Re: Education for Network Security
antispam.1.tyrcadia_at_neverbox.com
Date: 06/14/03
- Previous message: Chuck: "Re: Buy this book..."
- In reply to: Matthew Baran: "Education for Network Security"
- Next in thread: LM: "Re: Education for Network Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 14 Jun 2003 05:49:33 -0400
Matthew Baran <mbaran79@yahoo.com> wrote:
> My name is Matt Baran and I am looking for some advice on education in
> the Network Security/Information Systems Security field. I am hoping
> that someone could possibly shed some light on which is the best way
> for me to go or give me some advice on what they think is most
I guess I have two pieces of advice to share with you, one theoretical,
one practical, and I'll stress the practical one first:
Practical experience can never replace book-garnered knowledge, classroom
work, or college. Educational institutions are just catching up, barely,
to the current needs of the IT field, as we continue to seek out "old
salts" in the industry to take care of the more interesting needs, which
are often niche, and very lucrative to the employee/consultant. While
SANS, GIAC and other make strides in normalizing the security space with
certifications and training, most of my associates are self-taught experts
with years of experience often stretching back to the dawn of the Internet
itself and started in a sector of the IT industry not security-related, or
started in one of the science professions, most often, believe it or not,
physics.
That said, I believe self-instruction is the most powerful tool for
technical education. Just like the painter needs a canvas to explore ideas
and concepts and express themselves, so does the geek. :) As you enter
your desired schooling track or certification track, make sure you have
money set aside to build yourself a home test lab with equipment that will
help you explore topics of network, system, and host security at will,
especially in the middle of the night as you're pounding back that 124th
cup of coffee. :) EBay is a great source for cheap equipment, and current
hardware is rarely needed to replicate a security experience. For learning
network & TCP/IP protocol basics and even advanced subjects, flavors of
UNIX are the way to go - get into it. UNIX-based OS's such as Linux and
the BSD family of operating systems (FreeBSD, OpenBSD, NetBSD, etc.),
Solaris, will enable you to get to the nitty-gritty of networking and
replicate security issues as they relate to modern networking. The
Open-Source style flavors of UNIX don't have a commercial taint to their
networking and security efforts, and as such, can make you, in time, a
"vendor-neutral" security expert, enabling you to competently evaluate new
vendor offerings for a client or company you might work with.
Secondly, theoretical. Security & systems are a process, not a
destination. Discovery, learning, tweaking are all a process. Having a
solid ground in business and evaluating a engagement's needs and matching
that against a budget spend and not forgetting simpler concepts such as
physical security, the human factor of trust and authorization, and
evaluating the organization of a corporate structure are also needed for a
solid security plan / implementation. In an engineering mode, with
clients, I always think of "three" - the plan I'd never implement that's
cheap, the plan that covers most squares, and the optimal solution the
geek in me loves. I debate with business folk for the optimal, believing
I'll get the middle ground. ;)
Welcome to the industry - may the learning experience be rewarding to you!
-----------------------------------------------------------
| |_ _ _ _ __ ___ __ _ __| (_) __ _ Tyrcadia
| __| | | | '__/ __/ _` |/ _` | |/ _` | Von
| |_| |_| | | | (_| (_| | (_| | | (_| | Nettesheim
\__|\__, |_| \___\__,_|\__,_|_|\__,_|
|___/
tyrcadia (AT) [removethis] NOSPAM! tamesis (d0+) CX
-----------------------------------------------------------
GAT d+(dx) s: !a C++++ UBLUAVS*++++ P++ L+++(L-) E---
W+++(W-) N++ o K- w O M+ V PS+ PE Y++ PGP++ t+ 5+ X++ R b+
DI+++ D++ G e* h++ r z+
-----------------------------------------------------------
- Previous message: Chuck: "Re: Buy this book..."
- In reply to: Matthew Baran: "Education for Network Security"
- Next in thread: LM: "Re: Education for Network Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
