Security role for UNIX/Linux engineer?

RHELRHEL Member Posts: 195 ■■■□□□□□□□
Hey all. Knowing how broad of a field security has become, I was wondering what type of security roles would be best suited for a senior level UNIX/Linux engineer?

I've continued the system admin and system engineer path for the past 7 years or so over some very large and diverse enterprise environments and while I do enjoy what I'm doing, I have always been interested in the security side of things. I'm curious what security roles highly value a strong Linux background to establish a starting point for researching other options.

At the moment, my strongest skills are with IBM AIX and Red Hat Linux. I work with Solaris as well, but very infrequently.

Where's the demand at? I figure there may be a few different options...
- System auditing and vulnerability scanning
- Pen testing
- Security systems architecture
- Consulting
- Incident response or forensics?
- Something more project management based?

Would I be able to utilize my existing background toward an upward career move in security? Or, would I be taking a step backward at first?

Thanks in advance!

Comments

  • kiki162kiki162 Member Posts: 635 ■■■■■□□□□□
    Your first option might be the best way for you to get your start in infosec. Having a linux admin background will help you for sure. Would love to hear more about your background...degrees, certs, etc. I'd also recommend to expose yourself to as many areas of IT as possible. I think once you get yourself into infosec a bit more, you'll find that you'll cross paths and get some experience within pen testing and forensics.

    I work on the audit/vuln scan/research side of infosec. Send me a PM if you want to talk more offline.
  • RHELRHEL Member Posts: 195 ■■■□□□□□□□
    kiki162 wrote: »
    Your first option might be the best way for you to get your start in infosec. Having a linux admin background will help you for sure. Would love to hear more about your background...degrees, certs, etc. I'd also recommend to expose yourself to as many areas of IT as possible. I think once you get yourself into infosec a bit more, you'll find that you'll cross paths and get some experience within pen testing and forensics.

    I work on the audit/vuln scan/research side of infosec. Send me a PM if you want to talk more offline.

    Thanks kiki, I appreciate the response!

    I know that my current organization has been building up its security team post-breach (~5 infosec employees to 45 within a year), and they've snagged up one of the senior Windows guys to serve as sort of an SME and technical resource related to security in that realm. I've always thought that being the UNIX counterpart for that role would be a nice transition.

    Background-wise, I have a bachelor's degree in IT and a MS in Computer Info Systems. I've been on the UNIX sysadmin/engineering train since finishing undergrad for an aerospace/defense company, large casino/resort/tribal government, and now a large health insurance company. AIX has always been my speciality with RHEL a close second (this is changing currently with the times).

    I do a lot of project-based work now and proof of concept stuff and play a heavy role in our semi-annual disaster recovery exercises. We've had a lot of security projects coming down the pipe lately and have been involved in a lot of that -- FireEye, Guardium, Forescout, and a lot of vulnerability remediation.

    Cert-wise, just the basics that I took years ago -- Linux+, LPIC, Novell CLA, etc. I've always supported internal infrastructure, so I tend to just attend 1-2 trainings a year vs pursuing certs at this point.

    Hope that helps to shed some light and fill in the gaps. I'll be sure to reach out via PM, I'm definitely interested in gaining a better perspective from someone on that side of the fence. Thanks!
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    Your background is very similar to mine, and I took my first infosec role last year.

    Be careful! you will find jobs that wants Linux/unix experience and scripting, but you'll end up doing just that, with little exposure to Infosec..Like you might get a job monitoring the health of firewalls for examples (using Nagios...).

    My recommendation is for you to get some SANS certs...maybe GCIH THEN apply for InfoSec roles...this will improve your chances of landing an incident response type role rather than a glorified sysadmin role within a security team.

    But my other recommendation is for you to think really hard about why you wanna move to InfoSec, because trust me you will have to build your experience again and it takes time...meanwhile something like DevOps and the cloud are hot....have you thought of learning Puppet/AWS/Python and moving to a DevOps/cloud role instead? might be more lucrative and more strategic move for you.
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • alias454alias454 Member Posts: 648 ■■■■□□□□□□
    One thing that might be worth thinking about is what do you want to get out of an infosec role? Why would you want to do infosec vs. doing what you are doing? From there, you can augment your skills as needed. Also, what are you doing now to prepare yourself for a future career in infosec? One thing that is good to do no matter what is staying up to date with the latest security news. By doing that, even if you aren't in "infosec" exactly, you can still have an impact on the security of your systems.
    “I do not seek answers, but rather to understand the question.”
  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■■□□
    Having Linux background isn't that good for InfoSec, sorry to say that. Let me break down your wish list:

    - System auditing and vulnerability scanning

    The thing is, majority of older enterprises are on Microsoft ~85%, same with many home users and because of that in majority of cases they are the targets for hackers. Check almost all the latest breaches -- they happened on Microsoft. Currently industry seeks what it can do to beef up its security and you guessed, they are looking for guys proficient in Microsoft tech stack.

    But there are large and newer web companies out there which don't use Microsoft at all, such as Facebook, Google, etc, I guess these companies would be the best bet for a Linux engineer. Forget about IBM stuff in this case though.

    Any vulnerability and patch management program I was in has Microsoft on their priority list and don't care much about patching AIX. Again, that's because MS is a target No. 1.

    - Pen testing

    Again, for web applications running on top of apache, tomcat, nginx and other Linux web servers it would be good. In older large companies -- not so much. The thing is, majority of breaches these days happen because of phishing and majority of folks who click on malicious URLs or attachments sit on Windows. Properly configured Security Email Gateways, dissecting malspam and preventing bad things from happening on Windows and responding to them is where today's incident response and pentesting is. After initial compromise, again, it's post-exploitation and breach detection on Windows.

    - Security systems architecture

    Unless you plan to participate in OS kernel development... another option is a solution architect, the one who knows where to put each system and how to interconnect them, this would probably require some network background as well, it's more of a JOAT thing but still on a good enough level. Or it could be tied with a certain vendor, like, guys who know how to install and configure Checkpoint firewalls or Palo Alto or similar stuff in corporate environments

    - Consulting

    Too broad, can't tell

    - Incident response or forensics?

    Again, forensics and incident response are where all crimes are at. Where is it? On Windows in majority of cases. You have to know well NTFS and how it works, Windows registry, how OS works under the hood to retrieve forensic evidence from Prefetcher, browser history, logs, temporary files, crash/memory **** analysis, windows processes, threads, handles, memory management and memory structures, etc. Obviously there's a market for that on Linux as well, but it is much smaller.

    - Something more project management based?

    Too broad...
  • RemedympRemedymp Member Posts: 834 ■■■■□□□□□□
    We have many resources with similar background such as yours who are now considered to be Content or Unix Security Administrators. They essentially handle all of the Unix platforms security postures. They also perform auditing of Unix platforms since 2/3's of the servers deployed today are in fact Unix based.

    From a cert perspective, they focused mostly on CISSP as rule. But, OSCP and GWAPT are of choice specialty.
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    I might also have to add, I found those with Networking background (specially firewalls) to be more well prepared than myself. It's just taking me longer to move within security. You really need to cert up and study for at least 2-3 yrs to get comfortable. Consider SANS certs, OSCP, CISSP.
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

Sign In or Register to comment.