff's and States Attorneys office and it is as much a benefit for me as it is for them. Regards, ___________________________________________________ Dave Kleiman, CIFI, CISM, CISSP, ISSAP, ISSMP, MCSE www.SecurityBreachResponse.com www.ComputerForensicInvestigations.com -----Original Message----- From: Joseph Forbes [mailto:jftitan () gmail com] Sent: Tuesday, March 08, 2005 20:19 To: Britton, Jeff B. Cc: security-basics () securityfocus com Subject: Re: Career Choice Kirk, I will second Britton's thoughts on what will be needed of you once you graduate from school. I can also admit that it is true that the two options available to you are real. Either have a very nice resume that shows that you have spent your time wise, and well during school within the security field. OR know someone within the field to give you the heads up on a opening within the job market, or company needing administrators. I have been in corporate scale network solutions for over five years, and I am just now finishing up my Bachlers degree in Network Security. Of course I have been a fortunate person within my teens to already be involved with technology. I started young, and I have a resume to show for it. If your not already working for a company as a "lowly" tech, then I suggest to get your feet wet and get into it. Course, if your already in a high paying job, and making the choice to expand your horizon, then stick with your job, however start volunteering for anything technical/network related. If your in San Antonio (which I would bet not) then I can offer a Intern position... just follow the signature. On Tue, 8 Mar 2005 13:11:42 -0500, Britton, Jeff B. <JBBritton () lmus leggmason com> wrote:I've been in security for appx 2 years now, and I can't begin to tell you how much programming experience helps. An overall programming language class is critical - to understand the building blocks of all languages, both sequential and object oriented. Not only do you become capable of automating many parts of your job (which in turn saves time and $$...something every manager likes to see) but you are also able to get a much better handle on specific vulnerabilies/expoits and how they directly affect whatever you areinvestigating.Be very careful when you get into MIS or CIS... I was a COSC major and can tell you that CIS and MIS are much broader degree's, and for lack of a better term, much easier than COSC or similar. If you want to break into the security industry right out of school, you'll probably need one of two things... 1. A darn impressive resume 2. An inside contact to get you a job Best of luck. -----Original Message----- From: Richard Kirk [mailto:saviente () gmail com] Sent: Tuesday, March 08, 2005 8:10 AM To: security-basics () securityfocus com Subject: Career Choice I am currently a student at DeVry University studding Network Communications Management. My true concentration is in security forensics. In any case the more I looking into vulnerabilities and network flaws the issues come from within the programming of the application/protocol etc. and most assaults use multiple programming languages to execute these attacks. I have two questions, the first is should I be learning how to program? My current studies have only one programming language course (Intro to Java). Second, will the Bachelors degree I'm getting help me get into the field I'm looking for or should I change my major to something else such as MIS or CIS? Thank You for your time Best Regards IMPORTANT: The security of electronic mail sent through the Internet is not guaranteed. Legg Mason therefore recommends that you do not send confidential information to us via electronic mail, including social security numbers, account numbers, and personal identificationnumbers.Delivery, and timely delivery, of electronic mail is also not guaranteed. Legg Mason therefore recommends that you do not send time-sensitive or action-oriented messages to us via electronic mail, including authorization to "buy" or "sell" a security or instructions to conduct any other financial transaction. Such requests, orders or instructions will not be processed until Legg Mason can confirm your instructions or obtain appropriate written documentation where necessary.-- Joseph Forbes "Don't Forget to Salt the Fries!" Network Security Administrator SwapNEtwork eXtreme, Inc. jftitan () satx rr com (jftitan () swapnetx com) cell 210.834.3450 fax 775.415.9280
Current thread:
- Career Choice Richard Kirk (Mar 08)
- Re: Career Choice Mitchell Rowton (Mar 08)
- <Possible follow-ups>
- RE: Career Choice Depp, Dennis M. (Mar 08)
- RE: Career Choice Britton, Jeff B. (Mar 08)
- Re: Career Choice Joseph Forbes (Mar 08)
- RE: Career Choice dave kleiman (Mar 09)
- Re: Career Choice Geoff Scott (Mar 10)
- RE: Career Choice Kelley (Mar 10)
- Message not available
- Re: Career Choice Richard Kirk (Mar 09)
- Re: Career Choice Michael Booxbaum Sardinas (Mar 10)
- Re: Career Choice Richard Kirk (Mar 10)
- Re: Career Choice Kinnell (Mar 10)
- Re: Career Choice Joseph Forbes (Mar 08)
- Re: Career Choice Michael Krymson (Mar 11)