From Programming Job to Computer Security Specialist

[CyberSorcerer]

Sorry but I did finish reading your post..

Yes my sig is old and being in computers for close to 20 years I have an extensive knowledge of them. I make my living from freelancing and consulting work. I have worked on everything from CP/M all the way up to Solaris.

If you want a whole list of what I do, I am a seller of ebay, a freelance coder of rentacoder.com, graphic/logo design, custom application development etc! I pay my bills with my 20 years off computer experience don't have a guaranteed weekly check like some people but I do make a very nice living and have free time for family and friends.... That is being rich in my opinion......

CyberSorcerer

[cartools]

All of you guys just gave me an idea or scope of what to do. Certifications, experimentals, and other reading materials is what I should expect to do in the first month. Im applying for an IT Security Personnel, to be based on some part of the middle east, and hopefully, I can do it with just a little time and more effort. I hope I can attain my desire to be one of you, guys. In which expertise? Hopefully, to be the best of what I can reach.

Thanks CyberSorcerer, Ron1n, souleman, CT2600, pooh sun tzu for such contribution and support...

[HTRegz]

Originally posted here by CyberSorcerer
Ok, it doesn't need to get off topic from what cartool posted. Cartool if you want to get into the field bad enough, you will.

I do agree script-kiddies don't know much about security or networking for that matter. But in my post I did say creat a super-user account so that you could get back in no matter if you were outside the network, or in the companies main office with the network admin beside you. Show me a script kiddie that can accomplish that???

CyberSorcerer

I was going to say I hope you are joking, but i think we can already accept that you are the joke, you've proven that yourself. Hack a Network and they'll hire you???? Sounds like something out of the movies. Hell the fact that I demonstrated a flaw in my Network Services departments security scheme got me labelled a hacker. You also said forget about Windows???? Are you a retard, or just trying to look like one? If you get a job working security for the majority of companies you will be dealing with Windows boxes. If you know linux inside and out, that isn't going to help you one f***ing bit on a Windows box. If anyone accepts a word that you've said as the truth, I will be praying for their soul, they're going to need it. As far as script kiddies get super-user access. Piece of cake. use a Unicode or Double Decode attack against an IIS server, then use one of the many privledge escalation tools that are out there. How about the Samba Autorooter for exploiting vulnerable Samba installs. Then it's just a matter of planting your backdoor or rootkit and making sure you hide your tracks. If you truly believe that a script kiddie can't create a super-user account or get access to one, you are sadly mistaken.. and trust me... no one on this site is going to take anything you say at face-value... Hell right now you could tell me your AntiOnline handle was CyberSorcerer and I'd have a hard time believing you.


cartools: listen to everyone else. Get a few certs, but make sure they are ones that count, set-up your test network and then read everything you can. I've suggested it to people before, read the Hacking Exposed line... I think they are amazing and I know several people that agree, here and at work. Your resume plays a big role. Most employers go through and pick out keywoards. They just scan the resumes and if you have the words they are looking for you may make it to the interview and then you can impress them. Make sure you use the buzz words in your resume and can back up that experience in an interview.

[Juridian]

while network security is fun and all, it isn't all there is. I'd recommend taking a peek at the various fields related to security and checking out what might interest you and what the demand is for that position. As a software developer I'm more inclined to go the route of security engineer in development.

[cartools]

Do we have an online certification program on the web? or I'll just take up some money and spend on it?

[CyberSorcerer]

Ok I give up

truely, with all the secured networks out there from certified knowledgable network experts, I don't really know what the government is so worried about that some third world country or terriorst org will cause any harm.

Let me take an example right out of a security manual. This is what it calls to ROOT of the network security problems today.

1. Network and Host misconfiguration
2. Operating system and application flaws
3. Definiencies in vendor QA/QC efforts and response
4. Lack of QUALIFIED people in the field

Now there is a quandary. How can there be a lack of QUALIFIED people in the field if organizations and companies only hire QUALIFIED or certified people?

I really do give up. I can not answer that myself. Sorry if this is out of line but it is a problem to this day I have not seen any answer correctly.

CyberSorcerer

[anjali]

Not sure of online certification.... But yes u can have online training for GIAC certified courses....

Now these courses are extensive and cover all concepts that u would need to know when u involve in inf. security profession....

All said.... Agree with HTRegz that breaking a system is a much simpler job.. But what makes the profession unique is the challenge to prevent ur inf. assets from getting hacked from so many threats that it is exposed....

Remember a famous quote on Information Secuirty.. " YOU ARE AS SECURED AS YOUR WEAKEST LINK" ... Simple example would be that you may have the best lock avaiable attached to your door... But if the walls are weak or if windows are not properly secured and intruder can still get an access to your territory.....

Hence : Cetifications help.. but you should equip yourself with extensive knowledge on inf. security.... have to dirty ur hands by actually working with tools..... and yes a decent knowledge of network is a must.....

BTW... being a oracle expert.. as mentioned by someone u can also take up database security as ur line of interest....

[cartools]

Thanks for the advice, anjali...actually, I have a basic knowledge in Database security in Oracle. And since that is a startup for me... I'd rather go on studying Security Essentials.

[anjali]

I guess following certification from SANS can be of some help to you...

GIAC Security Essentials Certification (GSEC)

Level: Foundational

Renewal: Every two years

Target: Security Professionals that want to fill the gaps in their understanding of technical information security; System, Security, and Network Administrators that want to understand the pragmatic applications of the CBK; managers that want to understand information security beyond simple terminology and concepts; anyone new to information security with some background in information systems and networking.
GIAC Security Essentials Certification graduates have the knowledge, skills and abilities to incorporate good information security practice in any organization. The GSEC tests the essential knowledge and skills required of any individual with security responsibilities within an organization

Click on the link to know more about this course... http://www.sans.org/onlinetraining/track1.php

Alternatively u could appear for CISSP .. http://www.cccure.org

I am sure above courses will help u equip with confidence and knowledge to move into information security domain....

[Juridian]

GSEC covers the essentials and actual technical work. It also now covers the cissp cbk. The training and certification test can all be done online. I finished mine a while ago that way...

The cissp however is more of a management certification. If all else fails go GSEC before CISSP and then you have a good foundation in place for your CISSP work.