want to enter security field

Hello All,
Sorry if i am asking something really stupid or already asked... (My first post

)
i have done my bachelors degree in computer engineering and now working on EJBs, XSL, Javascript from last 7 months. (I got my first job in ay 2005)
i am very much interested in security. but dont know where to start with?
can anyone suggest me some path to progressively get in the security field?
i mean what kind of certifications will be helpful for me?
Thanks in advance!!

Find more posts tagged with

Comments

Webmaster

'the security field' is a huge field with many different disciplines and areas. Before you decided on which certification path you want to follow, you should have some idea in which area of information security you want a career.

Following are some examples IT sec cert paths. Note that these are merely examples, you don't have to follow a path entirely, and you can mix it with other security and general IT certs:

System and network security:
Security+ --> MCSA:Security --> MCSE:Security --> CCSA/CCSE

Network security:
Security+ --> CCNA --> CCSP
Security+ --> CCNA --> CCSP --> CCIE:Security

Ethical hacker/penetration tester/auditor:
Security+ --> MCSA:Security/CCNA --> CEH
Security+ --> CEH

Forensics Investigator
- CHFI
- GIAC Certified Forensics Analyst (GCFA)

All sorts of general and less general security disciplines:
ISC2 Associate --> SSCP --> CISSP
SANS GIAC www.giac.org/certifications/roadmap.php

As you probably noticed, I recommend Security+ for starters (and if you don't have a good foundation in basic network technologies, go for Network+ first). Again, the above are merely examples, and the list is not complete. Besides finding out what area(s) you are most interested in, you should check what is in demand in you region.

Good luck with your decision!

xevious

You have a great start as a developer, so I would also suggest focusing on writing secure code as a profession. I'm not sure what kind of security programming certs are out there; however, just having the skill set on a resume is very attractive.

keatron

xevious wrote:

You have a great start as a developer, so I would also suggest focusing on writing secure code as a profession. I'm not sure what kind of security programming certs are out there; however, just having the skill set on a resume is very attractive.

Yes, and it will become more valuable as you get more experience. Most CISSP's I know come from a network and systems security background. Application Security folks are hard to come by these days.

amolchaudhari

Hello All,
Thanks for your prompt replies.
but by "focussing on writing secure code" what do you mean?
can any one elaborate on this? and can u suggest some good links to get me a brief overview?
i am planning to take BrainBench's internet security certification to start with. its a bit easy and cheap too. i think this will give me some insights of the other certifications.
what are ur opinions?
thanks a lot!!

2lazybutsmart

amolchaudhari wrote:

but by "focussing on writing secure code" what do you mean?
can any one elaborate on this? and can u suggest some good links to get me a brief overview?

secure code, to me, means code that doesn't have backdoors. Little slip-throughs that might enable the bad guys to get the upper hand. I don't know the objectives of the CISSP exam, but I suppose any "information security" certification would focus on how to deal with those backdoors in applications.

If you've done funny things with pointers, you'll get my point.
2lbs.

youchonium

I would also look at writing code that has proper bounds checking (eliminating any buffer overflow exploits).

xevious

If you plan on being a developer, learn techniques to write code in a secured fashion. i.e. storing/retrieving from databases using encryption.

have a look at a M$ press book called 'writing secure code' as a start. I'm sure there's stuff out there for java, xml, etc... as well.

Hope that helps.