How Programmer can enter Security?

vin_eetsvin_eets Registered Users Posts: 6 ■□□□□□□□□□
I just wanna know how an programmer can enter into INFOsec Arena.Is it thru making antiviruses or is there any other way.What is programmer view of security?

Comments

  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Do you want to stay with programming or do you want to transition to some other area in security?

    Security is a critical aspect of any application, so your options are pretty much unlimited. You could start writing tools, authoring resources, teach, and so on.
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    As software engineer and InfoSec professional, I can say that any programmer who specializes in security--and is not also a consultant--will spend 95%+ of their time doing non-security-related programming.

    Yes, security is a very important part of software architecture, implementation, and testing, but is still only a small part percentage-wise of full life cycle software development. Sort of like how security is a very important thing for your home, but the percentage of things in your home that are dedicated to securing it is very small.

    As a software security consultant, you can swoop in on a customer, tell them what they are doing wrong, how to fix it, and swoop away with gobs of cash (or so I have heard). You end up doing 95% software security and 5% "other" software engineering chores for as long as your customer is willing to pay you. (Then its on to the next customer.)

    Considering what a poor start the CSSLP cert has had i the software engineering industry, I understand why I don't see a lot of "swooping" by software security people. Citigal is hiring, so they must be having success in this area.
  • vin_eetsvin_eets Registered Users Posts: 6 ■□□□□□□□□□
    I wanna ask that I had done Java.
    So shud I lool out for a job in java and do some projects in java
    Or shud I move to networking field
    bcz my ultimate goal is security:an Infosec professional!!!!
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    vin_eets wrote: »
    bcz my ultimate goal is security:an Infosec professional!!!!
    You will find more need for InfoSec in being a netadmin or sysadmin than you will as a software engineer. But honestly, you will need to greatly improve your English writing skills before you will be of much use to any professional, high-tech employer.
  • codeacecodeace Member Posts: 38 ■■□□□□□□□□
    A couple of my "Developer" friends started as a Threat Analyst for companies (like WebRoot). Their work involved code dissection and behavioral analysis. Certifications like the GREM could give you a helping hand.

    No matter what nothing beats passion and no certification can equal experience!
    Everything happens for a good reason! Don't question it. Just accept it :)
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    This brings up an interesting philosophical point: is a reverse engineer an "unveloper?" I mean, reverse engineers don't actually build anything, they just tear stuff apart.


    icon_lol.gif
  • codeacecodeace Member Posts: 38 ■■□□□□□□□□
    "unveloper?"
    
    icon_lol.gif
    Everything happens for a good reason! Don't question it. Just accept it :)
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    Here's a very good blog post on how to reverse engineer the package of a firmware update for a Linksys WAP. The author's explanation is so clear and detailed that you can actually follow along on your own computer. This is a good example of what reverse engineers do (and get excited about).

    /dev/ttyS0 Blog Archive Reverse Engineering Firmware: Linksys WAG120N
Sign In or Register to comment.