Hi,
I was asked to prepare syllabus for security management,incident
handling,forensics analysis, intrusion detection etc., Th intention
is
train an engineer to become a SECURITY engineer.
we know there are several certifications which are designed for
this
purpose. I want from you with your security experience tell us what
should an BASIC course for security really requires.
If industry wants to recruit an engineer for its security needs
what
type of experience they look for?
Note: Please dont relate my question with any certifications and be
generic.
Thanks for any help,
-Ravi
Ravi,
The list from skill2die4 was exceedingly relevant for a "BASIC course"
in security. (How many of you went down that list thinking to
yourselves, "Yup, know that; yup, know that..."?) All of those "hard"
skills can be taught. As with any professional field, there are many
different roles. Those hard skills may be sufficient for a junior IDS
analyst in a SOC, for instance, or a junior firewall engineer. Such a
course such as you suggest could re-train a network or systems engineer
to become more security-focused and assume one of these roles.
IMHO, I believe there are some "soft" skills that can not be taught in
the classroom, and some that only come with time and experience. Jose
Maria Lopez touched upon this; I feel some expansion upon this topic is
needed.
1) Understand the network and the systems attached to it. Just as you
need to know the basics of network protocols and OS functions (hard
skills), you need to know the normal parameters of operation of the
network that you are protecting. You need to know where are the WAN
connections, and why they are there. You need to know what servers
reside where and what purpose they serve. You need to know what
"normal" traffic is to be expected on the network.
2) Understand the business. Beyond the nuts and bolts of #1, if you
don't understand the business where you work (or the client you serve),
you can't understand how the network and systems are used, and thus you
can't adequately understand the security needs of the organization.
Moreover, you won't be able to perform that fine balancing act among
the business needs, the operational needs, and the security needs of
the organization.
3) Be customer- and service-oriented. Surely a profession that relies
on so much knowledge of bits and bytes at the most detailed level can't
rely on something as touchy-feely as customer skills?, you ask. Ask me
again when you have an angry program manager on the phone who perceives
YOU as the obstacle to his successfully testing a new application that
requires unfettered Internet connectivity. Point #2 looms large here,
and diplomacy, tact and creativity are absolute necessities. With the
right attitude, even sales and marketing will be your friends. ;-)
Not all security jobs will put you face-to-face with everyone from the
CIO (or CEO) to the router engineers to the application coders to the
sysadmins to the sales guy from Kansas City. But I have had jobs where
that has been the case, and find these skills are just as necessary as
my knowledge of PKI or TCP flags.
Jason Baeder
CISSP, GCIA
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
