Re: Question for information security professionals

From: Grunt (
Date: 01/23/04

Date: 23 Jan 2004 20:16:21 GMT

"MT" <> seems to think in

> I have been a software developer (mainly C++, Java, Perl and Oracle)
> for the last eight years now and I am interested in taking my career
> down a different but related technical path. Anyway to get straight to
> the point: could anyone please tell me what discipline Information
> Security falls under. I know very little about it at this point but
> would like to learn more. Is it something that a developer like myself
> could transition into or is it more of a network engineer or systems
> administration field? Or is it perhaps a little of each?
> Could anyone post some links or refer some books that could get me
> started?
> I was looking at the CISSP program hoping that it would be a good
> start, and also hoping that certification would aid me in making the
> career switch, but it seems that this program is designed for someone
> that already has 3-4 years of professional information security
> experience under their belt. Are there any other information security
> certification programs that a beginner like myself could use as a
> guide to get started?

You have more specific knowlege about programming and operating systems
than perhaps the average IT admin, but there is much to know about
networking and its security issues that you probably have no background in.

Have you looked into any of the myriad books on the subject?

These can give you a survey of the field.

I like Hacking Exposed by McClure et. al.

Look for a later edition. Information gets out of date quickly in this

Also, you should know about SANS ( which will provide you with
an educational base, and a many sources of current info and practice.

It is a vast field. Start reading.

-- ipgrunt