RE: Career Choice

["Andrew Blair" <Andrew.Blair () genmills com>]

I can speak to this strategy having recently chosen it. The security
industry requires trust. Trust requires experience. I took a job for a
larger company knowing I was going in doing tech support. From the first
day I made known my interest in security and actively looked for
opportunities to contribute to security initiatives and expand and share
my security knowledge. After only 9 months (thanks to some auspicious
timing) I was given a job taking care of client security for all PCs in
our company. This job puts me in contact with the people responsible for
securing our servers, networks, and applications.

I would say be willing to start with something basic and use that
opportunity to show security interest and knowledge. After you get some
credibility and have a chance to show your knowledge other opportunities
will start to show up for you.

If you can, get one of the certifications that do not require experience
(Security+ for example). I think it demonstrates that you have at least
a basic competency (results may vary company to company... I've heard
some value it more than others).

Andy

-----Original Message-----
From: Michael Krymson [mailto:krymson () gmail com] 
Sent: Thursday, March 10, 2005 6:24 PM
To: Zaven; security-basics () securityfocus com
Subject: Re: Career Choice

It is a hard road, but you could start out at any sort of entry-level 
position in a company, even Tech Support (yeah I know you will think oh 
God, but the experience should be had at least once in every techies 
career).  Pick a company that you can earn you way up in, Tech Support, 
maybe Systems Administration of some sort, and maybe even earn their
trust 
to give you a shot at security related things.  In all you do though,
keep 
security in mind and on your sleeve.

If you mean in terms of what skills you can hone on your own, certainly 
*nix experience is great.  In fact, if you can, make your main computer
a 
Linux computer (or for the brave, a BSD variant).  Learn some
programming, 
for instance Perl or Python.  With a CS degree, that shouldn't be
foreign 
to you at all.

Learn networking and TCP/IP.  You can do some of that at home with your 
home network.  Grab old PCs that no one wants anymore, some cable, and a

cheap switch and start playing.

For entry level, you'll need those building blocks among other things,
to 
show you have potential and are willing to learn and research on your
own.


At 07:34 PM 3/8/2005, Zaven wrote:

> Britton, Jeff B. wrote:
> >  If you want to break into
> > the security industry right out of school, you'll probably need one of
two
> > things...
> > 1. A darn impressive resume
> > 2. An inside contact to get you a job
>
> I'm about to graduate from a UC with a Comp.Sci degree, and I want to
go 
> into security. Since no one will be trusting the security of their 
> enterprise to a newbie, what types of real-world experience should I be

> shooting for? I've been thinking about expanding my UNIX administration

> skills as a start. What else is valuable for an entry-level SA?
>
> ^Z