Home page logo

pauldotcom logo PaulDotCom mailing list archives

NIT (Ninja in Training) looking for guidance.
From: jackadaniel at gmail.com (Jack Daniel)
Date: Wed, 13 May 2009 12:55:01 -0400

Let me add a couple of things to the very good suggestions already posted-

When you do land that first "real security" job, do not be surprised
or disheartened if it is not what you expect.  Be aware that even in
the best "security companies" there are plenty of security-clueless
folks (someone has to be in sales, right?).  Learn from the

As others have suggested, play with stuff, build a lab, even just a
few VMs if the budget is really tight. Break things, then fix things.

Also as suggested, network- not only with security groups, but any
relevant technology group.  You said you were going to UMass, we have
a multitude of user and developer groups in Mass.  Check out
bostonusergroups.com for a big honking list and calendar.  And insert
obligatory NAISG plug here- we have chapters that meet in Waltham and
the Conn. River Valley.  Can't afford conferences?  Try the best kind
of social engineering: volunteer to help, for example several people
went to SOURCE Boston for free (in exchange for time, which I know
isn't really free with a young family).

And, blog. Yes, blog. Don't worry if anyone reads your blog, do it to
force yourself to compose coherent ideas and put them in a public
space.  Write about security, your experiences, opinions, whatever.
Effective communication skills will occasionally be more valuable to
you than any technical skill you may have.  Note- Someday, someone may
follow a link to your blog from your digital resume and ask about
something you wrote during an interview- so keep that in mind as you
write.  (I, er Bob, has been put in awkward interview positions by

Good luck,

Jack Daniel, Reluctant CISSP

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]