OS and Software > All Things Unix > Career path / directional help?

Career path / directional help?

Hi,

Nothing replaces a sound theoretical background. I'd suggest going to a University and studying Computer Science. Truly understand the theory and the concepts behind computing. When coupled with practical knowledge, the combination makes solving technical problems easy.

I'd also suggest you start to read. Anything well written. Normally I wouldn't have said anything but since you're looking for career advice, I thought I'd mention it. I apologize if it sounds harsh.

Edit: If the second paragraph is too subtle, I'm suggesting your writing skills need to be improved. It's important to have both verbal and written skills.

Cheers,
-pablo
--
openSUSE 11.1/.2;KDE/Xfce
ISP: TekSavvy DSL; backhauled via a 6KM wireless link

reply to Zombieman05
As well as the first response I would suggest learning C in addition to python and joining an open source project that interests you.

reply to Zombieman05
I can't provide any solid recommendations for books, but you may want to read some of Bruce Schneier's work to get into a good mindset of how security as a whole is setup. Specifically try Beyond Fear for a fairly consumable text on the subject. He often goes over ways that security can fail which can be surprising.

Interestingly, some university CS courses are teaching things related to pentesting nowadays. If you don't want to do this on your own, going to a suitable college is a great way to have it all fed to you in regular intervals (in exchange for a handsome fee). It takes time though, and if you get bored/frustrated easily is not a particularly fun way to go about your career. It will make you more aware of esoteric stuff though.

However, i've met a lot of competent people who haven't gone this route and it doesn't make as much of a difference as you might think on the ground. I know of a former philosophy major who could beat the living daylights out of most programmers and has published a popular Python book (and works at Google). Success ultimately depends on you.

On programming, sharpening your edge with programming is alright to do with books (a lot of people aren't using Py3k yet so you're ahead of the curve), but often books don't convey as much experience as you think they would.

Find something you'd like to write (even if it is boilerplate), or try to volunteer your time in an open source project if you want to learn programming (you can do this on the side). Read code, and deconstruct projects to see how people set them up (some open source software writers have day jobs as professional software writers). Document (this is a pretty interesting way to navigate into a project since some programmers tend to write extremely high level documentation that nobody can understand).

If you feel that you've struck gold and found your dream project, contribute small at first, and be nice. Make connections (these can easily land you a real, paying job). Absorb enough information that your brain goes boom, and know about esoteric topics, how things fail, etc.

Bigger, more established projects may have politics, smaller shops with one or two contributors can usually help mentor you on your own stuff if you look like you're eager to help with their stuff and don't want to be spoon-fed answers.

Wow this was a very well written response. I thumbed upped devrandom... Sounds like words of wisdom from someone who has been through it.

Geek
--
»www.itsnewtoyou.biz

reply to Zombieman05
Thank you every one for the well written responses. Only reason I'm hesitant about college again, because I've already paid a lot for ITT tech, and don't feel like i have received my monies worth as far as education goes.

Also in this time of economic problems, is it even worth it to invest the time (and large some of money) into getting say a bachelors in cs? I'll be able to afford college here in 3 months, and just trying to get as much information i can from people.

reply to pablo

said by pablo:

---

It's important to have both verbal and written skills.

---

reply to zombieman05
Hi,

I went to the ITT Tech website and I see BS's are offered but not in Computer Science. There's a huge difference between Computer Science and Information Systems.

If possible, get (a) student loan(s) to complete your studies. If you aspire to only live in the IT world, it's not critical to have a BS in CS however I have found it quite helpful. You'll clearly differentiate yourself from the rest of the herd.

btw, I grew up relatively poor. I took out four loans (one per year) to get my University degree. I also had work-study. I've since paid off the loans and I can say it has been one of my best (only? investments!

As for anecdotal accounts of Jill-Developer who doesn't have a degree and now works for the-latest-hottest-company, yes, it does happen. Just like the person who smokes two packs a day and lives to 120.

I've worked with people who are not formally educated. I have found they tax the overall team more as we have to do clean-up in their wake. Almost as bad as those who claim they are multi-taskers. .... but not as.

Cheers,
-pablo
--
openSUSE 11.1/.2;KDE/Xfce
ISP: TekSavvy DSL; backhauled via a 6KM wireless link

reply to BBBanditRuR
Hi,

When I used to hire people, I'd ask for a writing sample. Nothing fancy. A document they've written. Even a few paragraphs.

Also, I'd send them e-mail and ask for `further elaboration' on something `easy' on their resume. I wasn't trying to trick them. I wanted to see their writing style.

Anyone with poor writing skills didn't go further.

Cheers,
-pablo
--
openSUSE 11.1/.2;KDE/Xfce
ISP: TekSavvy DSL; backhauled via a 6KM wireless link

reply to Zombieman05
Well for one, learn C and C++, learn assembly after you have been doing it for awhile.

