Re: what is required for an engineer to become an SECURITY engineer

[Jose Maria Lopez <jkerouac () bgsec com>]

El jue, 23 de 12 de 2004 a las 07:42, Ravi Kumar escribió:
> Hi,
>   I was asked to prepare syllabus for security management,incident
> handling,forensics analysis, intrusion detection etc., Th intention is
> train an engineer to become a SECURITY engineer.
>
>    we know there are several certifications which are designed for this
> purpose. I want from you with your security experience tell us what
> should an BASIC course for security really requires.
>
>   If industry wants to recruit an engineer for its security needs what
> type of experience they look for?
>
> Note: Please dont relate my question with any certifications and be generic.
>
> Thanks for any help,
> -Ravi

This is probably the most complicated question ever sent to this
list. I'll explain why I think so.

A security engineer should have a *very* *very* wide of tech
knowledge. He should be able to understand, configure and monitor
the hardware of the networks. He must know almost everything about
the operating systems that he wants to secure. He must be aware of
the dangers of Physical Security Threats and Social Engineering. He
must know the most important Opensource and Comercial tools to
secure systems. He must know how to treat with Incidents. He must
know about Forensics. I could follow ad infinitum.

But believe me. The most important thing about a security engineer
it's the personal abilities. Knowledge can be adquired with time
and courses, but the personal abilities are inherent to the person
and it's very difficult to adquire new ones.

So the first thing you must do it's to select the right person,
even if it's not the one that has the more complete knowledge
in the field. And the second thing more important for me it's
experience. The security field it's always changing and the
threats can be of many kinds, it's very important to have a
background of managing threats to face the new ones. So you
should select also a person with experience.


-- 
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac () bgsec com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------