want to start security career
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: want to start security career

  1. #1
    Member
    Join Date
    Dec 2004
    Posts
    69

    want to start security career

    Hi dear antionliners, I think I am requesting for advice in the right place. Even when I use AO search feature I get a LOT of help. But, Now I want to ask about my career path where I really dunno what should i do next. I live in UK. I have successfully completed A+,Network+, currently attending MCSA and CCNA in the local community college. After this I think I will apply for a job, as low paid as it could be. Then again.I am wondering for security (If there is any chance) I do not have university degree, neither in a position to attend university. I think, I need to carry on with certs.

    Will I have any chances for internship? cuz i do not have college degrees. I am planning to take CCNP in local university as well ; but I have no idea where am I gona reach. After all this, I think I wil end up as an network admin somewhere...someday. As ppl says in AO , that i need start learning hack my own system. I don't really have any basic on that. Don't even know how should I start. In all the certs I have done there is no relation with breaking system for learning sake.

    Could anybody provide me suggestion,If there is any starting point to get into security career? I would be so much thankful.

  2. #2
    T̙͓̞̣̯ͦͭͅͅȂͧͭͧ̏̈͏̖̖Z̿ ͆̎̄
    Join Date
    Dec 2004
    Posts
    3,171
    I'm not sure what you're looking for but if what you said is an indication..." i need start learning hack my own system " this should help...

    http://www.google.ca/search?hl=en&cl...G=Search&meta=
    Google Search: learning to hack my own system

    otherwise, maybe you should check out the links I gave jx who posted a similiar question in this forum.

    Eg

  3. #3
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    http://www.antionline.com/showthread...hreadid=265991

    Many people come and ask "I want to get a career in Security, what do I have to do?"

    #1 answer. Start working in IT. Get a job. Get experience. Get skills. I've been 'in security' since my days walking the beat. It's a mindset and attitude. I spent a year doing server backups, making sure the jobs ran and the tape librarians didn't fudge up the robot arms. Not real glorious work, but I learned new things. During that year, I was still "in security". I'd say Data Protection/Data Security. And it's true, I really did that. I had to make sure unauthorized people didn't restore data, etc.

    People can ask for a lot of guidance, and make a lot of plans, take a lot of classes, but the biggest piece of advice is to get off your duff and get started doing this stuff for a living.

    Don't be afraid, just make a start! Best of luck!
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  4. #4
    Member
    Join Date
    Dec 2004
    Posts
    69
    Thanks zencoder. I think I should start like that, though I have no security knowledge .

  5. #5
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    Well as you get deeper into your networking certs you will learn more about the packets that are flowing through, you will see what is the norm and what is strange as far as amount of traffic, types of packets, etc. this is all part of network security. An oddly high amount of traffic (some items even maxing out the bandwidth) on a network that rarely uses half their bandwidth id a pretty good indication of adware/spyware/virii. When things starts bouncing off the firewall and incredibly high rates it could be a type of DDoS attack. These are just small examples. You may not think you are leaning security but you are. As Zen said, itís a mind set. Itís not about "hacking" itís not about being "1337". When you say you want to learn to "hack your system" thatís exactly what you are learning in your MCSA classes. When you know your system inside and out, know the flaws, know every aspect of it. You will then see how to exploit those flaws. And from there you can fix those flaws (see look, more security)

    Also, get into an IT job as soon as possible, even if it is just a help desk position. The human stupidity factor is a great leaning tool. You learn allot when you have to figure out what a person means when they say "I aint got no button on my TV thingy, and I canít get on that inner web". I you also learn a bunch of tips and tricks to get through the small processes and it gets you IT experience. But with the certs you are going after you probably wonít start at Help desk if you actually know what you are doing.

    Read EVERYTHING you can get your hands on about computers, and start just messing around with one. See what different processes do, plays with multiple OSs just start messing with the computer. If you break it, then fix it. Make sure you have a back up. lol. Stay current on new viruses, new attacks, and new exploits. Youíre looking to get into one of the fastest moving industries around; you need to stay on top of it all. But honestly, I think over all, you need to enjoy what you are doing. Staring at a log file would be boring as hell. Watching the log build while under attack looking for how to stop it. That would bore the hell out of most. But Iím sure most GOOD security guys like doing it. They like locking down their systems and challenging the "hackers" (actually script kiddies in most cases) and beating them.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  6. #6
    Member
    Join Date
    Dec 2004
    Posts
    69
    Thank you so much XTC46, I think I got little smile here . I did mess my computer and hardware stuff while doin A+ , and now can fix anybody's windows (only) . And I am half way through both CCNA and MCSA working at asda ( sister of wallmart) and as i read in AO about CV writing for IT career it really shake me. However,I think I won't be able to start off IT job right now, unless and if I am lucky enough to make my college teacher happy to get me volunteer at college.

