Re: security engineer skills set for software engineering background
- From: daw@xxxxxxxxxxxxxxxxxxxxxxxx (David Wagner)
- Date: Thu, 18 Jan 2007 17:59:58 +0000 (UTC)
For software engineers who want to work in security field, what are the
suggested skills set?
Unlike some other responses you've gotten, I'd think that crypto should
be only 20% or so of what you study. I'd definitely suggest knowledge
of topics like network security, software security, access control,
firewalls, intrusion detection, usable security, and other related topics.
The value of CISSP is hotly debated. For more senior positions, it's
probably worthless. For entry-level positions, it may have some value:
some employers may put some value on it.
Make sure to read Ross Anderson's _Security Engineering_ and Cheswick,
Bellovin, and Rubin's book on Internet firewalls. I think they're two
of the best books out there on applied computer security.
Yes, it would definitely help to have strong C, C++, and/or Java
programming skills, as well as familiarity with security-related
implementation issues. Read Howard and LeBlanc's _Writing Secure Code_
and Viega and McGraw's _Building Secure Software_.
- Prev by Date: Re: Random oracles
- Next by Date: Re: security engineer skills set for software engineering background
- Previous by thread: Re: security engineer skills set for software engineering background
- Next by thread: Re: security engineer skills set for software engineering background