Background to get into Security

veritas_libertas wrote: »

Question,

I just attended an ISSA meeting in my area. I enjoyed talking to some of security people at the meeting. This brought up a question that I didn't not have the oppurtunity to ask due to time constraints. What kind of professional background do you need to get into security? Do you need to have been a Network Administrator at one time?

Security is broken down into many specialized segments. You don't necessarily have to be a network admin to do all security jobs. If you were going to admin firewalls or IDS sensors then yes a background in network administration would help you out a lot. If you were a systems auditor, you may have a specific type of system you audit. I know when I've tried out for auditing positions they generally wanted you for a specific role, whether that be MS products, *nix, or networking. I will say a background with some networking will help you period.

L0gicB0mb508 wrote: »

Security is broken down into many specialized segments. You don't necessarily have to be a network admin to do all security jobs. If you were going to admin firewalls or IDS sensors then yes a background in network administration would help you out a lot. If you were a systems auditor, you may have a specific type of system you audit. I know when I've tried out for auditing positions they generally wanted you for a specific role, whether that be MS products, *nix, or networking. I will say a background with some networking will help you period.

Sorry I didn't clarify what I was thinking better. Do I have to start out as a Network Admin / Sys Admin before I can get into security?

There are many different facets of Information Security, many of which do not involve system administration or network administration. In decades past, most of InfoSec had nothing to do with computers or electronic storage systems. So no, you don't need to be a sysadmin or netadmin. But you do need experience in area(s) that require the application of InfoSec.

JDMurray wrote: »

There are many different facets of Information Security, many of which do not involve system administration or network administration. In decades past, most of InfoSec had nothing to do with computers or electronic storage systems. So no, you don't need to be a sysadmin or netadmin. But you do need experience in area(s) that require the application of InfoSec.

Okay, I was wondering whether or not I should start out trying to get into a SysAdmin / NetwkAdmin job, and then later try to get a Security Analyst type of job using my SysAdmin /NetwkAdmin job, and security certs. So you guys don't think I have to have the NetwkAdmin job background?

What is it that you want to do in Information Security? People usually get into InfoSec as an adjunct specialty to something that they are already doing (e.g., system design, sys/netadmin, accounting, operations management), and not as something that is completely brand new to themselves.

JDMurray wrote: »

What is it that you want to do in Information Security? People usually get into InfoSec as an adjunct specialty to something that they are already doing (e.g., system design, sys/netadmin, accounting, operations management), and not as something that is completely brand new to themselves.

I think you may have answered my question with your first line. Maybe you can tell what the areas name would be. I am interested in security administration of systems, and the network infrastructure. Monitoring the logs and making sure that policies are enforced.

If you want to secure the systems or network you're going to have to have experience on that system. How can you secure something you don't understand. So yes, you will need a network or systems admin background.

L0gicB0mb508 wrote: »

If you want to secure the systems or network you're going to have to have experience on that system. How can you secure something you don't understand. So yes, you will need a network or systems admin background.

That was my thought as well. I just wondered what everyone thought and had experienced on their path to security.

veritas_libertas wrote: »

I am interested in security administration of systems, and the network infrastructure. Monitoring the logs and making sure that policies are enforced.

A lot of that is low-level grunt-work handled by software. You'll be a tool-user and fix-it guy and might never have an opportunity to learn much about the real design and implementation of security. That's OK for entry-level work, but plan on shooting higher for a better career.

JDMurray wrote: »

A lot of that is low-level grunt-work handled by software. You'll be a tool-user and fix-it guy and might never have an opportunity to learn much about the real design and implementation of security. That's OK for entry-level work, but plan on shooting higher for a better career.

Exactly. Try your best to pick some other things other than the lower level log analysis. Like he said It will get you into the field, but you are going to want more substance. I currently do IDS/IPS analysis, which is a lot of monitoring.

JDMurray wrote: »

A lot of that is low-level grunt-work handled by software. You'll be a tool-user and fix-it guy and might never have an opportunity to learn much about the real design and implementation of security. That's OK for entry-level work, but plan on shooting higher for a better career.

Okay, thanks for the help JDMurray/L0gicB0mb508. By shooting higher what should I be aiming for?

veritas_libertas wrote: »

Okay, thanks for the help JDMurray/L0gicB0mb508. By shooting higher what should I be aiming for?

Well I think for the time being doing logs and things like that will be a good step for you. However, after some time in this you'll be wanting to move up. I can't really say what you should be aiming for, because there are soo many areas to specialize in. I know you want to do systems/network security, but even then there are soo many niches. You can pen test, configure security appliances, work in compliance auditing on systems, and even specialize in security polices/management.

I think maybe you should explore some infosec options and see what your end goal is.

kimanyd

Go for an MCSE and/or CCNP. Security will be intertwined throughout all those studies, and you'll develop a solid understanding of the technologies you'll be working with in the process.

+1 to all the other great advice thus far.

kimanyd wrote: »

Go for an MCSE and/or CCNP. Security will be intertwined throughout all those studies, and you'll develop a solid understanding of the technologies you'll be working with in the process.

+1 to all the other great advice thus far.

I know I definitely want to get the MCSE and the CCNA. I was thinking down the line that doing the CCSP would be useful. Is the CCSP completely Cisco hardware related or does it cover security in general?

kimanyd

It seems like the CCNP and CCSP go hand in hand. I'm not sure which order I'll get them in, but I'm definitely going after both. I was chatting with dtlokee about this, and he was telling me stories about how he knew some people who were exclusively CCSPs had trouble carrying out basic R&S tasks. I don't want that to be me...

I think the CCSP is going to focus mainly on Cisco equipment. The CCNA: Security (which is a prereq to the CCSP) seems to be Cisco's version of the Security+, but it's still geared Cisco equipment.

kimanyd wrote: »

I think the CCSP is going to focus mainly on Cisco equipment.

Oh yeah, big-time. I decided not to consider the CCSP because I don't ever expect to be that deeply involved in working with Cisco equipment--unless I'm one-day writing management software for it. I would consider studying for the CCSP exams only in that case.

Thanks guys, I want to know that I have good foundation before I hit the manufacturer specific certifications. I really don't want to be one of those people you mentioned Dynamik err, kimanyd.... Yikes! You seriously need to choose one or the other

GAngel

veritas_libertas wrote: »

Thanks guys, I want to know that I have good foundation before I hit the manufacturer specific certifications. I really don't want to be one of those people you mentioned Dynamik err, kimanyd.... Yikes! You seriously need to choose one or the other

The real foundation in info sec is TCP/IP. If you don't understand how it really works you'll never understand why things are done certain ways or how to solve issues when the standard tools don't work.

GAngel wrote: »

The real foundation in info sec is TCP/IP. If you don't understand how it really works you'll never understand why things are done certain ways or how to solve issues when the standard tools don't work.

Thanks for the reminder. I plan to study more deeply into TCP/IP world after my Bachelor degree is knocked off. I have this book set on the wish list right now.

Amazon.com: TCP/IP Illustrated Volumes 1-3 Boxed Set (v. 1-3) (0785342776317): W. Richard Stevens, Gary R. Wright: Books