Python while popular and easy to learn can be your first language; but from what I see. Not much python is used in IT or pentesting; it's all C based. Find yourself a C or C++ open source project. Hardest part of it all is finding the open source project to jump on. I havent really figured this one out so well myself.
»ubuntuforums.org/showthread.php?t=333867

Next goto your local college and get basic network/computer skills and certs. Get your A+ and Net+; but also the more advanced ones of how to setup and manage windows server and win 7 machines. As guess what... those are the ones you'll be attacking most of the time. Dont bother with Computer Science courses. From what I've seen. They will teach you to program in C# or Visual basic or Java or something like that. As frankly... if you want a job as a programmer... that's essentially what you want. Blackberries run java and lots of webbased stuff runs c#(silverlight)/ASP or java. Hopefully I'm wrong about this because seriously it's kind of sad. Also I havent really heard much and mostly take it from friends who are in CS; which also happens to be the worst university ever. That said.. you might be in a similar situation as I am. No schools in the area worth their salt. So dont bother. You can learn how to be a pen tester or work in IT on your own.

Next realize pen testing has never been real; never will. You can hire the top 5 best pen testing teams. Not a single one will come back with the same results as the last one. "Pen Testing" is about simply hacking someone and being ethical about it. Ethical as in... you get paid not to steal their info and everything. AKA not really ethical and bordering on illegal all the time.

Which brings me to the next point. You need experience and friends and a thorough work through on what's legal and what's illegal to do. Infact downloading wireshark in germany is illegal; go to jail, do not pass go, do not collect $200.

Something you can do now... is download backtrack 4. Start using it. Learn how to use the tools. Learn how to hack yourself. Setup a wep and wpa wireless network. Hack it. Setup SSH or VNC servers and brute force them. Learn visually how to secure things. Discover that most actual hacks are done based of stupid people using bad passwords.

But there are levels here.

1. Script kidding who can use the couple tools in backtrack to hack. Most likely cant hold down a job as pen tester.
2. Pen tester who follows OSSTM but cant really contrive to using manual methods.
3. Pen tester who follows the guide. Can go manual; but cant find 0days, cant reverse engineer anything, etc etc. But can do the physical social engineering side.
4. Can use a disassembler, can fuzz, can reverse engineer, can build 0days and use them.

If you can do that last one. Employers will hire private investigators to find you and come to your house to offer you a job. Which is actually a funny story but I digress.

So here's the workout moreso.

You need to learn how programs work. Which is why you want the basics of understanding how windows and linux work; and how the apps work. Then when NMAP pops up and says Port 135 is open. You know it's RPC and what it's function is... and if there might be any network authentication possibilities or not. Then you can crack on a fuzzer or brute forcer or something to attack that port. When you find what you're looking for. If fuzzing perhaps. You might need to know how to disassemble in order to reverse engineer; then you need to code something to run against it.

reply to pablo

said by pablo:

As for anecdotal accounts of Jill-Developer who doesn't have a degree and now works for the-latest-hottest-company, yes, it does happen. Just like the person who smokes two packs a day and lives to 120.

reply to Zombieman05
munky99999 :
I don't know if I would use Bill Gates or Steve Jobs as examples of independent success since their claim to fame seems to have been based more on business successes and luck than technical skills from my observation (although they did have more technical skills than the average person). If I had to pick somebody who was successful without a degree based on technical merit i'd have to choose Woz (although he did finish his EECS at Berkley later on). I should note though that most people who are grand successes typically showed technical abilities early on.

pablo :
Although I believe that having formal training is good (and i've had my fair share), i've met people on the extreme end of the training spectrum -- well educated and knowledgeable on subjects who can drag a team down to mire them in unnecessary technical detail (for a team who already knows what they are doing) or are arrogant to the point of being demoralizing to the team. So it is entirely possible for somebody to simply yank your productivity down even if they have the requisite skill set and communicate well. In lots of cases i've seen these people do terrible things code-wise as well (going into Computer Science doesn't necessarily teach good programming practices).

A degree just educates you to a point. Attitude and communication are key afterwards (and throughout the rest of your career). A whole lot of people have gotten by on the latter two alone in my experience.

In any case, some of the best people i've worked with so far have had degrees in other specializations (or no degree at all), and the one thing i've seen consistent among degree holders and non-holders which make them easy to work with? The ability to work hard, learn more, and look dumb gracefully on occasion.

reply to Zombieman05
Thank you for the information! Thanks everyone who has posted. It's been a large help. My grammatical skills, and writing abilities are way way below standards. I'm more of the math kind, but I have made strides to improve the way i communicate.
Basically you all have mentioned something that has been of interest to me. Only thing I have seen that I have had varying information on, is which programming language to learn first. I've heard several say do C then C++, but then others have said by learning c++ after c you get conflicting information because they route things slightly different. I was going to start with python because I have dabbled in bt4 (and pentoo) and can break my own wep, wpa, wpa2 and have heard several of both distros followers as either starting with python or ruby.
Any thoughts on that subject? I have had 4 years of computer courses (back in highschool) and could easily pass the a+, network+ and with 3-4 days of brushing up the security+ I've just been afraid to spend the money to get the certs, then not be able to find a job (heck even intern for that matter) so i've had it on pause.

reply to devrandom
Hi,

Yah, you're right about having a degree can be a liability. I did write at the beginning that having a theoretical view, balanced with practical know-how is a winning combination!

Cheers,
-pablo
--
openSUSE 11.1/.2;KDE/Xfce
ISP: TekSavvy DSL; backhauled via a 6KM wireless link

reply to Zombieman05

reply to pablo

reply to Zombieman05

reply to bjlockie

reply to pablo