Home page logo

pauldotcom logo PaulDotCom mailing list archives

FW: NIT (Ninja in Training) looking for guidance.
From: paul at pauldotcom.com (Paul Asadoorian)
Date: Thu, 14 May 2009 14:28:38 -0400

Excellent advice Michael!  It closely mirrors a post that will be up
next week on this topic.  I've summarized much of what has been posted
here and added my own experiences.

Bonus: remember I said I took a picture of my computers to an interview?
 I found the pic and its in the blog post ;)

Post should drop Monday, I link to this archive thread as a reference,
and hopefully we can encourage a whole new generation of grasshoppers :)



Michael Dickey wrote:
Lots of great suggestions already! I am inclined to say that you stick
to your BS studies, even if it is not focused. I know it is not
absolutely necessary, but it certainly does help and should repay you
back over time.
Some more rapidfire suggestions:
1. Get Security+ cert. It's not a glamorous cert, but it's an entry
level, inexpensive one that will get your feet wet. If you listen to
Pauldotcom regularly, you should be able to grasp the concepts and pass.
2. If you get a chance, pick up a job as a systems admin or network
admin. The background is extremely helpful and will add to your
experience. If you get a chance to work as a security intern, analyst,
or tag-along with a pen testing or auditing crew, consider yourself
really lucky for that opp!
3. Read, read, read. Read blogs, read mailing lists, participate as
necessary, and as much as not being afraid to work, don't be afraid to
ask questions, even those that sound stupid and basic. Few security
geeks know every technology field well enough to not sound stupid in
something at some point. Get used to it early. :)
4. Build your own network and start playing with tools. While I
shouldn't openly condone being a nuisance on open wireless networks, I
can't condemn someone for poking around them as well. Run some scans, do
some probing/sniffing, see what you can read/decode. Practical
experience effort should equal your reading time, eventually. Explore
BackTrack 3/4. If you read about neat tools, set aside the time to try
them out, even superficially. (A very hard thing for me, personally.)
5. When you get more confident in what you're doing, check out the OSCP
courses. They mix videos with reading with practical work. It's not
overly expensive and the money winds up in good hands. Consider it a
donation to BackTrack. :) I know some of the material in OSCP will be a
bit deeper like exploit coding and debugging, but consider it a
necessary challenge and learning opportunity. Mubix has mentioned (and I
agreee) that this may not get you a job in itself, it still demonstrates
desire and should expand your skills.
6. Combine the suggestions for being a volunteer with going to
conventions: Volunteer to help set up Shmoocon or other cons in your
area, if any. Find out if there is a local hackerspace or infragard
group and poke your head in. Few activities in security seem to be as
positive as working with other people and sharing ideas. Even just IRC
if you have the free time.
7. As Jack Daniel suggested, blog. Not for readers, but for yourself.
This gives others a digital "face" to see you and what you're into. It
gives you a personal sounding board to practice writing and organizing
thoughts. And it gives you a way to document what you do so you can
refer to it later on. "Now, how did I always set that server up...?"
Documentation is a key concept in IT, and is oft-missed.
8. As early as possible, think about learning a programming language,
especially if you have any background in coding or your courses include
anything like computer science "lite." If you don't know what to code,
play with Metasploit or even find some challenges online. Hopefully
Microsoft scripting does their annual "games" again and include Perl or
something newer (Python, Ruby). At the very least, learning some coding,
even if it is "just" Perl is not a bad thing.
Good luck!
www.terminal23.net <http://www.terminal23.net/>

    To: pauldotcom at mail.pauldotcom.com
    <mailto:pauldotcom at mail.pauldotcom.com>
    Subject: [Pauldotcom] NIT (Ninja in Training) looking for guidance.

    Dear PaulDotCom community,

    I am young (at heart, not in body) aspiring Security Professional.  I
    am currently in a blue collar job (good job just not my passion) and I
    am wanting to work my way into the Information Security career space.
    I am looking for a little advice and guidance in my first steps.  I
    was a silly youth and didn't make my way through college (I have a
    handful of credits).  Since dropping out I have grown a little family,
    wife and 16 month old daughter, so my choices are guided by that a lot
    (both money and time commitment wise).  Currently I am enrolled in an
    online B.S. in Information Technology degree from University of
    Massachusetts though I am finding the $300 plus a credit hour (about
    6k a year on my current plan), the time in which it will take to
    complete (about 5 years at 2 classes every semester), and the lack of
    focus to the information security field disheartening and making me
    re-evaluating my choice.  While I don't mind devoting time and money I
    would prefer to do it toward something more relevant and focused to
    where I want to be.
    I know that I will want take classes from SANS in time but I do not
    feel that I have the fundamentals yet.  I also almost religiously
    listen to PaulDotCom Security Weekly.

    So I am hoping that you all will grace me with your earned wisdom and
    give me a few nudges in the right direction so I don't waist too much
    time and money.
    I'm looking for advice on mainly on what are the best building blocks
    to develop a solid foundation for my Ninja skills.  Any programs,
    certs, classes, books, websites, podcasts, video tutorials that you
    can think of would be appreciated.

    In advance, thank you for your time, energies and knowledge.

    Nick G
    Your friendly UPS man (though hopefully not for long)

    ~All healing is self healing.~

    P.S.- I feel so newbie and I know doubt will receive some RTFB / RTFM
    and GIF (Google it Fool) but I'll live through the embarrassment.


Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
Main Web Site: http://pauldotcom.com

Paul Asadoorian
PaulDotCom Enterprises
Web: http://pauldotcom.com
Phone: 401.829.9552

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]