mailing list archives
Re: Where to Start?
From: krymson () gmail com
Date: Fri, 19 Feb 2010 10:22:45 -0700
Wow, first of all, great question. Second, consider yourself very blessed to have a 4-year degree that will focus
(hopefully well) into security. In my 5 years for my degree (12 years ago) I didn't even have my first real networking
class until my last semester, let alone any sort of degree even getting close to being geared towards security (major
Here are some ideas I can throw out on a Friday afternoon...
- Get yourself a part-time job or internship at a security firm of some sort. Any type of practical experience really
is the key. Even if you're just the gopher running canned scans or copy-editing reports.
- Do some soul-searching on what you like and dislike. Do you have any interest in code? Reversing? Malware? Network
forensics? Log forensics? Implementing secure networks? Just hone in on what's cool and not cool to you, just so you
don't have to find out 5 years later and be an unhappy security geek.
- If the security-related part-time job or internship doesn't pan out, at least get some tech-related gig, even just
phone/desktop support. I also firmly believe that good security geeks also have some practical IT experience in
networking or support or systems or something. Don't discount data center/ISP NOC work during the midnight hours.
- If you aren't deathly afraid of coding, try to pick up some scripting or coding experience, such as Perl, Python,
Ruby, C++, vbscript/powershell. Don't shy away from coding even if you're a networking guy; a poor man's configuration
integrity monitoring and config backup process can be scripted yourself! RegEx exposure helps, too.
- If you aren't deathly afraid of web coding or web app security, get yourself a web site of some measure and start
have to become a guru, but it really helps to have at least the basic exposure. Go through some tools like Webgoat or
the OWASP stuff.
- Start watching and reading network traffic, even if it is just your own. The more you get used to something like
tcpdump and Wireshark (and the filtering and decoding) the quicker and deeper you can dive into security questions and
- Drop yourself into the world of Linux as much as you can. Windows is typically easy (and cheap with student
discounts!), but Linux tends to need some extra effort put into it to really get it. The sooner the better.
- If you've dropped into Linux (or even not!) and started learning some web coding or regular coding/scripting, it
should come naturally to start standing up your own servers and services like Apache, Squid, OSSEC, Snort, Nessus,
MySQL, mail, whatever. As with other things, don't shy away from plugging away at standing those up.
- Any chance you get, pick up leftover/free/cheap networking gear for you to play around with. Even if you have to
borrow from your school networking guys. I think we all have cabinets and closets full of junk, some useful and some
not as useful as we thought they'd be...
A lot of these tips are really to help you down the road to not be scared of various technologies. There are security
pros and IT pros who limit themselves because they don't explore the world outside their Windows GUI tools.
Experience and exposure are valuable!
<- snip ->
Hello I'm currently attending school for a 4 year degree in cyber defense,only in my first year. Im curious as to what
things i should start with as a Security/network Newcomer. I'm currently working on Net + right now in school, but what
other things should i focus on other than protocols, topologies, etc. Any suggestions or advice will be much
appreciated. Thank You.
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
- Where to Start? moran6891 (Feb 18)
- <Possible follow-ups>
- Re: Where to Start? krymson (Feb 20)