Professional Documents
Culture Documents
and defending computer systems and networks. rtIt is also necessary to find a
mentor and practice, practice, and practice some more
_ First and most importantly, you must have a desire and a passion to understand
how things work. You have to become someone that wants to understand how a
particular computer system functions
once you figure it out, determine if the workings of that system can be used in
ways that the original designers did not intend. In my opinion this is the essence
of being a “hacker” and you need to always be in this mindset
_ In InfoSec you need to learn base technical skills that are then used to
understand a system and determine how an attacker could potentially take
advantage of it.
_ InfoSec Basic Building Blocks:-Operating Systems-Networking-Programming
# The first foundation is to understand how operating systems work. You will want
to learn both Linux and Windows.
Linux because of the tools available and flexibility. Windows because when you
land that awesome IT security job the majority of the computers in
the organization will be most likely be Windows based
# The next key building block is learning networking, specifically TCP/IP, the
underlying protocol used for nearly all Internet communication.
Depending on your level of knowledge, you should start out with a general concept
book, such as Network + type training material. Next move on to more advanced
material like TCP/IP Illustrated. Knowing TCP/IP is critical – almost everything you
deal with will interface with it. Cisco path certificate
# Finally, you will need to know scripting and programming to some degree. Your
level of exposure to programming concepts will determine what you do here.
the easiest to get started with is probably Python. Knowing bash scripting in Linux
will also be very helpful.
# Also, create a Twitter account and go follow a bunch of folks in the security
community. You will learn about things days and weeks before the information hits
news sites. You will see sites and blog posts that you would have never found by
just searching the Internet. And even if you just mostly lurk, you will become part
of a community that will help you along in your quest for new skills and be a good
first step to find someone that will help mentor you.
# Realize that this will not be a one-week training course you sign up and pay for,
this is a life-long endeavor. Once you get further down the road, just like different
styles of kung fu, you will learn that there are subsets to IT Security that you can
further specialize in such as forensics, malware analysis, intrusion detection, or
penetration testing (and more) and each have their own detailed body of
knowledge. It is an exciting journey that will be life changing and rewarding. You
will learn new things all of the time, build upon those, and gain the hacking kung fu
skills necessary to obtain and excel in an information security career.
#1 – Get experience
If you are already employed, align yourself with the department or group that is
handling security for your organization. Either transfer into that department, or
offer to help with a project and let the key people know that you are interested in
gaining InfoSec experience. Making it known that information security was an
interest of yourself.
For people not currently employed, or working in an organization without a security
program, Kris recommends volunteering.
Many small businesses or non-profits cannot afford security tools and internal
awareness programs, or may not have the know-how to do it.
Obviously, companies may be reluctant to turn their internal systems over to a
stranger, but you might start by offering them cyber safety tips and suggestions.
Work your professional network to see if there are any opportunities for you to
volunteer your security knowledge to gain experience that you can proudly put on
a résumé.
#2 - Take control of your self-learning
Be the change you want to see in your InfoSec career, and be motivated to learn.
Do what is best for your budget and time schedule, but as Micah likes to
emphasize, just keep learning.
• The CompTIA Network+ and CompTIA Security+ certifications have been
recommended to me as good starting points for newbies in InfoSec.
• If free MOOCs, Cybrary, EdX, and Udemy, MIT courseware
#3 - Join a group
#4 - Set goals
Goal-setting is your action plan for your InfoSec career. Whether you write them
down, saved them as notes on your computer, or simply hold them in your head,
know your professional goals and work towards them.
"Set daily, monthly, and long-term goals and dreams. Don't ever be afraid to dream
too big. Nothing is impossible. If you believe in yourself, you can achieve it."
#5 - Contribute to an open source project
Have you met OWASP, the free and open security community? The Open Web
Application Security Project is a worldwide non-profit dedicated to improving the
security of software. By helping them with their efforts, you’ll be honing your own
skills and potentially, gaining useful skills and contacts.
#6 - Participate at conferences
If you already have some InfoSec knowledge to share, get involved with a
conference! Answer those calls for proposals/calls for papers and get out there in
front of the community to put your skills on display. Not sure if you are qualified to
present? Let the conference submission reviewers decide that for you. Put yourself
out there. Consider a rejected CFP as an opportunity to improve.
If you don’t yet have enough expertise to present on a topic, then be an active
participant. Live Tweet, ask questions of presenters, or have conversations with
vendors.
#7 – Check out blogging and podcasting
Much like #6 and #10, there are ways for you contribute to the information
security community while learning more for your own personal edification in the
process.
• Be a supplier of information by writing blog posts on InfoSec forums like Peerlyst
about events or conferences you’ve attended.
• Be a consumer of information the community puts out.
• You can’t mention security blogs without acknowledging Krebs on Security and
Schneier on Security. Find more blogs to follow at the Security Bloggers Network.
