PaulDotCom mailing list archives
FW: NIT (Ninja in Training) looking for guidance.
From: lonervamp at gmail.com (Michael Dickey)
Date: Thu, 14 May 2009 11:59:42 -0500
Lots of great suggestions already! I am inclined to say that you stick to your BS studies, even if it is not focused. I know it is not absolutely necessary, but it certainly does help and should repay you back over time. Some more rapidfire suggestions: 1. Get Security+ cert. It's not a glamorous cert, but it's an entry level, inexpensive one that will get your feet wet. If you listen to Pauldotcom regularly, you should be able to grasp the concepts and pass. 2. If you get a chance, pick up a job as a systems admin or network admin. The background is extremely helpful and will add to your experience. If you get a chance to work as a security intern, analyst, or tag-along with a pen testing or auditing crew, consider yourself really lucky for that opp! 3. Read, read, read. Read blogs, read mailing lists, participate as necessary, and as much as not being afraid to work, don't be afraid to ask questions, even those that sound stupid and basic. Few security geeks know every technology field well enough to not sound stupid in something at some point. Get used to it early. :) 4. Build your own network and start playing with tools. While I shouldn't openly condone being a nuisance on open wireless networks, I can't condemn someone for poking around them as well. Run some scans, do some probing/sniffing, see what you can read/decode. Practical experience effort should equal your reading time, eventually. Explore BackTrack 3/4. If you read about neat tools, set aside the time to try them out, even superficially. (A very hard thing for me, personally.) 5. When you get more confident in what you're doing, check out the OSCP courses. They mix videos with reading with practical work. It's not overly expensive and the money winds up in good hands. Consider it a donation to BackTrack. :) I know some of the material in OSCP will be a bit deeper like exploit coding and debugging, but consider it a necessary challenge and learning opportunity. Mubix has mentioned (and I agreee) that this may not get you a job in itself, it still demonstrates desire and should expand your skills. 6. Combine the suggestions for being a volunteer with going to conventions: Volunteer to help set up Shmoocon or other cons in your area, if any. Find out if there is a local hackerspace or infragard group and poke your head in. Few activities in security seem to be as positive as working with other people and sharing ideas. Even just IRC if you have the free time. 7. As Jack Daniel suggested, blog. Not for readers, but for yourself. This gives others a digital "face" to see you and what you're into. It gives you a personal sounding board to practice writing and organizing thoughts. And it gives you a way to document what you do so you can refer to it later on. "Now, how did I always set that server up...?" Documentation is a key concept in IT, and is oft-missed. 8. As early as possible, think about learning a programming language, especially if you have any background in coding or your courses include anything like computer science "lite." If you don't know what to code, play with Metasploit or even find some challenges online. Hopefully Microsoft scripting does their annual "games" again and include Perl or something newer (Python, Ruby). At the very least, learning some coding, even if it is "just" Perl is not a bad thing. Good luck! www.terminal23.net
To: pauldotcom at mail.pauldotcom.com Subject: [Pauldotcom] NIT (Ninja in Training) looking for guidance. Dear PaulDotCom community, I am young (at heart, not in body) aspiring Security Professional. I am currently in a blue collar job (good job just not my passion) and I am wanting to work my way into the Information Security career space. I am looking for a little advice and guidance in my first steps. I was a silly youth and didn't make my way through college (I have a handful of credits). Since dropping out I have grown a little family, wife and 16 month old daughter, so my choices are guided by that a lot (both money and time commitment wise). Currently I am enrolled in an online B.S. in Information Technology degree from University of Massachusetts though I am finding the $300 plus a credit hour (about 6k a year on my current plan), the time in which it will take to complete (about 5 years at 2 classes every semester), and the lack of focus to the information security field disheartening and making me re-evaluating my choice. While I don't mind devoting time and money I would prefer to do it toward something more relevant and focused to where I want to be. I know that I will want take classes from SANS in time but I do not feel that I have the fundamentals yet. I also almost religiously listen to PaulDotCom Security Weekly. So I am hoping that you all will grace me with your earned wisdom and give me a few nudges in the right direction so I don't waist too much time and money. I'm looking for advice on mainly on what are the best building blocks to develop a solid foundation for my Ninja skills. Any programs, certs, classes, books, websites, podcasts, video tutorials that you can think of would be appreciated. In advance, thank you for your time, energies and knowledge. Sincerely, Nick G Your friendly UPS man (though hopefully not for long) ~All healing is self healing.~ P.S.- I feel so newbie and I know doubt will receive some RTFB / RTFM and GIF (Google it Fool) but I'll live through the embarrassment.
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090514/cd1c2888/attachment.htm
Current thread:
- NIT (Ninja in Training) looking for guidance., (continued)
- NIT (Ninja in Training) looking for guidance. Jason Wood (May 13)
- NIT (Ninja in Training) looking for guidance. Dave Ockwell-Jenner (May 13)
- NIT (Ninja in Training) looking for guidance. Jack Daniel (May 13)
- NIT (Ninja in Training) looking for guidance. Robin Wood (May 13)
- NIT (Ninja in Training) looking for guidance. Mike Patterson (May 13)
- NIT (Ninja in Training) looking for guidance. Robin Wood (May 13)
- NIT (Ninja in Training) looking for guidance. Tim Mugherini (May 14)
- NIT (Ninja in Training) looking for guidance. Kennith Asher (May 14)
- NIT (Ninja in Training) looking for guidance. Robin Wood (May 13)
- FW: NIT (Ninja in Training) looking for guidance. Paul Asadoorian (May 14)
- FW: NIT (Ninja in Training) looking for guidance. Nick G (May 20)
- FW: NIT (Ninja in Training) looking for guidance. Dale Stirling (May 20)
- FW: NIT (Ninja in Training) looking for guidance. Robin Wood (May 21)
- FW: NIT (Ninja in Training) looking for guidance. PJ McGarvey (May 21)
- FW: NIT (Ninja in Training) looking for guidance. Paul Asadoorian (May 21)
- FW: NIT (Ninja in Training) looking for guidance. christopher.riley at r-it.at (May 25)