alamarco
o.O
join:2003-06-18
Windsor, ON
clubs:
 ·Cogeco Cable
|  How did you become a security experts?
This is mainly for those who are at the top of the food chain with regards to security.
As the subject suggests, the question here is how did you become a security expert? For example, was it testing every piece of malware you could get your hands on? Was it reading every bit of information you could on every piece of malware that came into the world of computers? Was it schooling?
I'd like as many opinions as possible, as security is a thing that interests me the most about computers. I always love browsing/lurking around in this forum to see the latest news on security matters. I know enough to protect my PC and my families PC's, but I'd like to expand that and become more of an expert myself. I look up to most of the top security experts here in hopes of one day becoming at least half of what you guys are. |
|
Steve
Pipe Wrench Fight
Consultant
join:2001-03-10
Yorba Linda, CA
| Help others.
Nothing substitutes for a curious mind or an interest in the technology, but helping others is what pushes you to learn in areas you would not necessarily choose on your own.•look at a firewall log and see if you can characterize what's going on.
•Help somebody free a machine of spyware (i.e., hone your Hijack This! skills)
•Post a review of a security program you've discovered. and so on.
All of these things add to both your knowledge and your good karma.
Steve
--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site |
|
Daniel
Premium,MVM
join:2000-06-26
Pleasanton, CA
clubs:
3 edits | reply to alamarco
A few of my thoughts on the matter:
•Be Passionate About It
You can't get to the top if you don't truly love what you do. I think you can do decently well, but you won't ever see the upper levels. This is especially true in Security where it takes so much continual effort to stay current.
•Don't Be Intimidated By Anything
Many people in I.T. are pretty solid with a few technologies but have areas that they'll never get into because they think they are "above" them. I often hear, "Oh, that's programming, I'm not touching that.", or "I don't mess with that Unix stuff." That kind of approach will keep you limited for life, and for a security professional it's pretty much a sign of death. The top security pros approach the unknown very similarly, i.e. by saying, "That can't be too hard..." That's the attitude you need to have.
•Be An Engineer, Not A Technician
If you don't understand how things work then you will stay at the bottom of the ladder in this field. Knowing how to operate things isn't enough. Problem-solving, which is ultimately what consultants and most infosec professionals do, requires an understanding of the issue at hand, as well as how the solution functions. You can't be a button-pusher and get to the top.
•Combine Book Knowledge with Hands-On
Many screw this up in one direction or the other, and it's not something you can get away with in Security as easily. It's related to the previous one, but is different enough to mention. In this field you need to not only study theory but also know how to implement that knowledge in real-world environments. If you study but can't see how it applies you're dead, and if you can implement but don't understand underlying concepts you're dead too (see above). You have to have both. I strongly recommend investing in a considerable lab environment and implementing what you find interesting during your reading.
•Sharpen Your Communication Skills
Few things are as important as the ability to communicate well. This includes both verbal and written communication. It's not enough to know lots of things; you have to be able to get that knowledge out there to your client/users in a way that is useful to them. Imagine you have two ratings on a scale of 1-10: message and interface. Well, the impact of your communication is the product of the two. So if your message is a 10, but your interface to the client (how well you communicated it) was only a 2, your overall score is just a 20. But if your message is a 9 and your interface is an 8 then your score is a 72. You need both.
** Note: refined version at: »dmiessler.com/archives/954
--
dmiessler.com -- grep understanding knowledge |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
 ·AT&T Midwest
| reply to alamarco
As the subject suggests, the question here is how did you become a security expert? The old fashioned way. Somebody hacked into one of our servers, and I had to quickly learn how to deal with it, and how to make sure it wouldn't happen again. |
|
Krispy
Premium,VIP
join:2001-12-11
the stix
| reply to alamarco
said by alamarco  :As the subject suggests, the question here is how did you become a security expert? I have no freakin' clue...am I an expert even?!
I dunno, I get this question alot and basically my answer is 'where there's a will there's a way' - I was super interested in it so would geek out in front of the computer and learned lots and put that to use and people recognized it.
That said times are changing, when I started out there wasn't much in the way of 'computer' degrees and much like my counterparts in the security industry I have little related qualification for what I am skilled at (I actually went to school for recording engineering) but these days there are degrees and courses for network security and the pendulum between what you know and what the piece of paper says you know swings back and forth so who knows what employers are looking for right now but I can tell you that the network security field has lots of jobs available for the right people (and don't be scared away by the job listings that are asking for insane qualifications...apply anyway).
--
you can lead a horse to the water but you cannot make him drink...you can put a man through school but you cannot make him think --ben harper |
|
alamarco
o.O
join:2003-06-18
Windsor, ON
clubs:
·Cogeco Cable
| reply to alamarco
Thank-you for all the replies so far, I appreciate them all. I don't think I do enough of helping other people, more over because I'm afraid of getting stuck. After reading these replies, I realize that without getting stuck you'll go no where as you learn the most when you solve things that are difficult. I just set up a day to go over a friends house to help clean up the PC  . I hope to make that a regular thing, though not that regular, because that would mean they aren't learning anything themselves  . I also want to try posting more here .
I think when ever I get the money I'm going to buy a separate server to fool around with. Hopefully sometime soon, that way I can experience things first hand and see what/how they're doing things.
I'm actually going to school for network security, but I doubt this will be enough as school tends to be outdated and don't teach you everything you need to know.
Thanks again for all the replies, the more the welcome. I'm sure others have thought about this question without asking out loud . |
|
SpannerITWks
Premium
join:2005-04-22
| reply to alamarco
Sorry just seen this " This is mainly for those who are at the top of the food chain with regards to security "
I'm outa here lol.