#8 – Volunteer
If you haven’t yet attended a security or hacker conference, you need to know that
many of those are organized by a tireless group of volunteers. Gatherings like
BSides, DEF CON, and ShmooCon are the result of the blood, sweat, and tears of
your fellow InfoSec professionals who care so much about our community that
they give up their free time to make amazing events for us all. Many of the same
principles of
#9 - Ask for feedback
Whether you are fortunate enough to have an InfoSec mentor or are just
connected to some experienced industry professionals through social media,
asking for feedback is a great way to selfcheck your goals (see #4) or get a different
perspective on your journey (see #11.)
#11 - Track your progress
This goes hand-in-hand with the goal setting in #4. As Micah explained this point
during his talk, “Success isn’t how far you got, but the distance you traveled from
where you started.” Remember that this is a journey. Think back. Was there a time
when you didn’t know what DDoS meant? Are you now able to talk about it
without effort—and maybe even explain it to someone? You’re on your way, baby.
No matter how you choose to actually track it, be mindful of how far you are
getting as compared to your starting point. As @jessysaurusrex Tweets every
Friday, celebrate even your weekly wins. Every win is progress towards your goals.
Every failure is just an opportunity for learning.
#12 – Do some professional networking via social media
Learn what to do when you have stacks of business cards, not stacks of protocols.
Once you join a group (#3) or start attending, presenting, or volunteering at
conferences (#6 & #8), you’ll begin growing your professional network of
information security contacts.
• First, decide which social media platforms you wish to use, and what professional
identity (branding) you want to create. Many InfoSec professionals choose to have
a layer of anonymity and are known by a handle. Figure out how you want to be
known, and on what channels you’d like to be contacted. Stay consistent so you
don’t confuse people, or let communications fall through the cracks.
• Peerlyst is a great place to start, since it’s a forum specifically targeted to the
InfoSec community. You can go there to introduce yourself, ask and answer
questions, join discussions, research security products and topics, post blogs, and
start building a reputation for expertise (or at least enthusiasm) in your particular
areas of interest.
• LinkedIn is the most common way to have a professional social media
relationship with someone. That’s the purpose of that outlet, which allows you to
follow or join groups, in addition to following or connecting with an individual. •
Twitter is a real-time and active way to see what discussions are going on in the
information security world. Twitter Lists are a great way to keep track of people in
the industry. A good way to follow new people, and to get new followers as well, is
to live Tweet from conferences. Follow a conference hashtag to see who is
expressing interesting—or funny—thoughts.
• There are other ways to engage with an online community of information
security professionals. Some are more formal than others. Determine the level of
engagement you’d like to have, and then maintain it. In my June 2016
presentation, “Cultivate Your Network Like a Garden,” I talked about how you need
to keep professional network connections healthy and thriving by keeping in touch
with people. Tend to your network like you would a plant: too much or too little
attention will make for an unhealthy plant.
#13 - Surround yourself with smart, motivated people
Following steps #1 through #12 will help you achieve this. As you advance on your
journey, you will find friends, classmates, colleagues, or co-workers in information
security that will challenge, inspire, and motivate you. People are a very big part of
your InfoSec professional development. Embrace soft skills like people networking
in order to learn more and help your career.
Security Administrator
Although job descriptions vary widely, you will likely be responsible for installing,
administering and troubleshooting your organization’s security solutions. In control
of making sure the system as a whole is running properly. In this role, you are
responsible for updating the system, resolving issues, and setting up any new
users.
1. Responsibility
2. Hard Skills
Bone up on security fundamentals. In its survey of administrator job descriptions,
IT-Pathways found that employers are looking for technical skills such as:
Knowledge of common L4-L7 protocols such as SSL, HTTP, DNS, SMTP and IPSec
Strong understanding of firewall technologies
Juniper/Cisco/Checkpoint
Packet Shaper, Load Balancer and Proxy Server knowledge
Intermediate to expert IDS/IPS knowledge
But this is just the start. You’ll also need a deep understanding of:
3. Soft Skills
Work on honing soft skills such as teaching, writing and communication. Part of
your job will involve drafting security policies and training less technically-savvy
colleagues in security procedures. Clearer explanations = less pain and frustration.
4. Certification
Security certifications look good on résumés, but they’re not always necessary for
entry-level positions – check the job requirements. In addition, some of these
certifications (e.g. CISSP) require a number of years of experience:
Security+: CompTIA’s popular base-level security certification
CCNA: Cisco Certified Network Associate – Routing and Switching
ECSA: EC-Council Certified Security Analyst
CISSP: Certified Information Systems Security Professional
CISM: Certified Information Security Manager
Network Administrator
2. Hard Skills
System administration
LINUX
System & network configuration
Technical support
Software installation
UNIX
Cisco
Firewalls
Network management software,
configuration management software,
virus protection software, and
network security and
monitoring software; experience working with cable verifiers, hard disk arrays,
network analyzers, and server load balancers
3. Certification
System Administrator
1. Responsibility
2. Certificates
3. Hard Skills
Technical Skills Needed for Systems Administrators
Systems administrators must have a strong background in computers, electronics,
and mathematics. They also need a strong background in management principles,
including: strategic planning, resource allocation, and coordination of people and
resources.
4. Soft Skills