Re: Career Choice

From: Michael Booxbaum Sardinas (michael.sardinas_at_worldlearning.org)
Date: 03/10/05

  • Next message: Richard Kirk: "Re: Career Choice"
    Date: Thu, 10 Mar 2005 11:11:58 -0500
    To: Richard Kirk <saviente@gmail.com>
    
    

    Richard:

    Definately take the advice given so far. The one piece I have not heard
    yet is to run your own server somewhere seperate from work. If you can
    get a box hosted somewhere, I would recommend that.

    I am not an expert in the field, but I do have a personal server located
    off my work network. Because it is not behind a firewall (aside from
    iptables) I get to see all kinds of very interesting network traffic.
    Exploring all the log entries, and what causes them is a real good intro
    into network security.

    Besides, the fear of having your own box hacked because it is on the
    front lines is a real motivator to hone your security skills. And if
    you do get hacked, you can even hone your forensic skills!

    just my $0.02

    Michael.

    -- 
    "Why shouldn't we give our teachers a license to obtain software, all 
    software, any software, for nothing? Does anyone demand a licensing fee, 
    each time a child is taught the alphabet?" -- William Gibson.
    //
    Michael Booxbaum Sardinas
    Student Computing Specialist
    Educational Technology
    World Learning
    (802)258-3513
    michael.sardinas@worldlearning.org
    \\
    Richard Kirk wrote:
    > Britton, Forbes, Fuhriman: 
    > 
    > I am currently a low-level admin assistant (not security related but I
    > have been asked for suggestions).  I have known since before I started
    > my major that it would be years after I graduate that I would actually
    > get a position that titled me as Computer Forensic Specialist.  I also
    > plan on taking some "specialist"  courses outside of my current school
    > (TBD) and even possible get my Masters.  My dream job would be to work
    > with FBI/CIA/NSA.  I have even talked with people from each to get an
    > understanding of what they are looking for but the gentleman from NSA
    > (who has been doing security for them for years) was the only one that
    > was helpful the others did not know because they where recruiters or
    > representatives.  I know that "personal/work" experience is the best
    > and knowing someone is the best way to go.
    > 
    > Thank You Forbes for the offer as an Intern; you are correct I'm not
    > located near you.
    > 
    > David:
    > I have been getting more into this and have set up my own "lab
    > environment" to hack and secure my systems.  The more I look into this
    > I see that everything (vulnerabilities, flaws) are based off the
    > programming.  Using already created tools is fine but I want to know
    > "how" that X virus abused Y vulnerability and that lies within the
    > code (right?)  As far as making a website, I'm actually currently
    > working on this.  I believe it will act as a great resume reference to
    > show my knowledge, skills, and even the experience alone, as far as
    > securing it (on my own server).  I have a lot of thoughts on this
    > about setting up a honeypot (honestly, I don't know if that is a good
    > idea without a dedicated connection just for that...so this will
    > probably be put off).  When it comes to "design" I lack the skills to
    > make unique logos and "visual" style (the organization is simple) If
    > you have any suggestion on how I can increase the "visual" aspect of
    > my future website please feel free to share.
    > 
    > Kleiman:
    > Your suggestion is great!  I never gave consideration to looking into
    > local law enforcement or state attorney offices for additional
    > experience and idea of what skills are needed.  I will defiantly look
    > into this option now.
    > 
    > 
    > 
    > 
    > On Tue, 8 Mar 2005 22:11:53 -0500, dave kleiman <dave@isecureu.com> wrote:
    > 
    >>Richard,
    >>
    >>One thing you can definitely do if your goal is Forensics. Find your Local
    >>Sheriff's / Police department that has Computer Crimes Unit and volunteer
    >>your free time.
    >>Trust me they can use the help, most of them have a work load that is beyond
    >>belief. Almost all PD and SO's have volunteer programs.  It will give you
    >>the opportunity to see the skill sets you will need. You will of course be
    >>limited to what you are allowed to be involved in, but experience is
    >>experience, I volunteer 100-200 hours a year to my local Sheriff's and
    >>States Attorneys office and it is as much a benefit for me as it is for
    >>them.
    >>
    >>Regards,
    >>___________________________________________________
    >>Dave Kleiman, CIFI, CISM, CISSP, ISSAP, ISSMP, MCSE
    >>www.SecurityBreachResponse.com
    >>www.ComputerForensicInvestigations.com
    >>
    >>
    >>-----Original Message-----
    >>From: Joseph Forbes [mailto:jftitan@gmail.com]
    >>Sent: Tuesday, March 08, 2005 20:19
    >>To: Britton, Jeff B.
    >>Cc: security-basics@securityfocus.com
    >>Subject: Re: Career Choice
    >>
    >>Kirk,
    >>
    >>  I will second Britton's thoughts on what will be needed of you once you
    >>graduate from school. I can also admit that it is true that the two options
    >>available to you are real. Either have a very nice resume that shows that
    >>you have spent your time wise, and well during school within the security
    >>field. OR know someone within the field to give you the heads up on a
    >>opening within the job market, or company needing administrators.  I have
