FW: NIT (Ninja in Training) looking for guidance.

[lonervamp at gmail.com (Michael Dickey)]

Lots of great suggestions already! I am inclined to say that you stick to
your BS studies, even if it is not focused. I know it is not absolutely
necessary, but it certainly does help and should repay you back over time.

Some more rapidfire suggestions:

1. Get Security+ cert. It's not a glamorous cert, but it's an entry level,
inexpensive one that will get your feet wet. If you listen to Pauldotcom
regularly, you should be able to grasp the concepts and pass.

2. If you get a chance, pick up a job as a systems admin or network admin.
The background is extremely helpful and will add to your experience. If you
get a chance to work as a security intern, analyst, or tag-along with a pen
testing or auditing crew, consider yourself really lucky for that opp!

3. Read, read, read. Read blogs, read mailing lists, participate as
necessary, and as much as not being afraid to work, don't be afraid to ask
questions, even those that sound stupid and basic. Few security geeks know
every technology field well enough to not sound stupid in something at some
point. Get used to it early. :)

4. Build your own network and start playing with tools. While I shouldn't
openly condone being a nuisance on open wireless networks, I can't condemn
someone for poking around them as well. Run some scans, do some
probing/sniffing, see what you can read/decode. Practical experience effort
should equal your reading time, eventually. Explore BackTrack 3/4. If you
read about neat tools, set aside the time to try them out, even
superficially. (A very hard thing for me, personally.)

5. When you get more confident in what you're doing, check out the OSCP
courses. They mix videos with reading with practical work. It's not overly
expensive and the money winds up in good hands. Consider it a donation to
BackTrack. :) I know some of the material in OSCP will be a bit deeper like
exploit coding and debugging, but consider it a necessary challenge and
learning opportunity. Mubix has mentioned (and I agreee) that this may not
get you a job in itself, it still demonstrates desire and should expand your
skills.

6. Combine the suggestions for being a volunteer with going to conventions:
Volunteer to help set up Shmoocon or other cons in your area, if any. Find
out if there is a local hackerspace or infragard group and poke your head
in. Few activities in security seem to be as positive as working with other
people and sharing ideas. Even just IRC if you have the free time.

7. As Jack Daniel suggested, blog. Not for readers, but for yourself. This
gives others a digital "face" to see you and what you're into. It gives you
a personal sounding board to practice writing and organizing thoughts. And
it gives you a way to document what you do so you can refer to it later on.
"Now, how did I always set that server up...?" Documentation is a key
concept in IT, and is oft-missed.
8. As early as possible, think about learning a programming language,
especially if you have any background in coding or your courses include
anything like computer science "lite." If you don't know what to code, play
with Metasploit or even find some challenges online. Hopefully Microsoft
scripting does their annual "games" again and include Perl or something
newer (Python, Ruby). At the very least, learning some coding, even if it is
"just" Perl is not a bad thing.

Good luck!

www.terminal23.net


> To: pauldotcom at mail.pauldotcom.com
> Subject: [Pauldotcom] NIT (Ninja in Training) looking for guidance.
>
> Dear PaulDotCom community,
>
> I am young (at heart, not in body) aspiring Security Professional.  I
> am currently in a blue collar job (good job just not my passion) and I
> am wanting to work my way into the Information Security career space.
> I am looking for a little advice and guidance in my first steps.  I
> was a silly youth and didn't make my way through college (I have a
> handful of credits).  Since dropping out I have grown a little family,
> wife and 16 month old daughter, so my choices are guided by that a lot
> (both money and time commitment wise).  Currently I am enrolled in an
> online B.S. in Information Technology degree from University of
> Massachusetts though I am finding the $300 plus a credit hour (about
> 6k a year on my current plan), the time in which it will take to
> complete (about 5 years at 2 classes every semester), and the lack of
> focus to the information security field disheartening and making me
> re-evaluating my choice.  While I don't mind devoting time and money I
> would prefer to do it toward something more relevant and focused to
> where I want to be.
> I know that I will want take classes from SANS in time but I do not
> feel that I have the fundamentals yet.  I also almost religiously
> listen to PaulDotCom Security Weekly.
>
> So I am hoping that you all will grace me with your earned wisdom and
> give me a few nudges in the right direction so I don't waist too much
> time and money.
> I'm looking for advice on mainly on what are the best building blocks
> to develop a solid foundation for my Ninja skills.  Any programs,
> certs, classes, books, websites, podcasts, video tutorials that you
> can think of would be appreciated.
>
> In advance, thank you for your time, energies and knowledge.
>
> Sincerely,
> Nick G
> Your friendly UPS man (though hopefully not for long)
>
> ~All healing is self healing.~
>
> P.S.- I feel so newbie and I know doubt will receive some RTFB / RTFM
> and GIF (Google it Fool) but I'll live through the embarrassment.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090514/cd1c2888/attachment.htm