Re: security engineer skills set for software engineering background



Ken wrote:
For software engineers who want to work in security field, what are the
suggested skills set?

Unlike some other responses you've gotten, I'd think that crypto should
be only 20% or so of what you study. I'd definitely suggest knowledge
of topics like network security, software security, access control,
firewalls, intrusion detection, usable security, and other related topics.

The value of CISSP is hotly debated. For more senior positions, it's
probably worthless. For entry-level positions, it may have some value:
some employers may put some value on it.

Make sure to read Ross Anderson's _Security Engineering_ and Cheswick,
Bellovin, and Rubin's book on Internet firewalls. I think they're two
of the best books out there on applied computer security.

Yes, it would definitely help to have strong C, C++, and/or Java
programming skills, as well as familiarity with security-related
implementation issues. Read Howard and LeBlanc's _Writing Secure Code_
and Viega and McGraw's _Building Secure Software_.
.



Relevant Pages

  • security engineer skills set for software engineering background
    ... For software engineers who want to work in security field, ... the job markets in security software development, ...
    (sci.crypt)
  • Writing Secure Code...
    ... Subject: RE: Microsoft Writing Secure Code ... you're dealing with .NET code, ".NET Framework Security" by LaMacchia, ... attack, your app could end up destroying the contents of some important ...
    (SecProg)
  • RE: "Selling" a code-audit.
    ... [Writing Secure Code] ... You have all sorts of things to worry about: security, ... given before the code is even written, so a secure culture would never ... on almost every single code audit I have participated in I have received ...
    (SecProg)
  • RE: "Selling" a code-audit.
    ... [On-line Security Training] ... CodeRed, Nimda, Writing Secure Code was released ... you have to change culture. ... This could be selling a leading or respected group on reviews. ...
    (SecProg)
  • Re: Passed 70-330!!!!!
    ... I read all of these Microsoft Press books in this ... Writing Secure Code 2nd. ... Security for Visual Basic.Net ... The Implementing Security Training Kit comes with 300 ...
    (microsoft.public.cert.exam.mcad)