At 12:58 PM 4/27/2007, you wrote:
Nathalie,
Be patient.
Get the real world experience - there's no substitute for it.
Do it at work and do it in your own time.
Setup your own home-network and play with it.
Thanks for the reply. I completely agree, but getting real world
experience is the problem - I'm too new to actually get a job in any
field of IT security.
And since I'm going to spend time studying on my own, I'd like to
have something to show for it at the same time at least (i.e. - a
degree, or certification)
I'd really love some advice on this...
I don't have a bachelors degree. I see quite a few job offers that
require one. I only did one year of University (10 years ago) in
Marketing. Would doing night classes in a University program (or
online program) relating to IT be helpful? I've seen some a degree
'Information Systems Security' that may be interesting. It would be
expensive and take a long time to finish part-time. I'm not sure if
I'm better off with certifications or a bachelors degree (academic
and real-world is also very different I believe)
I am working for a web hosting company right now as a Level I Systems
Administrator, so my position is not really giving much security
experience (only a little here and there as it pertains to some
security issues or abuse issues.). My employer will not pay for
certifications, so I'm on my own there.
I'm starting to play around with VMWare as a way of putting together
a virtual network at home. I already have a home network (home
network, I emphasize). Linksys Cable/DSL router, a couple of hubs,
and a wireless router. It's not really real world as I don't have a
static IP, so I'm using port forwarding on the router to send certain
traffic to my Linux box. My other PCs are Windows. Soon I will
probably set up an old laptop I have as a firewall for the network,
that will be good experience.
Security is a large area. Find a field that you consider interesting
and one that you feel you have an aptitude for - seek to become an
expert in it. Whether it is securing applications, Crypto, Firewalls
and Networks, Pen-testing... the list goes on and on. Try to keep
abrest of the other domains and technology, but remain focused on your
core strengths.
I'm still trying to determine what my focus should be. I'm not a
programmer at all, not very good in math either if that helps you
make any suggestions.
I am interested in pen-testing, IDS/firewalls, server security
(preventing hackers, etc.).
I am considering perhaps studying for the CEH (Certified Ethical
Hacker), mostly because it's seems very interesting, and it is some
type of security-related certification.
Any thoughts, suggestions, and feedback based on the information I
provided would be much appreciated.
Thanks
Nathalie
Basically, don't get a certification for the sake of it. The people
that are hiring you (unless you plan to become just another number in
a HR system) should be more interested in what you've done and what
you can do. If the employer is more interested in the certification
than in your actual experience and knowledge, then they aren't worth
working for (IMHO).
Good luck,
ys
On 26/04/07, Nathalie Vaiser, RFC, FMM <nat@ultraservice.com> wrote:
Hi guys,
What would be recommend for someone who is fairly new to the IT-world
and has a strong interest in security?
The CISSP requires 4 or 5 years of related work experience.
Would Security+ be recommended in that case? Or is there another suggestion?
Thanks
Nathalie
--
Yousef Syed
"To ask a question is to show ignorance; not to ask a question, means
you remain ignorant" - Japanese Proverb
