A few tips to get you started, and keep in mind along the way:

1. Find an OS you are comfortable with and master it. Don't just learn it, but figure out what makes it tick. Don't let gossip and heresay alter your perseptions on which OS is better than the other. Read http://www.antionline.com/showthread...hreadid=254589

2. Understand the concept of hacking is differerent than the concept of cracking. While cracking is moreso about computer security penetration, hacking is discovering the "why is it insecure? what makes it insecure? how could I make it more secure?" Embrace hacking, but know that to understand the aspects of cracking and grey-hat hacking means you will not only be able to understand how to defend an attack, but by learning how attacks work and how they would be preformed you can better impliment security measures in specifics and perfection.

3. Read the fscking manual. I can not stress this enough. If you do not know how something works, read the RFC. Read the manual. Read the help file. Read the installation file. Read the documentation. Read the forums. The reason I say this is not because people here are unwilling to answer questions, but because sometimes it is better for both memory and experience to learn it on one's own rather than have the answer handed to us.

4. Even with #3, don't be afraid to ask questions after you have exausted your resources. An answered question, no matter the content of the question, is better than a question never asked. We all started somewhere, and understand (AND REMEMBER) the harder times starting out.

5. Be prepared to purchase books on security (such as CERT, SAM, Hacking Exposed). However, never preassume that the book is 100% correct. Read it and study it, but keep a cynical mind. Cross check things if you are not sure.

6. Combining most of the above: Get hands on experience. Purchase a cheap 12 inch monitor and an old pentium 233. Slap a UNIX or BSD based operating system on there (command line only) and learn how to secure it, how to break it. Get used to the functionality of how command line works, for both Windows and UNIX/BSD. Hands on experience is what forges scholarly knowledge into experience, and experience into wisdom.

7. Get your hands on absolutley anything related to security. Read tutorial sections from top to bottom. Find something you don't quite understand yet? No worries, set it to the side and come back to it in a few weeks. Suddenly, a large part of what once confused you will make sense. Subscribe to a few security related newsletters. Keep up with security related news, products, security product reviews, exploits, etc. This industry moves fast, so you have to work hard to keep up.

8. Remember to stop once in a while and take a break. Relax, play a few games. Keep in mind that this field, while the above seven points may make it seem like a hectic and overbearing job, can be incredibly fun. If you try to move too far too fast in security, you will burn out. If you move too slow, you will still be attempting the bluebox trick So, find a comfortable median in which to learn and operate with.

9. Learn a programming language. Be it BASIC, PASCAL, Java, C, C#, etc etc etc.. learn one. Get masterful at it, and learn another one. Why? Programming is the root of security and operating systems. Learn it well enough to eventually give back to the security community after all they have given you. Make a difference, be a hacker.


May the Tao bring experience and happiness upon your path in security!