From Programming Job to Computer Security Specialist

[cartools]

Greeting!!!

I'm an Advance Oracle Programmer and I want to change my job into an IT Security Expert, where will I start considering I have a basic knowledge on some Network essentials.

[pooh sun tzu]

The are many paths in which you could start, but I recommend only two things: Read, and ask questions.

There are many tutorials and security related topics here, spread across the forums and also directly in the tutorial section, that I recommend you look at. I recommend spending time on http://www.google.com searching about various subjects that interest you or you have questions with. There is no clear cut first step into security as the field itself is broad and wide. Once you have read the tutorials, read the guides, then begin to ask questions to test and further your knowledge. We will be here to answer anything you have and welcome you into the field of Network Security Consulting!

[cartools]

Ok thanks, I'll be sure to try it and tell you how it goes. Thanks.

[CT2600]

Have you thought about looking into the CISSP certification?

[CyberSorcerer]

Hello cartools

Let me say one thing. You can have all the certifications you can pin on your wall, all it shows is that you can pass a securtity test. If you want to get into the security field learn to hack networks and OS's.

I am a security consultant in Las Vegas and the only time I spend time in a class is to TALK to students and field questions on computer security. I say field questions because I don't give direct answers to any security question from students. People REMEMBER Hackers have a VERY creative thinking mind. When a black hat hacker is trying to break into a network their is no teacher their to answer questions or help. He is on his own and MUST solve the problem HIMSELF.

After all of that, I am going to give you a home work assignment..LOL

Go build yourself a small computer (486, Pentium II) box and install a default version of any Linux, UNIX, or Solaris OS and get yourself nmap (if you can't find it I have a one for you) and a vulnerability assessment tool. After you have this all set-up, use these tools to COMPLETELY secure that box. If you want to learn computer security stay away from Windows to begin with. After you learn your way around how an Operating System works, figuring out Windows will come very easy.

Hope this gets you started.

CyberSorcerer

[R0n1n]

I have to disagree somewhat with CyberSorcerer. First, while certifications are not the silver bullet in getting a security job many empoyers look for them so they help to get your foot in the door. Just get a couple at most, don`t spend all your time doing tests.

Next forgert about learning to 'hack networks' instead start off by understanding networks, read about the joys (?) of TCP/IP, network architecture etc.. and build from that. Then learn about operating systems, the in's and out's, learn some programming skills, then you will finally be able to think about hacking. If you don`t do that I fear you become one of those people who can tellyou all about the latest exploit but can`t actually explain how it affects you and why you should spend some money on dealing with it. So my homework assignment would be to read TCP/IP Illustrated volume 1 and go from there.

Of course the best way to do this is going to be to set up a newtork you can play around with, learn how it works, don`t just build it and then lock it down and then spend the next day trying to figure out why you can no longer access shared drives.

Also, try and start with what you know, if you are an Oracle programmer then why not have a look at Oracle security, see how that works, how you can implement it, what its strengths and weaknesses are etc...then take the knowledge you gain from that and start to apply it to other operating systems. There are serveal core themes (i.e Confidentiality, integrity, and availability) that are the same across all the security areas so once you get a grasp of those you will find the whole subject a lot easier to handle, and if Windows is what you know then take your new found knowledge and apply it to that, then look at Solaris etc..

And finally if you want to be good then learn how to explain security issues in clear language, and also how to justify to someone why they need to spend $XXXXXXX on a new IDS, or new firewall. Far too many people in the field bombard those making the financial decisions with jargon and then wonder why none of their ideas get implemented.

Good luck

[CyberSorcerer]

I do agree with you R0n1n But!

If cartools or anyone for that matter wants to get into the IT security field and did not start out in school as a computer science major, then it just comes down to how fast they want to get into the field. They can start school now and go that route. If you plan to pass anyone of the top security certifications you are not going to do it just by reading a few books over the year and take the test. You will need a pretty wide scope of knowledge.

If you take my path it will much harder of your part because you will basically need to REALLY know how to breach a companies network if you want to work for them. BELIEVE me, If you break into their system and make a super-user account that will allow you full access, Certification or Not, THEY WILL INTERVIEW YOU.

CyberSorcerer

[R0n1n]

Cartools, trying to hack a system in order to get an interview will result in an interview, probably with your arresting officer, thats about it. Stories that end up other then this are few and far between. Learn how and why this stuff works the way it does, taking the newest exploit and running it against company XYZ is not going to get you any kind of job offer. I work for a large securirty consultancy and am in fact the only ex "hacker' there is, the rest of the staff are people who have learnt this over time (and i do not have a computer science major). Seiously, if you do this, you will most likely be caught (as you have not learnt the how and why) and will not be able to get any kind of security job whatsoever.

The best thing to do is in the company you work for now try and get some security exposure and then take it from there, and realise that its going to take sometime to get a good grasp on the subject.

[souleman]

www.sans.org
www.giac.org

BELIEVE me, If you break into their system and make a super-user account that will allow you full access, Certification or Not, THEY WILL INTERVIEW YOU.

or more likely they will have you arrested. any skript kiddie can hack a network. it just takes time finding one that is vunerable to the scripts they have. So when they exploit an unsecure system with an old script that they downloaded from packetstorm, does that mean they know anything about security?

according to your website you are a...

freelance web designer, applications programmer, multimedia designer, and game designer.

you would think that you would include something about the security aspects on your website... not to mention completing your website....

[CyberSorcerer]

Ok, it doesn't need to get off topic from what cartool posted. Cartool if you want to get into the field bad enough, you will.

I do agree script-kiddies don't know much about security or networking for that matter. But in my post I did say creat a super-user account so that you could get back in no matter if you were outside the network, or in the companies main office with the network admin beside you. Show me a script kiddie that can accomplish that???

CyberSorcerer