RE: Security books, portals, blogs and videos

["Miguel Valentin" <valentinousn () verizon net>]

I don't work in the security field nor am I certified in any security
profession. I guarantee you that being a bookworm is not going to get you
anywhere as far as a job is concerned. If you want further proof of this go
to www.scmagazine.com and check out their story on certifications and the
process required to get certified as security professional. I work in Unix
and have been since '95 and I've learned more from other's in my field,
hands-on / classroom training than from books alone. No one is going to hire
someone especially in the security field just because you studied the books
and passed the tests. A lot of what a security professional knows is derived
from years spent working in I/T and he/she most likely progressed from
System Administration position's to the security field. You must know your
enemy in order to defeat your enemy!! Most security professionals have
worked in I/T for approximately 10 or more years before jumping into the
security field. You can't get that same knowledge and expertise from just
reading books, blogs, or magazines. You're probably thinking that if I'm not
certified in security then how would I know this? Because I keep up with
what's going not only in my own field, Unix, but everything that happens in
the I/T in general. I receive emails daily from Security focus on different
security-related topics and from other website's, magazine's, and just plain
ol' detective work on my part throughout the internet. Plus I also pick the
brains of my fellow co-worker's on what's going on that they may know that I
missed. Does that give me the knowledge necessary to just read a few books
and then take the exams to become certified as a security professional??
No!! Why?? Because I lack the daily hands-on knowledge necessary to know
what to do, what to look for, how to use the various tools security
professionals use when doing forensic work, and most of all the skill's to
do all this and present it to management in a manner in which they
understand. Plus everything else a security professional needs to know in
order to be able to effectively market them self. In other words, you have
to know how to walk the talk. Paper certifications will get you no where if
you can't show that you know how to do what is expected of you. In the early
90's when Novell was the King of Network's there were lot's of guy's out
there selling themselves off as CNE's, CNA's, and whatever other title
Novell gave out. But when they tackled their first assignment they fell flat
on their face because they were what was then called "Paper CNE's" or "Paper
CNA's". They took the same approach you're trying and it didn't do anything
good except cause themselves much embarrassment and ultimately getting
fired. Go around the internet a few times and find out exactly what is
required in order to get into the security field CORRECTLY before going
about it the way you intend to. Later on you'll be glad you did. ISC(2) is a
good place to start and the SANS website is another as is
www.securityfocus.com They have ton's of information online to give you an
idea of what is required and how to go about it. Good luck in whatever you
choose to do!!

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of sun sadm
Sent: Saturday, September 09, 2006 11:50 AM
To: security-basics () securityfocus com
Subject: Security books, portals, blogs and videos

Hi colleague,

I work since a few years in Sun Solaris system administration. I wish
to get a job as security professional, rather than UNIX guy. By auto
didactic training I will get the necessary knowledge for information
security.

- What books would you recommend me? Whats essential reading for every
security guy?
- What blogs you recommend me?
- What print magazines and online portals?

Generally speaking: What did you do to get a job in security field?

thanks
Nico

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------




---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------