_ One must invest the time to learn the technical skills involved in attacking

and defending computer systems and networks. rtIt is also necessary to find a
mentor and practice, practice, and practice some more
_ First and most importantly, you must have a desire and a passion to understand
how things work. You have to become someone that wants to understand how a
particular computer system functions
once you figure it out, determine if the workings of that system can be used in
ways that the original designers did not intend. In my opinion this is the essence
of being a “hacker” and you need to always be in this mindset
_ In InfoSec you need to learn base technical skills that are then used to
understand a system and determine how an attacker could potentially take
advantage of it.
_ InfoSec Basic Building Blocks:-Operating Systems-Networking-Programming
# The first foundation is to understand how operating systems work. You will want
to learn both Linux and Windows.
Linux because of the tools available and flexibility. Windows because when you
land that awesome IT security job the majority of the computers in
the organization will be most likely be Windows based
# The next key building block is learning networking, specifically TCP/IP, the
underlying protocol used for nearly all Internet communication.
Depending on your level of knowledge, you should start out with a general concept
book, such as Network + type training material. Next move on to more advanced
material like TCP/IP Illustrated. Knowing TCP/IP is critical – almost everything you
deal with will interface with it. Cisco path certificate
# Finally, you will need to know scripting and programming to some degree. Your
level of exposure to programming concepts will determine what you do here.
the easiest to get started with is probably Python. Knowing bash scripting in Linux
will also be very helpful.
# Also, create a Twitter account and go follow a bunch of folks in the security
community. You will learn about things days and weeks before the information hits
news sites. You will see sites and blog posts that you would have never found by
just searching the Internet. And even if you just mostly lurk, you will become part
of a community that will help you along in your quest for new skills and be a good
first step to find someone that will help mentor you.

# Realize that this will not be a one-week training course you sign up and pay for,
this is a life-long endeavor. Once you get further down the road, just like different
styles of kung fu, you will learn that there are subsets to IT Security that you can
further specialize in such as forensics, malware analysis, intrusion detection, or
penetration testing (and more) and each have their own detailed body of
knowledge. It is an exciting journey that will be life changing and rewarding. You
will learn new things all of the time, build upon those, and gain the hacking kung fu
skills necessary to obtain and excel in an information security career.

#1 – Get experience
If you are already employed, align yourself with the department or group that is
handling security for your organization. Either transfer into that department, or
offer to help with a project and let the key people know that you are interested in
gaining InfoSec experience. Making it known that information security was an
interest of yourself.
For people not currently employed, or working in an organization without a security
program, Kris recommends volunteering.
Many small businesses or non-profits cannot afford security tools and internal
awareness programs, or may not have the know-how to do it.
Obviously, companies may be reluctant to turn their internal systems over to a
stranger, but you might start by offering them cyber safety tips and suggestions.
Work your professional network to see if there are any opportunities for you to
volunteer your security knowledge to gain experience that you can proudly put on
a résumé.
#2 - Take control of your self-learning
Be the change you want to see in your InfoSec career, and be motivated to learn.
Do what is best for your budget and time schedule, but as Micah likes to
emphasize, just keep learning.
• The CompTIA Network+ and CompTIA Security+ certifications have been
recommended to me as good starting points for newbies in InfoSec.
• If free MOOCs, Cybrary, EdX, and Udemy, MIT courseware

