FW: NIT (Ninja in Training) looking for guidance.

[paul at pauldotcom.com (Paul Asadoorian)]

Excellent advice Michael!  It closely mirrors a post that will be up
next week on this topic.  I've summarized much of what has been posted
here and added my own experiences.

Bonus: remember I said I took a picture of my computers to an interview?
 I found the pic and its in the blog post ;)

Post should drop Monday, I link to this archive thread as a reference,
and hopefully we can encourage a whole new generation of grasshoppers :)

Thanks!

Cheers,
Paul

Michael Dickey wrote:
> Lots of great suggestions already! I am inclined to say that you stick
> to your BS studies, even if it is not focused. I know it is not
> absolutely necessary, but it certainly does help and should repay you
> back over time.
>  
> Some more rapidfire suggestions:
>  
> 1. Get Security+ cert. It's not a glamorous cert, but it's an entry
> level, inexpensive one that will get your feet wet. If you listen to
> Pauldotcom regularly, you should be able to grasp the concepts and pass.
>  
> 2. If you get a chance, pick up a job as a systems admin or network
> admin. The background is extremely helpful and will add to your
> experience. If you get a chance to work as a security intern, analyst,
> or tag-along with a pen testing or auditing crew, consider yourself
> really lucky for that opp!
>  
> 3. Read, read, read. Read blogs, read mailing lists, participate as
> necessary, and as much as not being afraid to work, don't be afraid to
> ask questions, even those that sound stupid and basic. Few security
> geeks know every technology field well enough to not sound stupid in
> something at some point. Get used to it early. :)
>  
> 4. Build your own network and start playing with tools. While I
> shouldn't openly condone being a nuisance on open wireless networks, I
> can't condemn someone for poking around them as well. Run some scans, do
> some probing/sniffing, see what you can read/decode. Practical
> experience effort should equal your reading time, eventually. Explore
> BackTrack 3/4. If you read about neat tools, set aside the time to try
> them out, even superficially. (A very hard thing for me, personally.)
>  
> 5. When you get more confident in what you're doing, check out the OSCP
> courses. They mix videos with reading with practical work. It's not
> overly expensive and the money winds up in good hands. Consider it a
> donation to BackTrack. :) I know some of the material in OSCP will be a
> bit deeper like exploit coding and debugging, but consider it a
> necessary challenge and learning opportunity. Mubix has mentioned (and I
> agreee) that this may not get you a job in itself, it still demonstrates
> desire and should expand your skills.
>  
> 6. Combine the suggestions for being a volunteer with going to
> conventions: Volunteer to help set up Shmoocon or other cons in your
> area, if any. Find out if there is a local hackerspace or infragard
> group and poke your head in. Few activities in security seem to be as
> positive as working with other people and sharing ideas. Even just IRC
> if you have the free time.
>  
> 7. As Jack Daniel suggested, blog. Not for readers, but for yourself.
> This gives others a digital "face" to see you and what you're into. It
> gives you a personal sounding board to practice writing and organizing
> thoughts. And it gives you a way to document what you do so you can
> refer to it later on. "Now, how did I always set that server up...?"
> Documentation is a key concept in IT, and is oft-missed.
> 8. As early as possible, think about learning a programming language,
> especially if you have any background in coding or your courses include
> anything like computer science "lite." If you don't know what to code,
> play with Metasploit or even find some challenges online. Hopefully
> Microsoft scripting does their annual "games" again and include Perl or
> something newer (Python, Ruby). At the very least, learning some coding,
> even if it is "just" Perl is not a bad thing.
>  
> Good luck!
>  
> www.terminal23.net <http://www.terminal23.net/>
>
>
>     To: pauldotcom at mail.pauldotcom.com
>     <mailto:pauldotcom at mail.pauldotcom.com>
>     Subject: [Pauldotcom] NIT (Ninja in Training) looking for guidance.
>
>     Dear PaulDotCom community,
>
>     I am young (at heart, not in body) aspiring Security Professional.  I
>     am currently in a blue collar job (good job just not my passion) and I
>     am wanting to work my way into the Information Security career space.
>     I am looking for a little advice and guidance in my first steps.  I
>     was a silly youth and didn't make my way through college (I have a
>     handful of credits).  Since dropping out I have grown a little family,
>     wife and 16 month old daughter, so my choices are guided by that a lot
>     (both money and time commitment wise).  Currently I am enrolled in an
>     online B.S. in Information Technology degree from University of
>     Massachusetts though I am finding the $300 plus a credit hour (about
>     6k a year on my current plan), the time in which it will take to
>     complete (about 5 years at 2 classes every semester), and the lack of
>     focus to the information security field disheartening and making me
>     re-evaluating my choice.  While I don't mind devoting time and money I
>     would prefer to do it toward something more relevant and focused to
>     where I want to be.
>     I know that I will want take classes from SANS in time but I do not
>     feel that I have the fundamentals yet.  I also almost religiously
>     listen to PaulDotCom Security Weekly.
>
>     So I am hoping that you all will grace me with your earned wisdom and
>     give me a few nudges in the right direction so I don't waist too much
>     time and money.
>     I'm looking for advice on mainly on what are the best building blocks
>     to develop a solid foundation for my Ninja skills.  Any programs,
>     certs, classes, books, websites, podcasts, video tutorials that you
>     can think of would be appreciated.
>
>     In advance, thank you for your time, energies and knowledge.
>
>     Sincerely,
>     Nick G
>     Your friendly UPS man (though hopefully not for long)
>
>     ~All healing is self healing.~
>
>     P.S.- I feel so newbie and I know doubt will receive some RTFB / RTFM
>     and GIF (Google it Fool) but I'll live through the embarrassment.
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com

-- 
Paul Asadoorian
PaulDotCom Enterprises
Web: http://pauldotcom.com
Phone: 401.829.9552