    Glad for the information. thanks a lot.

  7. #7
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    check wiht your school. All the colleges around here including the university I work at have IT jobvs for students wh are interested.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  8. #8
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    My point was that you don't need security knowledge. You need IT knowledge and experience...which you've already started to get.

    Security is really a specialized set of skills and knowledge within IT. You have to build on the IT knowledge to gain the Security knowledge.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  9. #9
    Junior Member
    Join Date
    Nov 2003
    Posts
    9

    Ok

    Hi, I am attending college and have also been thinking about the same thing. Working in IT is find and dandy and good for aquiring skill, and getting to know your stuff. But when it comes down to it. Won't most employeers want you do have some sort of education behind what you say? Ok, say. I've been in IT for 5 years. I have my CCNA my CCNP A+ and really know the in's and outs of a system. I highly dout it that anyone would want to hire me for security of any type. but say i attened a college and took a 2-3 year course lets say in Computer law or computer security investigation or network security. Would'nt that greatly Improve my chances in aquiring a job in the security feild after i had some basic IT skills. Tell me if I am wrong, most security people out there now a days are old time computer people that have been at security for years and know there stuff from practice. It hard now a days for us, new "kids" on the block to get into these types of carreries cause frankly there is no formal educaiton center set up the really teach you anything and learning it on your own takes way to long because security is such a massive field now adays with the worlds growing technology where would anyone start. Most schools i have attended for security will just give you a text book tell you to read it give you a few tests and tell you common scence things like, uses good passwords. change them, install this software IDS and won't give you the foggiest idea how any of it works. This site is the only place i have found that actually tells you how things work and actually whats going on behind the scence. Does anyone know a school or a course more then a few weeks long that can give you the in deepth knowledge that is need in todays security world? and if so PLEASE tell me...I won't greatly apprichiate it..

  10. #10
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Well it sounds like you've got it all figured out.

    No reason to look into any of these links:
    http://www.ctucoloradosprings.com/pr...s_security.asp
    CTU offers an online masters degree program for InfoSec

    http://www.cerias.purdue.edu/
    Uhm, this is one of the biggest IS schools around. Spaf is the the director of CERIAS. If you don't know who Spaf is...well, I don't know what to say if you don't know who Spaf is. You're loss.

    http://www.infosec.jmu.edu/
    Another.

    http://www.ini.cmu.edu/academics/
    Another.

    http://www.gtisc.gatech.edu/edInit.htm
    Another.

    I guess the point I'm making... No, that's wrong, and I'm sorry. The point that I've apparently failed to make is this:
    Information Security is a highly specialized industry, like it or not. If you really want to get paid to do this work, you have to do some serious dues-paying. The most important of these dues is 'know your ****', and I mean that in the technical sense. The best way to do that is to work in the industry. You can learn a lot of things by doing it on your own, learning what you can, and participating at fine sites like this one. But to get a job in the security industry with no work experience in IT at all is just not a realistic goal. It's like a newly graduated medical doctor looking to get a job in a specialized surgical field when he only trained to be a general practitioner. Or better yet, you go to a 5 week class to be certified as an armed security guard, and then expecting to be hired by the FBI. Working at McDonalds for 6 weeks and expecting to be on next weeks Iron Chef America.

    I've said it a few times here, but it bears repeating. Once you are a professional in the IT industry, becoming a 'security person' takes little effort. Just decide to do it. Start learning, and start doing. Practice what you preach. And expect it to take a long time.

    I've been in this industry actively for about 5 years, and passively for a LOT longer. I've only really been making decent money at it, as an acknowledged security specialist for the last year or two. Many of the most knowledgeable folks here, whom I have great respect for and consider to be far superior to me, would be classified as working in the IT industry, not the Information Security industry. That doesn't make them any less valuable or knowledgeable. In fact, it proves my point. They are security specialists because they choose to be. They are interested, they have a passion, and they make everything they do 'security related'.

    Now that I'm done with that tirade, I will say that from my experience, the SANS training classes are by far the very best I've ever taken. You get a ton of information thrown at you, and all of it is relevant, pertinent, usable info. You can leave class Friday and start doing the things you learned Monday. They are expensive, and they have a steep entry curve. They are not kidding when they say 'recommended for people with X knowledge and background'.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •