Re: Career Choice

• Previous message: Artie Motamed: "AD security"
• In reply to: Richard Kirk: "Re: Career Choice"
• Next in thread: Richard Kirk: "Re: Career Choice"
• Reply: Richard Kirk: "Re: Career Choice"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 10 Mar 2005 11:11:58 -0500
To: Richard Kirk <saviente@gmail.com>

Richard:

Definately take the advice given so far. The one piece I have not heard
yet is to run your own server somewhere seperate from work. If you can
get a box hosted somewhere, I would recommend that.

I am not an expert in the field, but I do have a personal server located
off my work network. Because it is not behind a firewall (aside from
iptables) I get to see all kinds of very interesting network traffic.
Exploring all the log entries, and what causes them is a real good intro
into network security.

Besides, the fear of having your own box hacked because it is on the
front lines is a real motivator to hone your security skills. And if
you do get hacked, you can even hone your forensic skills!

just my $0.02

Michael.

-- 
"Why shouldn't we give our teachers a license to obtain software, all 
software, any software, for nothing? Does anyone demand a licensing fee, 
each time a child is taught the alphabet?" -- William Gibson.
//
Michael Booxbaum Sardinas
Student Computing Specialist
Educational Technology
World Learning
(802)258-3513
michael.sardinas@worldlearning.org
\\
Richard Kirk wrote:
> Britton, Forbes, Fuhriman: 
> 
> I am currently a low-level admin assistant (not security related but I
> have been asked for suggestions).  I have known since before I started
> my major that it would be years after I graduate that I would actually
> get a position that titled me as Computer Forensic Specialist.  I also
> plan on taking some "specialist"  courses outside of my current school
> (TBD) and even possible get my Masters.  My dream job would be to work
> with FBI/CIA/NSA.  I have even talked with people from each to get an
> understanding of what they are looking for but the gentleman from NSA
> (who has been doing security for them for years) was the only one that
> was helpful the others did not know because they where recruiters or
> representatives.  I know that "personal/work" experience is the best
> and knowing someone is the best way to go.
> 
> Thank You Forbes for the offer as an Intern; you are correct I'm not
> located near you.
> 
> David:
> I have been getting more into this and have set up my own "lab
> environment" to hack and secure my systems.  The more I look into this
> I see that everything (vulnerabilities, flaws) are based off the
> programming.  Using already created tools is fine but I want to know
> "how" that X virus abused Y vulnerability and that lies within the
> code (right?)  As far as making a website, I'm actually currently
> working on this.  I believe it will act as a great resume reference to
> show my knowledge, skills, and even the experience alone, as far as
> securing it (on my own server).  I have a lot of thoughts on this
> about setting up a honeypot (honestly, I don't know if that is a good
> idea without a dedicated connection just for that...so this will
> probably be put off).  When it comes to "design" I lack the skills to
> make unique logos and "visual" style (the organization is simple) If
> you have any suggestion on how I can increase the "visual" aspect of
> my future website please feel free to share.
> 
> Kleiman:
> Your suggestion is great!  I never gave consideration to looking into
> local law enforcement or state attorney offices for additional
> experience and idea of what skills are needed.  I will defiantly look
> into this option now.
> 
> 
> 
> 
> On Tue, 8 Mar 2005 22:11:53 -0500, dave kleiman <dave@isecureu.com> wrote:
> 
>>Richard,
>>
>>One thing you can definitely do if your goal is Forensics. Find your Local
>>Sheriff's / Police department that has Computer Crimes Unit and volunteer
>>your free time.
>>Trust me they can use the help, most of them have a work load that is beyond
>>belief. Almost all PD and SO's have volunteer programs.  It will give you
>>the opportunity to see the skill sets you will need. You will of course be
>>limited to what you are allowed to be involved in, but experience is
>>experience, I volunteer 100-200 hours a year to my local Sheriff's and
>>States Attorneys office and it is as much a benefit for me as it is for
>>them.
>>
>>Regards,
>>___________________________________________________
>>Dave Kleiman, CIFI, CISM, CISSP, ISSAP, ISSMP, MCSE
>>www.SecurityBreachResponse.com
>>www.ComputerForensicInvestigations.com
>>
>>
>>-----Original Message-----
>>From: Joseph Forbes [mailto:jftitan@gmail.com]
>>Sent: Tuesday, March 08, 2005 20:19
>>To: Britton, Jeff B.
>>Cc: security-basics@securityfocus.com
>>Subject: Re: Career Choice
>>
>>Kirk,
>>
>>  I will second Britton's thoughts on what will be needed of you once you
>>graduate from school. I can also admit that it is true that the two options
>>available to you are real. Either have a very nice resume that shows that
>>you have spent your time wise, and well during school within the security
>>field. OR know someone within the field to give you the heads up on a
>>opening within the job market, or company needing administrators.  I have
>>been in corporate scale network solutions for over five years, and I am just
>>now finishing up my Bachlers degree in Network Security.  Of course I have
>>been a fortunate person within my teens to already be involved with
>>technology.  I started young, and I have a resume to show for it.
>>
>>  If your not already working for a company as a "lowly" tech, then I
>>suggest to get your feet wet and get into it. Course, if your already in a
>>high paying job, and making the choice to expand your horizon, then stick
>>with your job, however start volunteering for anything technical/network
>>related.
>>
>>  If your in San Antonio (which I would bet not) then I can offer a Intern
>>position...  just follow the signature.
>>
>>On Tue, 8 Mar 2005 13:11:42 -0500, Britton, Jeff B.
>><JBBritton@lmus.leggmason.com> wrote:
>>
>>>I've been in security for appx 2 years now, and I can't begin to tell
>>>you how much programming experience helps.  An overall programming
>>>language class is critical - to understand the building blocks of all
>>>languages, both sequential and object oriented.
>>>
>>>Not only do you become capable of automating many parts of your job
>>>(which in turn saves time and $$...something every manager likes to
>>>see) but you are also able to get a much better handle on specific
>>>vulnerabilies/expoits and how they directly affect whatever you are
>>
>>investigating.
>>
>>>Be very careful when you get into MIS or CIS... I was a COSC major and
>>>can tell you that CIS and MIS are much broader degree's, and for lack
>>>of a better term, much easier than COSC or similar.  If you want to
>>>break into the security industry right out of school, you'll probably
>>>need one of two things...
>>>1. A darn impressive resume
>>>2. An inside contact to get you a job
>>>
>>>Best of luck.
>>>
>>>
>>>-----Original Message-----
>>>From: Richard Kirk [mailto:saviente@gmail.com]
>>>Sent: Tuesday, March 08, 2005 8:10 AM
>>>To: security-basics@securityfocus.com
>>>Subject: Career Choice
>>>
>>>I am currently a student at DeVry University studding Network
>>>Communications Management. My true concentration is in security
>>>forensics.
>>>
>>>In any case the more I looking into vulnerabilities and network flaws
>>>the issues come from within the programming of the
>>>application/protocol etc. and most assaults use multiple programming
>>>languages to execute these attacks.
>>>
>>>I have two questions, the first is should I be learning how to
>>>program? My current studies have only one programming language course
>>>(Intro to Java). Second, will the Bachelors degree I'm getting help me
>>>get into the field I'm looking for or should I change my major to
>>>something else such as MIS or CIS?
>>>
>>>Thank You for your time
>>>Best Regards
>>>
>>>IMPORTANT:  The security of electronic mail  sent through the Internet
>>>is not guaranteed.  Legg Mason therefore recommends that you do not
>>>send confidential information to us via electronic mail, including
>>>social security numbers, account numbers, and personal identification
>>
>>numbers.
>>
>>>Delivery, and timely delivery, of electronic mail is also not
>>>guaranteed.  Legg Mason therefore recommends that you do not send
>>>time-sensitive or action-oriented messages to us via electronic mail,
>>>including authorization to  "buy" or "sell" a security or instructions
>>>to conduct any other financial transaction.  Such requests, orders or
>>>instructions will not be processed until Legg Mason can confirm your
>>>instructions or obtain appropriate written documentation where necessary.
>>>
>>>
>>
>>--
>>Joseph Forbes  "Don't Forget to Salt the Fries!"
>>Network Security Administrator
>>SwapNEtwork eXtreme, Inc.
>>jftitan@satx.rr.com (jftitan@swapnetx.com) cell 210.834.3450 fax
>>775.415.9280
>>
>>

• Previous message: Artie Motamed: "AD security"
• In reply to: Richard Kirk: "Re: Career Choice"
• Next in thread: Richard Kirk: "Re: Career Choice"
• Reply: Richard Kirk: "Re: Career Choice"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]