How Programmer can enter Security?

I just wanna know how an programmer can enter into INFOsec Arena.Is it thru making antiviruses or is there any other way.What is programmer view of security?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

dynamik

Do you want to stay with programming or do you want to transition to some other area in security?

Security is a critical aspect of any application, so your options are pretty much unlimited. You could start writing tools, authoring resources, teach, and so on.

JDMurray

As software engineer and InfoSec professional, I can say that any programmer who specializes in security--and is not also a consultant--will spend 95%+ of their time doing non-security-related programming.

Yes, security is a very important part of software architecture, implementation, and testing, but is still only a small part percentage-wise of full life cycle software development. Sort of like how security is a very important thing for your home, but the percentage of things in your home that are dedicated to securing it is very small.

As a software security consultant, you can swoop in on a customer, tell them what they are doing wrong, how to fix it, and swoop away with gobs of cash (or so I have heard). You end up doing 95% software security and 5% "other" software engineering chores for as long as your customer is willing to pay you. (Then its on to the next customer.)

Considering what a poor start the CSSLP cert has had i the software engineering industry, I understand why I don't see a lot of "swooping" by software security people. Citigal is hiring, so they must be having success in this area.

vin_eets

I wanna ask that I had done Java.
So shud I lool out for a job in java and do some projects in java
Or shud I move to networking field
bcz my ultimate goal is security:an Infosec professional!!!!

JDMurray

vin_eets wrote: »

bcz my ultimate goal is security:an Infosec professional!!!!

You will find more need for InfoSec in being a netadmin or sysadmin than you will as a software engineer. But honestly, you will need to greatly improve your English writing skills before you will be of much use to any professional, high-tech employer.

codeace

A couple of my "Developer" friends started as a Threat Analyst for companies (like WebRoot). Their work involved code dissection and behavioral analysis. Certifications like the GREM could give you a helping hand.

No matter what nothing beats passion and no certification can equal experience!

JDMurray

This brings up an interesting philosophical point: is a reverse engineer an "unveloper?" I mean, reverse engineers don't actually build anything, they just tear stuff apart.

codeace

"unveloper?"

JDMurray

Here's a very good blog post on how to reverse engineer the package of a firmware update for a Linksys WAP. The author's explanation is so clear and detailed that you can actually follow along on your own computer. This is a good example of what reverse engineers do (and get excited about).

/dev/ttyS0 Blog Archive Reverse Engineering Firmware: Linksys WAG120N