want to enter security field

amolchaudhariamolchaudhari Member Posts: 3 ■□□□□□□□□□
Hello All,
Sorry if i am asking something really stupid or already asked... (My first post icon_smile.gif )
i have done my bachelors degree in computer engineering and now working on EJBs, XSL, Javascript from last 7 months. (I got my first job in ay 2005)
i am very much interested in security. but dont know where to start with?
can anyone suggest me some path to progressively get in the security field?
i mean what kind of certifications will be helpful for me?
Thanks in advance!!

Comments

  • WebmasterWebmaster Admin Posts: 10,292 Admin
    'the security field' is a huge field with many different disciplines and areas. Before you decided on which certification path you want to follow, you should have some idea in which area of information security you want a career.

    Following are some examples IT sec cert paths. Note that these are merely examples, you don't have to follow a path entirely, and you can mix it with other security and general IT certs:

    System and network security:
    Security+ --> MCSA:Security --> MCSE:Security --> CCSA/CCSE

    Network security:
    Security+ --> CCNA --> CCSP
    Security+ --> CCNA --> CCSP --> CCIE:Security

    Ethical hacker/penetration tester/auditor:
    Security+ --> MCSA:Security/CCNA --> CEH
    Security+ --> CEH

    Forensics Investigator
    - CHFI
    - GIAC Certified Forensics Analyst (GCFA)

    All sorts of general and less general security disciplines:
    ISC2 Associate --> SSCP --> CISSP
    SANS GIAC www.giac.org/certifications/roadmap.php

    As you probably noticed, I recommend Security+ for starters (and if you don't have a good foundation in basic network technologies, go for Network+ first). Again, the above are merely examples, and the list is not complete. Besides finding out what area(s) you are most interested in, you should check what is in demand in you region.

    Good luck with your decision!
  • xeviousxevious Member Posts: 59 ■■□□□□□□□□
    You have a great start as a developer, so I would also suggest focusing on writing secure code as a profession. I'm not sure what kind of security programming certs are out there; however, just having the skill set on a resume is very attractive.
  • keatronkeatron Member Posts: 1,213 ■■■■■■□□□□
    xevious wrote:
    You have a great start as a developer, so I would also suggest focusing on writing secure code as a profession. I'm not sure what kind of security programming certs are out there; however, just having the skill set on a resume is very attractive.

    Yes, and it will become more valuable as you get more experience. Most CISSP's I know come from a network and systems security background. Application Security folks are hard to come by these days.
  • amolchaudhariamolchaudhari Member Posts: 3 ■□□□□□□□□□
    Hello All,
    Thanks for your prompt replies.
    but by "focussing on writing secure code" what do you mean?
    can any one elaborate on this? and can u suggest some good links to get me a brief overview?
    i am planning to take BrainBench's internet security certification to start with. its a bit easy and cheap too. i think this will give me some insights of the other certifications.
    what are ur opinions?
    thanks a lot!!
  • 2lazybutsmart2lazybutsmart Member Posts: 1,119
    but by "focussing on writing secure code" what do you mean?
    can any one elaborate on this? and can u suggest some good links to get me a brief overview?

    secure code, to me, means code that doesn't have backdoors. Little slip-throughs that might enable the bad guys to get the upper hand. I don't know the objectives of the CISSP exam, but I suppose any "information security" certification would focus on how to deal with those backdoors in applications.

    If you've done funny things with pointers, you'll get my point.
    2lbs.
    Exquisite as a lily, illustrious as a full moon,
    Magnanimous as the ocean, persistent as time.
  • youchoniumyouchonium Member Posts: 13 ■□□□□□□□□□
    I would also look at writing code that has proper bounds checking (eliminating any buffer overflow exploits).
  • xeviousxevious Member Posts: 59 ■■□□□□□□□□
    If you plan on being a developer, learn techniques to write code in a secured fashion. i.e. storing/retrieving from databases using encryption.

    have a look at a M$ press book called 'writing secure code' as a start. I'm sure there's stuff out there for java, xml, etc... as well.

    Hope that helps.
Sign In or Register to comment.