Re: Security Analyst essential reading for "dummies"

[Mark <markto () widen com>]

Understand that this is a simplified reply to Andi question but I
really liked the way "Walter" said it and is how I have "looked" at
security for years also. ....

Walter wrote:

There are literally hundreds of different sites/resources/blogs
covering InfoSec. SANS is a very well respected security training
organization and frequently has columns/papers discussing infosec
careers. They even have a top 20 infosec job list:
http://www.sans.org/20coolestcareers/

As someone who's been in the field for going on 6 years now, my
personal perspective is that there are 2 very broad categories in
InfoSec careers: defenders (blue team) and white hat attackers (red
team). Pentesting, vulnerability assessments, application security
assessments and the like fit into the latter category. Internal
information security jobs such as firewall admins, security analysts,
security architects, and risk management/security policy development
and the like fit into the former category.

Broadly speaking, you will find more excitement and action in the red
team space because you will typically be exposed to a lot of different
environments especially if you become a consultant. Blue team work
tends to be more constant where you are in charge of a single
environment and are managing risk to that environment. So I suppose
that one way to think about this decision is to think about what is
more exciting to you (finding vulnerabilities/weaknesses and reporting
them, or the satisfaction of knowing that your work is keeping your
employer's network safe).

Another thought to consider is that you could also work for a company
that makes infosec products (A/V vendors, IDS/IPS vendors, identity
management vendors etc).

A final closing thought; it has been my experience that you will get
more satisfaction as an infosec professional if you manage to find a
position where your role is not considered a pure 'cost center'. Many
blue team internal security teams tend to be
understaffed/overworked/underbudgeted because infosec is not seen as a
profit center for many organizations. Organizations which genuinely
care about information security tend to invest more in infosec and
will have better funded internal security teams. Finding such
organizations tends to be rare however because infosec initiatives are
driven mainly by compliance for many companies, and few orgs really
like investing money into compliance initiatives. However, other
organizations, especially service providers tend to be more genuinely
interested in infosec because it can help improve their bottom line.

Personally, I'm a 'blue team' guy, but I have found the most
satisfaction working for an infosec vendor. For us, infosec is
obviously a profit center ;)

Good luck,
Walter


Our 4 cents,

Mark





On Tue, Apr 19, 2011 at 6:05 AM, Morris, Andi <amorris () uwic ac uk> wrote:
> Hi all,
> I potentially have an opportunity to move into a Technical Security Analyst role in the next few weeks providing I 
> don't mess up the interview.  I have a basic-to-intermediate understanding of ISA, vlans, routing, hardware firewalls 
> etc through generally supporting them in a broad term throughout my last few jobs, but I've never been as involved as 
> this role would lead me into.
>
> I currently have "Hacking Exposed: 6th Edition" to read through and wondered whether there are any essential books, 
> websites, online forums that will give me the knowhow to step forward into the role.
>
> Thanks in advance,
> Andi
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------