Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

focus-ids logo IDS mailing list archives

RE: [in] what is required for an engineer to become an SECURITY engineer
From: "Curt Purdy" <purdy () tecman com>
Date: Fri, 24 Dec 2004 20:22:09 -0600
Ravi Kumar wrote:

  I was asked to prepare syllabus for security 
management,incident handling,forensics analysis, intrusion 
detection etc., Th intention is train an engineer to become a 
SECURITY engineer.

   we know there are several certifications which are 
designed for this purpose. I want from you with your security 
experience tell us what should an BASIC course for security 
really requires.

<snip>

IMHO, I don't believe you can actually teach infosec.  The field is so broad
and so deep it requires many years of experience in the field before you can
learn and understand enough to call yourself an infosec engineer.  I am and
I have the grey hair to prove it ;) 

You must be able to do everything from build a tcp packet from scratch to
hardening a Linux SQL Server cluster to auditing a network to designing and
deploying a wireless WAN.  Any one of those can be taught but you don't have
enough time to teach everything.

Therefore, you will want to teach concepts, like least privilege and
security policies, along with a modicum of hands-on technical examples like
building a Snort server and running Nessus.  As for how academia looks at
this, I will soon know when I begin my masters program in infosec at Capella
next week.  If anyone is interested, I will report back to the list after I
get a feel for it.

Curt Purdy CISSP, GSEC, CNE, MCSE+I, CCDA
Information Security Engineer 
DP Solutions

-----------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]