Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: How to get a job in IT-Security

from [Robinson, Sonja] Network Security [Permanent Link]
Subject: RE: How to get a job in IT-Security
Date: Thu, 20 Apr 2006 16:38:07 -0400 
Yes, you should probably start in the other areas before moving to
InfoSec.  You need to know the what's and how things work before you
start in security. However, you could also start in a junior level
security position in a larger InfoSec dept., i.e. you do password resets
and work in compliance to policies while others design the policies and
architecture.  This is hard to find however.  You need to understand the
basics of "why" you want to secure something and "how" to secure it will
also come.  Read this and other forums.  Pay attention to what people
say here.  There are very good people who answer questions on the list.
You can also start out in audit - but also be aware that audit
recommendations should be 1) achievable 2) actually take into account
the company and environment 3) not be completely ourageous.  Again, you
have to have SOME knowledge before you audit so you can understand what
IT is trying to explain to you, i.e. domain structure, security,
permissions, development, whatever.  Read the hacking exposed books and
actualy try what they say so it clicks.  Test test test

Also, be aware that normally companies hire only a few security people
to do it all (compliance, architecure, authentication, development,
networking, etc), which unfortunately gives rise to Saqib Ali's last
paragraph.  True, I may not have an experise in web app security but web
app people don't have an expertise in os security that I do.  So there
are definatley some issues, and you can't always get the expertise in
every area.  Hopefully, you will have enough coverage within your
InfoSec dept to cover all areas - but that is an ideal world.  Just as I
wished my developers programmed more securel to begin with.  Again,
there are developers and there are secure developers.  (Just an example,
no flaming or knocking intended).


Sonja L. Robinson, CISSP, CIFI, CISA, CISM

Forensic Lab Manager

F T I 

646.453.1283 direct

Sonja.Robinson@fticonsulting.com

 

3 Times Square, 11th Floor

New York, NY 10036

www.fticonsulting.com


-----Original Message-----
From: Saqib Ali [mailto:docbook.xml@gmail.com] 
Sent: Tuesday, April 18, 2006 5:09 PM
To: Alexander.Bolante@gmail.com
Cc: extremwert@gmail.com; security-basics@securityfocus.com;
ilaiy.e@gmail.com; alexander.bolante@gmail.com
Subject: Re: How to get a job in IT-Security

I don't think it will be wise to apply for a security job right after
you graduate. eSecurity is a very wide area, which covers many aspect
e.g. network security, application security, physical security, data
security, desktop security etc.

I would suggest that being a Computer Science major, you get an
application development / design job, and then work your way up to
application / database security position. This will give you experience,
and make your resume more credible. A person who has developed
application is in a better position to understand "secure application
development process" than a person who has never written a piece of
code.

One of the issues that I see with security people is that they don't
have the background in the area of where they are trying to implement
security. Getting a CISSP or similar doesn't give them this experience.

--
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishment.net
-----------
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
-----------

------------------------------------------------------------------------
-
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected.

Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
------------------------------------------------------------------------
--


-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected. 
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no 
obligation. See why so many companies trust Spy Sweeper Enterprise to 
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Failure Audit for Event id 675, ilaiy
Next by Date:  Re: Failure Audit for Event id 675, Philippe De Ryck
Previous by Thread:  Re: How to get a job in IT-Security, Alice Bryson
Next by Thread:  Re: Re: How to get a job in IT-Security, oldgrue
Indexes:  [Date] [Thread] [Top] [All Lists]