Spanner
--
I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks
/SpannerITWks |
|
Kilroy
Premium,MVM
join:2002-11-21
Sterling Heights, MI
| reply to alamarco
Like nwrickert , for self preservation. When the network that you thought was secure gets hit by MSBlaster because someone hooked their work laptop up to the home network to browse the web, then brings their infected laptop back to your network you take an interest in security real fast.
I don't do it full time, was just an advisor for a year or so until a formal group was formed. I really wouldn't enjoy doing it full time so I didn't apply.
I just try and keep up the the problems that could affect me and forward them on to the folks in charge if they are major. The problem with dealing with a large established network is that the fix can break 100 other things.
--
I'm for freedom - go ahead and call me a terrorist. I won't give up my freedom for you to feel safe. |
|
MagMan
Life is simpler when you tell the truth.
Premium
join:2003-10-01
Westlake, OH
·AT&T Midwest
·AT&T Midwest
| reply to SpannerITWks
said by SpannerITWks :Sorry just seen this " This is mainly for those who are at the top of the food chain with regards to security " I'm outa here lol. Spanner Your to humble Spanner you deserve to be up on that soap box to.
--
"The truth is incontrovertible, malice may attack it, ignorance may deride it, but in the end; there it is." |
|
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
| reply to alamarco
1) Use computers. If you dont use them, you just cant know them.
2) Keep yourself "up-to-date" with security issues. This way you know whats happening and will learn HUGE amount of other data too.
3) Be interested about the issues and have courage on doing what you know is right.
4) Repeat steps 1-3.
--
My computer security & privacy related homepage »www.markusjansson.net Use HushTools or GnuPG/PGP to encrypt any email before sending it to me to protect our privacy. |
|
cluelessn00b
@anon-online.org | reply to alamarco
Dam, it took me 4 years to learn to be a button pusher, so you say I still have more to learn?! |
|
cork1958
Cork
join:2000-02-26
Fruitport, MI
·Verizon Online DSL
·Charter Pipeline
| reply to jansson_mark
said by jansson_mark :1) Use computers. If you dont use them, you just cant know them. 2) Keep yourself "up-to-date" with security issues. This way you know whats happening and will learn HUGE amount of other data too. 3) Be interested about the issues and have courage on doing what you know is right. 4) Repeat steps 1-3. That's about it! 
--
Do the walk
Zenwalk Linux 3.0 |
|
ahulett
Life Without Walls
Premium
join:2003-02-02
Bellevue, WA
| reply to alamarco
In addition to the great advice already provided, you may also consider including a specific security discipline in your learning. Along with gaining knowledge and experience with the security landscape as a whole, pick a specific area, drill down into it as much as possible, and become an expert at it. Having a specialty makes you more attractive to potential companies, especially if the job or role has a specific knowledge request that you are proficient at.
Depends on if you want a better understanding to help more protect yourself and others, or if you're looking for a career in this space.
Aaron
--
Aaron Hulett | Microsoft Corporation | This posting is provided "AS IS" without warranty, and confers no rights. |
|
jrs8084
Premium
join:2002-03-02
Statesville, NC
·AT&T Southeast
| reply to Daniel
•Sharpen Your Communication Skills
Few things are as important as the ability to communicate well. This includes both verbal and oral communication.
And the difference between verbal and oral communication is?
Sorry, I couldn't resist. Good information. |
|
Daniel
Premium,MVM
join:2000-06-26
Pleasanton, CA
clubs:
| said by jrs8084 :And the difference between verbal and oral communication is? Sorry, I couldn't resist. Good information. One uses more verbs. Duh.
(thanks...I'm off to fix that now...)
--
dmiessler.com -- grep understanding knowledge |
|
BarneyBadAss
Badasses Fight For Freedom
Premium
join:2004-05-07
00001
 ·Verizon FIOS
| reply to alamarco
said by alamarco :Thank-you for all the replies so far, I appreciate them all. I don't think I do enough of helping other people, more over because I'm afraid of getting stuck. But it's the getting stuck that makes it interesting. When you get really stuck and ask for help, you expand you knowledge.
--
---Barney |
|
alamarco
o.O
join:2003-06-18
Windsor, ON
clubs:
·Cogeco Cable
| reply to alamarco
Thanks again for all the replies, I'm actually putting most advice in a word document for future reference. A lot of this stuff is gold, exactly what I was looking for. In a day or two, after hopefully more replies, I plan to look at everything and lay down a path. Until now I've never really took initiative towards my future, but I want to make security my future. |
|
dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA
·Comcast
| reply to BarneyBadAss
said by BarneyBadAss :said by alamarco :Thank-you for all the replies so far, I appreciate them all. I don't think I do enough of helping other people, more over because I'm afraid of getting stuck. But it's the getting stuck that makes it interesting. When you get really stuck and ask for help, you expand you knowledge. Agreed! If you never ask questions, you may never get the answer.
--
Think outside the Fox... Opera |
|
Kiwi
Premium
join:2003-05-26
USA
·Comcast
·Aristotle Internet
| reply to alamarco
The day one gets a tic about some really screwed up BS on their PC, is the day that an interest arises! Then that thought moves on, as well demonstrated by many
Just spent more than four hours getting this replacement Laptop clean....Yes, it's easier to format and find drivers; but I would like to see some of the hidden stuff
The lower "Life Forms" keep on trucking..Lol
Somehow it seems those that grew up with DOS [For a WIN environment] had a grip on what & how things really worked.
Experts are a dime a dozen & they are always RIGHT..Lol
Cheers |
|
sruser
join:2005-04-21
Arlington, VA | reply to alamarco
Crespo,
Check out www.retrobox.com for used computers. I have ordered 4 computers off this site at really good prices. If all you need is a box, keyboard, and mouse then this will fit your need. Hope this helps. |
|
