IDS mailing list archives
RE: what is required for an engineer to become an SECURITY engineer
From: <skander.ben.mansour () accenture com>
Date: Thu, 6 Jan 2005 14:52:40 +0100
Hello Ravi, Aside from the technical knowledge that is essential to a career in infosec engineering, security engineers also should have the appropriate mindset. How many of you ever heard "Nobody would ever do that" when pointing out an exploitable flaw in a system or process ? Security people mindset differs from the network/systems administrator point of view in that we are trying to prevent unauthorized access, when systems administrators' first goal is to grant access and get the service running. While complete paranoia is not the answer, a healthy amount of creative thinking is required when designing, evaluating and testing information systems. The ISECOM (Institute for Security and Open Methodologies) has an interesting training material covering these aspects of the information security career: Jack of All Trades: http://www.isecom.org/projects/jack.shtml "Jack began as a mentality-determining method for hiring penetration testers. It's reach became central to teach people security by applying what they already know to security. As applied security knowledge is essentially based on critical thinking, observation, and analysis, the Jack exercises exist to exploit the mentor-method of teaching these skills." I hope this helps. Best Regards, Skander Ben Mansour, CISA CISSP --- http://www.benmansour.net -----Original Message----- From: Jason Baeder [mailto:jason_baeder () yahoo com] Sent: lundi 3 janvier 2005 18:50 To: focus-ids () securityfocus com; 'Ravi Kumar' Subject: Re: what is required for an engineer to become an SECURITY engineer
Hi, I was asked to prepare syllabus for security management,incident handling,forensics analysis, intrusion detection etc., Th intentionistrain an engineer to become a SECURITY engineer. we know there are several certifications which are designed forthispurpose. I want from you with your security experience tell us what should an BASIC course for security really requires. If industry wants to recruit an engineer for its security needswhattype of experience they look for? Note: Please dont relate my question with any certifications and begeneric.Thanks for any help, -Ravi
Ravi, The list from skill2die4 was exceedingly relevant for a "BASIC course" in security. (How many of you went down that list thinking to yourselves, "Yup, know that; yup, know that..."?) All of those "hard" skills can be taught. As with any professional field, there are many different roles. Those hard skills may be sufficient for a junior IDS analyst in a SOC, for instance, or a junior firewall engineer. Such a course such as you suggest could re-train a network or systems engineer to become more security-focused and assume one of these roles. IMHO, I believe there are some "soft" skills that can not be taught in the classroom, and some that only come with time and experience. Jose Maria Lopez touched upon this; I feel some expansion upon this topic is needed. 1) Understand the network and the systems attached to it. Just as you need to know the basics of network protocols and OS functions (hard skills), you need to know the normal parameters of operation of the network that you are protecting. You need to know where are the WAN connections, and why they are there. You need to know what servers reside where and what purpose they serve. You need to know what "normal" traffic is to be expected on the network. 2) Understand the business. Beyond the nuts and bolts of #1, if you don't understand the business where you work (or the client you serve), you can't understand how the network and systems are used, and thus you can't adequately understand the security needs of the organization. Moreover, you won't be able to perform that fine balancing act among the business needs, the operational needs, and the security needs of the organization. 3) Be customer- and service-oriented. Surely a profession that relies on so much knowledge of bits and bytes at the most detailed level can't rely on something as touchy-feely as customer skills?, you ask. Ask me again when you have an angry program manager on the phone who perceives YOU as the obstacle to his successfully testing a new application that requires unfettered Internet connectivity. Point #2 looms large here, and diplomacy, tact and creativity are absolute necessities. With the right attitude, even sales and marketing will be your friends. ;-) Not all security jobs will put you face-to-face with everyone from the CIO (or CEO) to the router engineers to the application coders to the sysadmins to the sales guy from Kansas City. But I have had jobs where that has been the case, and find these skills are just as necessary as my knowledge of PKI or TCP flags. Jason Baeder CISSP, GCIA __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------------------------ -- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ -- This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Re: what is required for an engineer to become an SECURITY engineer Jason Baeder (Jan 05)
- <Possible follow-ups>
- RE: what is required for an engineer to become an SECURITY engineer skander.ben.mansour (Jan 06)