security position

mallard20

Here is some background. I work for a medium sized bank and have been in the help desk/network position for a year. Our Information Security Tech left the company and I have been asked to assumer that role. Only problem is....I have no idea what I am doing? Is there anyone out there in the forum that can point me in the right direction to get me started. Thanks in advance.

dynamik

As far as certifications go, the Security+ is the obvious choice.

This sounds like a really bad situation. I would not want to be in charge of security for a financial institution if I didn't know what I was doing. You shouldn't let them force you into a role you're not comfortable with.

iowatech

http://www.microsoft.com/technet/solutionaccelerators/wssra/raguide/ArchitectureBlueprints/rbabsa_2.mspx#EMH

A lot to chew on but will give general concepts of everything to consider then you can go from there.

mallard20

I'm not very comfy with it but I feel as if I can do it. I know it's a great start in the security field. I already have Security+ and they will be sending me to SANS Security 401 class for a week soon. I guess my real concern is the auditing part. Any help will be appreciated. Thanks.

seuss_ssues

I dont want to sound negative, but truely learning security takes longer than a few weeks and reading a few books. It is without a doubt a journey.

You may be a very capable person and learn very quickly, but i would hate to be the person ultimately responsible for their security unless i knew without a doubt that i could more than easily handle the situation.

It would just be horrible to take on the challenge, have an incident occur that you cant handle then find yourserlf job searching again.


edit
****i missed your post about sec+ and going to SANS, so it does appear that you do have a good fundamental understanding of many of the concepts.

All i can say then is good luck and congrats on getting the foot in the door.

empc4000xl

Your back has other branches right? Well talk to those security guys and build relationships let them know you are the new security guy at your branch. Find the manuals for all the gear you are operating, and find out the e-mails and telephone numbers of tech support that support the new gear you have. Find out the companies policy and vison towards security. I have picked up a lot of equipment in my miitary time and that usually works when we have no idea what we are doing. Its better to say you need help at the beginning, and take action, rather than be exposed later on when you been at the job for a while

iowatech

I'm not very comfy with it but I feel as if I can do it. I know it's a great start in the security field. I already have Security+ and they will be sending me to SANS Security 401 class for a week soon. I guess my real concern is the auditing part. Any help will be appreciated. Thanks.

In banking they have friendly "real" audits, and then the actual "government" audits usually this one is every 18 months the friendly every 6 months.

Is this how your bank functions? If so I have some details on auditing I could give you.

JDMurray

mallard20 wrote:

Our Information Security Tech left the company and I have been asked to assumer that role.

*sigh* I would kill for an opportunity like this!

networker050184

Just let them know you are wet behind the ears. If you try to BS then you might end up getting let go. Just be honest.