Options

Which route to take?

phillisphillis Registered Users Posts: 1 ■□□□□□□□□□
in Other Security Certifications
Hi,

Currently researching which route would be best for me to take, and hope someone can help :) My goal is to work in the InfoSec field.

I have just gained a BSc in Computer Science, and must decide whether to continue on to do a Masters in Computer Information Security, or start gaining work experience or jobs and certificates. I believe I have good knowledge of the field, especially penetration testing. Furthermore I have been programming for a long time, and actively program for security (to aid penetration testing / intrusion / amongst other things...). Actively taken part in multiple 'bounty hunts hacks' (often successfully), such as googles reward scheme amongst others..

I don't have a piece of paper saying that I can do these things! + It would be great to be paid for it!
Would I benefit from a MSc, in terms of employability? (I mean, I would probably end up doing the certificated after an MSc anyway?)
Might it be better to gain certificates (end goal being CISSP) and possibly do the MSc later if at all / if need be?

Thanks,
· Share on FacebookShare on Twitter

Comments

  • Options
    the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    My suggestion would be to start getting experience. It's not that a Masters will hurt you, but in security experience means a lot more.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
    · Share on FacebookShare on Twitter
  • Options
    vlad06vlad06 Member Posts: 31 ■□□□□□□□□□
    I've been wondering about this.

    To have a career in security, do you have to know how to program?
    · Share on FacebookShare on Twitter
  • Options
    Master Of PuppetsMaster Of Puppets Member Posts: 1,210
    vlad06 wrote: »
    I've been wondering about this.

    To have a career in security, do you have to know how to program?

    Different aspects of security require different things but in short - yes. This is an essential skill the demand for which will only increase. You can be a network security guy and work with firewalls, ips etc. and not need it but you will still find scripting very useful. Even in that case, the programming knowledge will help because you will better understand the threats and, therefore, be better equipped to handle them.

    For example, if you are a pen tester, programming is a must. I'm not even going to mention malware analysis and the like since the deal there is pretty obvious. Do yourself a favor and learn the basics if you don't want to go deep.
    Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
    · Share on FacebookShare on Twitter
  • Options
    vlad06vlad06 Member Posts: 31 ■□□□□□□□□□
    Master Of Puppets wrote: »
    Different aspects of security require different things but in short - yes. This is an essential skill the demand for which will only increase. You can be a network security guy and work with firewalls, ips etc. and not need it but you will still find scripting very useful. Even in that case, the programming knowledge will help because you will better understand the threats and, therefore, be better equipped to handle them.

    For example, if you are a pen tester, programming is a must. I'm not even going to mention malware analysis and the like since the deal there is pretty obvious. Do yourself a favor and learn the basics if you don't want to go deep.

    You have confirmed my worst fears.

    I might start with Python then, what would you recommend?
    · Share on FacebookShare on Twitter
  • Options
    Master Of PuppetsMaster Of Puppets Member Posts: 1,210
    vlad06 wrote: »
    You have confirmed my worst fears.

    I might start with Python then, what would you recommend?

    I think Python is the best choice. Also, how familiar are you with linux? That is again something that will be needed. Bash scripting will also be very nice and it is not hard at all. There is a lot of info about Python resources on the forum so if you do a search, you will find a wealth of suggestions and tips. If you need more help or can't decide on resources, feel free to ask. Good luck and don't worry - programming is not that scary once you start getting the hang of it.
    Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
    · Share on FacebookShare on Twitter
  • Options
    JDMurrayJDMurray Admin Posts: 13,028 Admin
    There are many non-technical disciplines in Information Security that do not benefit from a background in programming (e.g., risk management, administrative policies, auditing, and physical security). In fact, I would say that most InfoSec people have never studied software engineering and truly have no idea how software really works. Yes, not knowing how to develop software limits the areas of InfoSec in which you can work, but it by no means excludes you from InfoSec as a profession entirely.

    Forum Admin at www.techexams.net
    --
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    · Share on FacebookShare on Twitter
  • Options
    DoyenDoyen Member Posts: 397 ■■■□□□□□□□
    Using your programming background, you could become a software auditor in the security field.
    Goals for 2016: [] VCP 5.5: ICM (recertifying) , [ ] VMware VCA-NV, [ ] 640-911 DCICN, [ ] 640-916 DCICT, [ ] CCNA: Data Center, [ ] CISSP (Associate), [ ] 300-101 ROUTE, [ ] 300-115 SWITCH, [ ] 300-135 TSHOOT, [ ] CCNP: Route & Switch, [ ] CEHv8, [ ] LX0-103, [ ] LX0-104
    Future Goals: WGU MSISA or Capital Technology Univerisity MSCIS Degree Program
    Click here to connect with me on LinkedIn! Just mention your are from Techexams.net.
    · Share on FacebookShare on Twitter
  • Options
    docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    Software auditing is a big issue these days. With so much demand to create new software packages (or more likely, web and mobile apps), companies rush to deliver to market quickly ... and without sufficient security validation. This is why there tends to be a near-guarantee that attackers will find some kind of vulnerability once the app's made public. The mindset to think about how apps can be attacked is very much lacking based on my experience with the development community at large. It's all about creating functionality quickly, ensuring flexibility, and being first to market. This combination does not lend itself to secure development practices when management has short-term profit as the only practical driver. It's very much a deploy-now-fix-later approach.

    There used to be a lot of emphasis on network perimeter design and endpoint management when it came to security, but today it gets right into the application and data layers as well. Knowing software will help greatly. I need to take the time to do some of this myself as it inherently limits what I can do or have insight into.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
    · Share on FacebookShare on Twitter
Sign In or Register to comment.