Security Evaluation Project

["Donald Gerkin" <dgerki1 () towson edu>]

Greetings to all:

I've been an avid reader of the list for quite sometime now, and I am 
continually impressed by the level of expertise and willingness to help. It 
is now my turn to ask the masses for their opinions and insight.

In a nutshell:

I am in my last semester in an Applied Information Technology program (A MS 
degree). My concentration is Information Security and Assurance. I am a 
detective for the Baltimore (MD) police department. I have a fairly decent 
background as it relates to engineering and technology. My biggest issue is 
that my graduate program isn't very "hands-on." The theory I have learned is 
great, and I truly believe I am 1000 times the security practitioner I ever 
was, but it is in theory. Sit me in front of a unix or linux system and I 
would give you my best dumb look and blank stare. So the hands-on, nitty 
gritty dirty experience is what I sorely lack. I am faithful that it will 
come in time. 

For my project, I chose to perform a security audit of the Baltimore Police 
Department's network security and information infrastructure. It transcends 
nicely away from the traditional for-profit corporation eveluations and even 
has that catchy "homeland security" considerations.

Part of the project will involve physical security evaluations and 
recommendations, policy evaluation, and studying past failures. So far, so 
good for me. I also want to get involved with a moderate amount of pen 
testing, and possible "war-driving" in the traditonal sense to evaluate the 
network, and wireless systems respectively. Not so good for me here... 
Again, in theory I can do it all day, but I am sorely lacking in experience.

So.... what is is that I ask? Advice, links to resources, and even war 
stories from those who may have done this before, regardless of the forum. 
Any help from an email with a ton of links and resources to one telling me I 
am completely out of my mind are truly welcomed! Pardon the long e-mail, and 
feel free to contact me off list! 

Rick, I know you're still lurking out there in this list, so I fully expect 
an e-mail from you nagging me about going to linux!

Thanks to all and regards,

Donald Gerkin
dgerki1 () towson edu

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------