#3 - Join a group
#4 - Set goals
Goal-setting is your action plan for your InfoSec career. Whether you write them
down, saved them as notes on your computer, or simply hold them in your head,
know your professional goals and work towards them.
"Set daily, monthly, and long-term goals and dreams. Don't ever be afraid to dream
too big. Nothing is impossible. If you believe in yourself, you can achieve it."
#5 - Contribute to an open source project
Have you met OWASP, the free and open security community? The Open Web
Application Security Project is a worldwide non-profit dedicated to improving the
security of software. By helping them with their efforts, you’ll be honing your own
skills and potentially, gaining useful skills and contacts.
#6 - Participate at conferences
If you already have some InfoSec knowledge to share, get involved with a
conference! Answer those calls for proposals/calls for papers and get out there in
front of the community to put your skills on display. Not sure if you are qualified to
present? Let the conference submission reviewers decide that for you. Put yourself
out there. Consider a rejected CFP as an opportunity to improve.
If you don’t yet have enough expertise to present on a topic, then be an active
participant. Live Tweet, ask questions of presenters, or have conversations with
vendors.
#7 – Check out blogging and podcasting
Much like #6 and #10, there are ways for you contribute to the information
security community while learning more for your own personal edification in the
process.
• Be a supplier of information by writing blog posts on InfoSec forums like Peerlyst
about events or conferences you’ve attended.
• Be a consumer of information the community puts out.
• You can’t mention security blogs without acknowledging Krebs on Security and
Schneier on Security. Find more blogs to follow at the Security Bloggers Network.
#8 – Volunteer
If you haven’t yet attended a security or hacker conference, you need to know that
many of those are organized by a tireless group of volunteers. Gatherings like
BSides, DEF CON, and ShmooCon are the result of the blood, sweat, and tears of
your fellow InfoSec professionals who care so much about our community that
they give up their free time to make amazing events for us all. Many of the same
principles of
#9 - Ask for feedback
Whether you are fortunate enough to have an InfoSec mentor or are just
connected to some experienced industry professionals through social media,
asking for feedback is a great way to selfcheck your goals (see #4) or get a different
perspective on your journey (see #11.)
#11 - Track your progress
This goes hand-in-hand with the goal setting in #4. As Micah explained this point
during his talk, “Success isn’t how far you got, but the distance you traveled from
where you started.” Remember that this is a journey. Think back. Was there a time
when you didn’t know what DDoS meant? Are you now able to talk about it
without effort—and maybe even explain it to someone? You’re on your way, baby.
No matter how you choose to actually track it, be mindful of how far you are
getting as compared to your starting point. As @jessysaurusrex Tweets every
Friday, celebrate even your weekly wins. Every win is progress towards your goals.
Every failure is just an opportunity for learning.
#12 – Do some professional networking via social media
Learn what to do when you have stacks of business cards, not stacks of protocols.
Once you join a group (#3) or start attending, presenting, or volunteering at
conferences (#6 & #8), you’ll begin growing your professional network of
information security contacts.
• First, decide which social media platforms you wish to use, and what professional
identity (branding) you want to create. Many InfoSec professionals choose to have
a layer of anonymity and are known by a handle. Figure out how you want to be
known, and on what channels you’d like to be contacted. Stay consistent so you
don’t confuse people, or let communications fall through the cracks.
• Peerlyst is a great place to start, since it’s a forum specifically targeted to the
InfoSec community. You can go there to introduce yourself, ask and answer
questions, join discussions, research security products and topics, post blogs, and
start building a reputation for expertise (or at least enthusiasm) in your particular
areas of interest.
• LinkedIn is the most common way to have a professional social media
relationship with someone. That’s the purpose of that outlet, which allows you to
follow or join groups, in addition to following or connecting with an individual. •
Twitter is a real-time and active way to see what discussions are going on in the
information security world. Twitter Lists are a great way to keep track of people in
the industry. A good way to follow new people, and to get new followers as well, is
to live Tweet from conferences. Follow a conference hashtag to see who is
expressing interesting—or funny—thoughts.
• There are other ways to engage with an online community of information
security professionals. Some are more formal than others. Determine the level of
engagement you’d like to have, and then maintain it. In my June 2016
presentation, “Cultivate Your Network Like a Garden,” I talked about how you need
to keep professional network connections healthy and thriving by keeping in touch
with people. Tend to your network like you would a plant: too much or too little
attention will make for an unhealthy plant.
#13 - Surround yourself with smart, motivated people
Following steps #1 through #12 will help you achieve this. As you advance on your
journey, you will find friends, classmates, colleagues, or co-workers in information
security that will challenge, inspire, and motivate you. People are a very big part of
your InfoSec professional development. Embrace soft skills like people networking
in order to learn more and help your career.

Security Administrator

Although job descriptions vary widely, you will likely be responsible for installing,
administering and troubleshooting your organization’s security solutions. In control
of making sure the system as a whole is running properly. In this role, you are
responsible for updating the system, resolving issues, and setting up any new
users.
1. Responsibility

Depending on the scope of your responsibilities, you could be asked to:

 Defend systems against unauthorized access, modification and/or destruction
 Perform vulnerability and networking scanning assessments
 Monitor network traffic for unusual activity
 Configure and support security tools such as firewalls, anti-virus software, patch
management systems, etc.
 Implement network security policies, application security, access control and
corporate data safeguards
 Analyze and establish security requirements for your networks
 Train fellow employees in security awareness and procedures
 Develop and update business continuity and disaster recovery protocols
 Conduct security audits and make policy recommendations
 Provide technical security advice

2. Hard Skills
Bone up on security fundamentals. In its survey of administrator job descriptions,
IT-Pathways found that employers are looking for technical skills such as:

 Knowledge of common L4-L7 protocols such as SSL, HTTP, DNS, SMTP and IPSec
 Strong understanding of firewall technologies
 Juniper/Cisco/Checkpoint
 Packet Shaper, Load Balancer and Proxy Server knowledge
 Intermediate to expert IDS/IPS knowledge

But this is just the start. You’ll also need a deep understanding of:

 TCP/IP, computer networking, routing and switching

 Network protocols and packet analysis tools
 Windows, UNIX and Linux operating systems
 Firewall and intrusion detection/prevention protocols
 As always, check with your professors, colleagues and employers to see what
hard skills are a “must have” for the job/field you are interested in.

