Re: Career Choice
From: Michael Booxbaum Sardinas (michael.sardinas_at_worldlearning.org)
Date: Thu, 10 Mar 2005 11:11:58 -0500 To: Richard Kirk <email@example.com>
Definately take the advice given so far. The one piece I have not heard
yet is to run your own server somewhere seperate from work. If you can
get a box hosted somewhere, I would recommend that.
I am not an expert in the field, but I do have a personal server located
off my work network. Because it is not behind a firewall (aside from
iptables) I get to see all kinds of very interesting network traffic.
Exploring all the log entries, and what causes them is a real good intro
into network security.
Besides, the fear of having your own box hacked because it is on the
front lines is a real motivator to hone your security skills. And if
you do get hacked, you can even hone your forensic skills!
just my $0.02
-- "Why shouldn't we give our teachers a license to obtain software, all software, any software, for nothing? Does anyone demand a licensing fee, each time a child is taught the alphabet?" -- William Gibson. // Michael Booxbaum Sardinas Student Computing Specialist Educational Technology World Learning (802)258-3513 firstname.lastname@example.org \\ Richard Kirk wrote: > Britton, Forbes, Fuhriman: > > I am currently a low-level admin assistant (not security related but I > have been asked for suggestions). I have known since before I started > my major that it would be years after I graduate that I would actually > get a position that titled me as Computer Forensic Specialist. I also > plan on taking some "specialist" courses outside of my current school > (TBD) and even possible get my Masters. My dream job would be to work > with FBI/CIA/NSA. I have even talked with people from each to get an > understanding of what they are looking for but the gentleman from NSA > (who has been doing security for them for years) was the only one that > was helpful the others did not know because they where recruiters or > representatives. I know that "personal/work" experience is the best > and knowing someone is the best way to go. > > Thank You Forbes for the offer as an Intern; you are correct I'm not > located near you. > > David: > I have been getting more into this and have set up my own "lab > environment" to hack and secure my systems. The more I look into this > I see that everything (vulnerabilities, flaws) are based off the > programming. Using already created tools is fine but I want to know > "how" that X virus abused Y vulnerability and that lies within the > code (right?) As far as making a website, I'm actually currently > working on this. I believe it will act as a great resume reference to > show my knowledge, skills, and even the experience alone, as far as > securing it (on my own server). I have a lot of thoughts on this > about setting up a honeypot (honestly, I don't know if that is a good > idea without a dedicated connection just for that...so this will > probably be put off). When it comes to "design" I lack the skills to > make unique logos and "visual" style (the organization is simple) If > you have any suggestion on how I can increase the "visual" aspect of > my future website please feel free to share. > > Kleiman: > Your suggestion is great! I never gave consideration to looking into > local law enforcement or state attorney offices for additional > experience and idea of what skills are needed. I will defiantly look > into this option now. > > > > > On Tue, 8 Mar 2005 22:11:53 -0500, dave kleiman <email@example.com> wrote: > >>Richard, >> >>One thing you can definitely do if your goal is Forensics. Find your Local >>Sheriff's / Police department that has Computer Crimes Unit and volunteer >>your free time. >>Trust me they can use the help, most of them have a work load that is beyond >>belief. Almost all PD and SO's have volunteer programs. It will give you >>the opportunity to see the skill sets you will need. You will of course be >>limited to what you are allowed to be involved in, but experience is >>experience, I volunteer 100-200 hours a year to my local Sheriff's and >>States Attorneys office and it is as much a benefit for me as it is for >>them. >> >>Regards, >>___________________________________________________ >>Dave Kleiman, CIFI, CISM, CISSP, ISSAP, ISSMP, MCSE >>www.SecurityBreachResponse.com >>www.ComputerForensicInvestigations.com >> >> >>-----Original Message----- >>From: Joseph Forbes [mailto:firstname.lastname@example.org] >>Sent: Tuesday, March 08, 2005 20:19 >>To: Britton, Jeff B. >>Cc: email@example.com >>Subject: Re: Career Choice >> >>Kirk, >> >> I will second Britton's thoughts on what will be needed of you once you >>graduate from school. I can also admit that it is true that the two options >>available to you are real. Either have a very nice resume that shows that >>you have spent your time wise, and well during school within the security >>field. OR know someone within the field to give you the heads up on a >>opening within the job market, or company needing administrators. I have >>been in corporate scale network solutions for over five years, and I am just >>now finishing up my Bachlers degree in Network Security. Of course I have >>been a fortunate person within my teens to already be involved with >>technology. I started young, and I have a resume to show for it. >> >> If your not already working for a company as a "lowly" tech, then I >>suggest to get your feet wet and get into it. Course, if your already in a >>high paying job, and making the choice to expand your horizon, then stick >>with your job, however start volunteering for anything technical/network >>related. >> >> If your in San Antonio (which I would bet not) then I can offer a Intern >>position... just follow the signature. >> >>On Tue, 8 Mar 2005 13:11:42 -0500, Britton, Jeff B. >><JBBritton@lmus.leggmason.com> wrote: >> >>>I've been in security for appx 2 years now, and I can't begin to tell >>>you how much programming experience helps. An overall programming >>>language class is critical - to understand the building blocks of all >>>languages, both sequential and object oriented. >>> >>>Not only do you become capable of automating many parts of your job >>>(which in turn saves time and $$...something every manager likes to >>>see) but you are also able to get a much better handle on specific >>>vulnerabilies/expoits and how they directly affect whatever you are >> >>investigating. >> >>>Be very careful when you get into MIS or CIS... I was a COSC major and >>>can tell you that CIS and MIS are much broader degree's, and for lack >>>of a better term, much easier than COSC or similar. If you want to >>>break into the security industry right out of school, you'll probably >>>need one of two things... >>>1. A darn impressive resume >>>2. An inside contact to get you a job >>> >>>Best of luck. >>> >>> >>>-----Original Message----- >>>From: Richard Kirk [mailto:firstname.lastname@example.org] >>>Sent: Tuesday, March 08, 2005 8:10 AM >>>To: email@example.com >>>Subject: Career Choice >>> >>>I am currently a student at DeVry University studding Network >>>Communications Management. My true concentration is in security >>>forensics. >>> >>>In any case the more I looking into vulnerabilities and network flaws >>>the issues come from within the programming of the >>>application/protocol etc. and most assaults use multiple programming >>>languages to execute these attacks. >>> >>>I have two questions, the first is should I be learning how to >>>program? My current studies have only one programming language course >>>(Intro to Java). Second, will the Bachelors degree I'm getting help me >>>get into the field I'm looking for or should I change my major to >>>something else such as MIS or CIS? >>> >>>Thank You for your time >>>Best Regards >>> >>>IMPORTANT: The security of electronic mail sent through the Internet >>>is not guaranteed. Legg Mason therefore recommends that you do not >>>send confidential information to us via electronic mail, including >>>social security numbers, account numbers, and personal identification >> >>numbers. >> >>>Delivery, and timely delivery, of electronic mail is also not >>>guaranteed. Legg Mason therefore recommends that you do not send >>>time-sensitive or action-oriented messages to us via electronic mail, >>>including authorization to "buy" or "sell" a security or instructions >>>to conduct any other financial transaction. Such requests, orders or >>>instructions will not be processed until Legg Mason can confirm your >>>instructions or obtain appropriate written documentation where necessary. >>> >>> >> >>-- >>Joseph Forbes "Don't Forget to Salt the Fries!" >>Network Security Administrator >>SwapNEtwork eXtreme, Inc. >>firstname.lastname@example.org (email@example.com) cell 210.834.3450 fax >>775.415.9280 >> >>