NIT (Ninja in Training) looking for guidance.

[paul at pauldotcom.com (Paul Asadoorian)]

Hi Nick!

Thanks for writing in, and thanks to everyone who has responded so far.
 I thought I would chime in with some of the things we tell people who
come to us with this very question.

First, setup a home lab.  VMware makes free versions of their software,
and there are thousands of pre-configured virtual hosts available on
their web site.  Don't just focus on setting up security tools either,
try to setup a file server using Samba and lock it down (for example).
I was on an interview once for one of my first UNIX systems
administrator jobs and they asked me if I had experience with NFS.  I
said I sure did, I run it at home.  They looked puzzled at first, but
when I could answer all their technical questions about NFS, they, well,
they hired me :) (I also brought pictures of my computers at home, not
that I recommend that, but its one of those funny interview stories).

Second, don't underestimate training and certification (including a
degree).  When you are first getting into the field a certification can
go a long way to getting your foot in the door.  SANS runs specials all
the time, so look for deals.  In fact, sometimes they run free classes!
(They ran an IPv6 course for free).

Third, webcasts and podcasts are free, listen to them :)  Also, books
can be free too
(http://books.google.com/books?q=hacking+security&btnG=Search+Books).

Good luck and thanks for listening!

Cheers,
Paul

> I am young (at heart, not in body) aspiring Security Professional.  I
> am currently in a blue collar job (good job just not my passion) and I
> am wanting to work my way into the Information Security career space.
> I am looking for a little advice and guidance in my first steps.  I
> was a silly youth and didn't make my way through college (I have a
> handful of credits).  Since dropping out I have grown a little family,
> wife and 16 month old daughter, so my choices are guided by that a lot
> (both money and time commitment wise).  Currently I am enrolled in an
> online B.S. in Information Technology degree from University of
> Massachusetts though I am finding the $300 plus a credit hour (about
> 6k a year on my current plan), the time in which it will take to
> complete (about 5 years at 2 classes every semester), and the lack of
> focus to the information security field disheartening and making me
> re-evaluating my choice.  While I don't mind devoting time and money I
> would prefer to do it toward something more relevant and focused to
> where I want to be.
> I know that I will want take classes from SANS in time but I do not
> feel that I have the fundamentals yet.  I also almost religiously
> listen to PaulDotCom Security Weekly.
>
> So I am hoping that you all will grace me with your earned wisdom and
> give me a few nudges in the right direction so I don't waist too much
> time and money.
> I'm looking for advice on mainly on what are the best building blocks
> to develop a solid foundation for my Ninja skills.  Any programs,
> certs, classes, books, websites, podcasts, video tutorials that you
> can think of would be appreciated.
>
> In advance, thank you for your time, energies and knowledge.
>
> Sincerely,
> Nick G
> Your friendly UPS man (though hopefully not for long)
>
> ~All healing is self healing.~
>
> P.S.- I feel so newbie and I know doubt will receive some RTFB / RTFM
> and GIF (Google it Fool) but I'll live through the embarrassment.
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com

-- 
Paul Asadoorian
PaulDotCom Enterprises
Web: http://pauldotcom.com
Phone: 401.829.9552