    >>been in corporate scale network solutions for over five years, and I am just
    >>now finishing up my Bachlers degree in Network Security.  Of course I have
    >>been a fortunate person within my teens to already be involved with
    >>technology.  I started young, and I have a resume to show for it.
    >>
    >>  If your not already working for a company as a "lowly" tech, then I
    >>suggest to get your feet wet and get into it. Course, if your already in a
    >>high paying job, and making the choice to expand your horizon, then stick
    >>with your job, however start volunteering for anything technical/network
    >>related.
    >>
    >>  If your in San Antonio (which I would bet not) then I can offer a Intern
    >>position...  just follow the signature.
    >>
    >>On Tue, 8 Mar 2005 13:11:42 -0500, Britton, Jeff B.
    >><JBBritton@lmus.leggmason.com> wrote:
    >>
    >>>I've been in security for appx 2 years now, and I can't begin to tell
    >>>you how much programming experience helps.  An overall programming
    >>>language class is critical - to understand the building blocks of all
    >>>languages, both sequential and object oriented.
    >>>
    >>>Not only do you become capable of automating many parts of your job
    >>>(which in turn saves time and $$...something every manager likes to
    >>>see) but you are also able to get a much better handle on specific
    >>>vulnerabilies/expoits and how they directly affect whatever you are
    >>
    >>investigating.
    >>
    >>>Be very careful when you get into MIS or CIS... I was a COSC major and
    >>>can tell you that CIS and MIS are much broader degree's, and for lack
    >>>of a better term, much easier than COSC or similar.  If you want to
    >>>break into the security industry right out of school, you'll probably
    >>>need one of two things...
    >>>1. A darn impressive resume
    >>>2. An inside contact to get you a job
    >>>
    >>>Best of luck.
    >>>
    >>>
    >>>-----Original Message-----
    >>>From: Richard Kirk [mailto:saviente@gmail.com]
    >>>Sent: Tuesday, March 08, 2005 8:10 AM
    >>>To: security-basics@securityfocus.com
    >>>Subject: Career Choice
    >>>
    >>>I am currently a student at DeVry University studding Network
    >>>Communications Management. My true concentration is in security
    >>>forensics.
    >>>
    >>>In any case the more I looking into vulnerabilities and network flaws
    >>>the issues come from within the programming of the
    >>>application/protocol etc. and most assaults use multiple programming
    >>>languages to execute these attacks.
    >>>
    >>>I have two questions, the first is should I be learning how to
    >>>program? My current studies have only one programming language course
    >>>(Intro to Java). Second, will the Bachelors degree I'm getting help me
    >>>get into the field I'm looking for or should I change my major to
    >>>something else such as MIS or CIS?
    >>>
    >>>Thank You for your time
    >>>Best Regards
    >>>
    >>>IMPORTANT:  The security of electronic mail  sent through the Internet
    >>>is not guaranteed.  Legg Mason therefore recommends that you do not
    >>>send confidential information to us via electronic mail, including
    >>>social security numbers, account numbers, and personal identification
    >>
    >>numbers.
    >>
    >>>Delivery, and timely delivery, of electronic mail is also not
    >>>guaranteed.  Legg Mason therefore recommends that you do not send
    >>>time-sensitive or action-oriented messages to us via electronic mail,
    >>>including authorization to  "buy" or "sell" a security or instructions
    >>>to conduct any other financial transaction.  Such requests, orders or
    >>>instructions will not be processed until Legg Mason can confirm your
    >>>instructions or obtain appropriate written documentation where necessary.
    >>>
    >>>
    >>
    >>--
    >>Joseph Forbes  "Don't Forget to Salt the Fries!"
    >>Network Security Administrator
    >>SwapNEtwork eXtreme, Inc.
    >>jftitan@satx.rr.com (jftitan@swapnetx.com) cell 210.834.3450 fax
    >>775.415.9280
    >>
    >>
    

  • Next message: Richard Kirk: "Re: Career Choice"

    Relevant Pages

    • Re: Career Choice
      ... you graduate from school. ... Bachlers degree in Network Security. ... > how much programming experience helps. ...
      (Security-Basics)
    • Re: Career Choice
      ... > I am currently a student at DeVry University studding Network ... > forensics. ... > application/protocol etc. and most assaults use multiple programming ... site scripting) is a must in any security function. ...
      (Security-Basics)
    • Re: On the topic of religion: Church of Registry vs. The INIonist
      ... I have only been programming ... My main issue with .Net is that I need to learn so much about security. ... I create an application in .Net and install it on a network share I have to ... This is good for security reasons, ...
      (microsoft.public.vb.general.discussion)
    • Re: Career Choice
      ... I am currently a low-level admin assistant (not security related but I ... Almost all PD and SO's have volunteer programs. ... > now finishing up my Bachlers degree in Network Security. ... >> you how much programming experience helps. ...
      (Security-Basics)
    • RE: TCP/IP skills
      ... knowledge of the network layer are needed for specific job-duties. ... security specialists as normally falling into one of the following ... non-technical controls than on anything having to do with TCP/IP ... Network skills ...
      (Pen-Test)