Re: Re: Career Progression

[<rick_list () darwinsweb net>]

Andrew Simmons <andrews () mis-cds com> wrote on 03/25/2004, 20:40:12:
> Having said that I now work for a security firm and, well, let's just say I 
> haven't had any training.

I figured that working for a sec firm information would just kinda rub
off from your co-workers.  <shrug>  I don't work at a sec firm, so I can
romanticize about them.  The grass is always greener they say - unless
you've achieved Zen or you're on mescaline.
 
> Sounds like you're in a similar place to me - I know what I need to know 
> next - C and systems programming (got Perl, got tons of experience with 
> OSes, apps, servers, networks, firewalls et al.) The next step I aspire to 
> is being able to do some original research & publish something useful - ie, 
> not XSS or '../' in some sourceforge webserver.

Yeah, that's about where I'm at.  I'm not sure how much time I should
devote to learning C.  I'm avoiding taking an online college course
(university on your side of the big puddle) since I hated school when I
was in it and I'm sure it didn't get any better since I've left.  Add on
to that the fact that I'm not getting a raise nor bonus this year so
cash is tight.
 
> I think a CS background is what you and I both miss, and my impression is 
> that most if not all the well-known exploit developer /researcher types DO 
> have a formal CS background.

Yeah, I've been noticing that.

Oh, back to the learning C thing.  I keep reading bits and pieces on the
W about how most intro to C books still don't teach secure coding
practices and offer bad coding habits.  Is there a different path to
take?  Would it be prudent to start off with something like the books
mentioned in an earlier thread?  e.g. shellcoders handbook and it's ilk.


-Rick
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave