RE: Security Job Tracks?

["Dave Dyer" <ddyer () ciber com>]

Personally, I think the normal IT route goes something like this:

1.  Help Desk/Hardware
2.  Desktop Support
3.  Sys Admin/App Support
4.  Management
5.  Death (smiling, hopefully)

Oversimplified, sure, but you get the idea.  Myself, I followed this route
to IT security:

1.  PC Hardware (building computers)
2.  Desktop Support/Sys Admin
3.  Availability Management (Outage Management/Incident Response)
4.  IT Project Management/ Software Development
5.  IT Security
6.  Enlightenment

I'm still a little behind on software development, and it's my current area
of focus.  I think that application security is a much-overlooked section of
security, from PSP's to the actual code itself.  I'd suggest staying strong
in that if you can.  Hope that helps.

-----Original Message-----
From: Ben Stewart [mailto:stewarbd () gmail com] 
Sent: Thursday, July 08, 2004 6:15 PM
To: security-basics () securityfocus com
Subject: Security Job Tracks?

While hoping that this message is appropriate, and that others like me
are reading this, I am asking a small favor of all of the "experts"
and 'professionals" here.  As of late, with my graduation just a few
months away, I am experiencing a bit of anxiety.  I have been reading
books, writing code, etc...for a number of years, not really thinking
about what I am going to do with all of this information.  Alas, I
have reached a point where I must look for that first real job.  To
all of you looking back at this experience and the path to your
present job, where dud you start out and what kind of jobs and
opportunities did you look for?  It seems like a majority of the
security jobs are left to people with several years of experience, and
rightly so, but where does one begin to obtain this experience in
order to move up the ladder?

Also, there are so many topics in the security arena.  All of them
seem to be interrelated in one way or another, but there is so much
information.  I am quite interested in the majority of them, but
obviously cannot be an expert on them all.  How does one narrow down
the topics and focus on the few that will either carry the most weight
while looking for employment or provide the most benefit to a young
security amateur like myself?

Thank you for any assistance 

-BEN

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------