3. Soft Skills
Work on honing soft skills such as teaching, writing and communication. Part of
your job will involve drafting security policies and training less technically-savvy
colleagues in security procedures. Clearer explanations = less pain and frustration.
4. Certification
Security certifications look good on résumés, but they’re not always necessary for
entry-level positions – check the job requirements. In addition, some of these
certifications (e.g. CISSP) require a number of years of experience:
Security+: CompTIA’s popular base-level security certification
CCNA: Cisco Certified Network Associate – Routing and Switching
ECSA: EC-Council Certified Security Analyst
CISSP: Certified Information Systems Security Professional
CISM: Certified Information Security Manager

Network Administrator

A network administrator is responsible for maintaining any technological systems

or networks that an organization might make use of. To become a network
administrator, you will need specialized training and education in the computer
and information science fields. Learn more about what this position requires and
start working towards your goals.
1. Soft Skills

 Systems analysis, critical thinking, reading comprehension, and complex

problem solving are all required.
 You will need to have the ability for both inductive and deductive reasoning,
understanding verbal instruction, and understanding information ordering
concepts.
 A network administrator will regularly interact with computers, gather
information, solve problems, and effectively communication with co-workers.
 Troubleshooting
 Communication skills
 Organizational skills
 Problem solving
 Planning
 Research
 Customer service
 Project management
 Patience

2. Hard Skills

 System administration
 LINUX
 System & network configuration
 Technical support
 Software installation
 UNIX
 Cisco
 Firewalls
 Network management software,
 configuration management software,
 virus protection software, and
 network security and
 monitoring software; experience working with cable verifiers, hard disk arrays,
network analyzers, and server load balancers

3. Certification

 Red Hat Certified Engineer

 Microsoft Certified Solutions Expert
 Cisco Certified Network Professional
 Cisco Certified Internetwork Expert
 CompTIA's Network+

System Administrator

1. Responsibility

Typical job responsibilities for a systems administrator include:

 Maintaining and administering computer networks including computer

hardware, systems software, and applications software.
 Performing data backups and handling all disaster recovery operations.
 Diagnosing, troubleshooting, and resolving hardware, software, or other
network and system problems, and replacing defective components when
necessary.
 Planning and maintaining security measures to protect data, software, and
hardware.
 Configuring, monitoring, and maintaining email applications or virus protection
software.
 Monitoring the performance of computer systems and networks.
 Coordinating computer network access and use.
 Designing, configuring, and testing computer hardware, networking software
and operating system software.
 Conferring with network users about how to solve existing system problems
and training new computer system users.
 Implementing and providing technical support for voice services and
equipment, including unified communications systems, if applicable

2. Certificates

Systems administrators also need certifications in the various products that

organizations use. Common certifications desired for systems administers include:

 Microsoft Certified Solutions Expert (MCSE) certification

 LPIC-1 Certified Linux Administrator certification
 Red Hat Certified System Administrator (RHCSA)
 CompTIA Server+ certification
 IBM Certified Systems Administrator
 Oracle Administration certification
 VCP6-DCV (VMware)**

3. Hard Skills
Technical Skills Needed for Systems Administrators
Systems administrators must have a strong background in computers, electronics,
and mathematics. They also need a strong background in management principles,
including: strategic planning, resource allocation, and coordination of people and
resources.

Systems administrators must be familiar with many technologies in order to be

proficient. Here are some common technologies utilized in systems and network
administration:

 Data base management system software such as Apache Hadoop, Apache

Hive, MySQL, and NoSQL
 Development environment software such as Microsoft.NET Framework,
Ruby, and Apache Maven
 ERP software such as Microsoft Dynamics GP, Oracle Fusion Applications,
Oracle PeopleSoft applications, SAP Business Objects
 Network monitoring software such as Nagios and Wireshark
 Web platform development software such as Apache Struts, JavaScript,
Node.js, and Hypertext markup language HTML

4. Soft Skills

Personal Skills and Characteristics Needed for Systems Administrators

Because systems administrators are the go-source when network problems arise,
one of the most critical personal skills needed in this profession is the ability to
remain calm under pressure. Good communication skills are also vital, as part of
the job of a systems administrator is to educate network users about how to
effectively and safely operate network equipment.

Additional skills needed are:

 Critical thinking skills

 Strong problem solving skills
  Active listening skills
 Good time management
 Good judgment and decision making ability
 Social perceptiveness
 Strong reading and oral comprehension

Professional Organizations for Systems Administrators:

TechRepublic provides this handy list of professional organization for systems

administrators, network administrators, IT administrators, and network engineers:
 Association for Computing Machinery (ACM)
 Association of Information Technology Professionals (AITP)
 Association of Shareware Professionals (ASP)
 Association for Women in Computing (AWC)
 BDPA (Black Data Processing Associates)
 Computer Professionals for Social Responsibility (CPSR)
 Institute of Electrical and Electronics Engineers (IEEE) Computer Society
 Network Professional Association (NPA)
 Society for Technical Communication (STC)
 Washington Alliance of Technology Workers (WashTech)
 Women in Technology (WIT)
 National Association of Programmers

Top Companies and Locations for Systems Administrators:

In reality, systems administrators are needed in any organization that uses
computers and networks. However, some of the top paying companies and
locations for systems administrators are:
 Apple in San Jose, CA
 Dell Systems in Austin, TX
 Wistar Institute in Philadelphia, PA
 Act Medical Group Systems in San Diego, CA, San Francisco, CA, Washington,
DC and Fort Worth, TX
 Arch Nautilus LLC in San Francisco, CA and Washington, DC