How Programmer can enter Security?
vin_eets
Registered Users Posts: 6 ■□□□□□□□□□
I just wanna know how an programmer can enter into INFOsec Arena.Is it thru making antiviruses or is there any other way.What is programmer view of security?
Comments
-
dynamik Banned Posts: 12,312 ■■■■■■■■■□Do you want to stay with programming or do you want to transition to some other area in security?
Security is a critical aspect of any application, so your options are pretty much unlimited. You could start writing tools, authoring resources, teach, and so on. -
JDMurray Admin Posts: 13,091 AdminAs software engineer and InfoSec professional, I can say that any programmer who specializes in security--and is not also a consultant--will spend 95%+ of their time doing non-security-related programming.
Yes, security is a very important part of software architecture, implementation, and testing, but is still only a small part percentage-wise of full life cycle software development. Sort of like how security is a very important thing for your home, but the percentage of things in your home that are dedicated to securing it is very small.
As a software security consultant, you can swoop in on a customer, tell them what they are doing wrong, how to fix it, and swoop away with gobs of cash (or so I have heard). You end up doing 95% software security and 5% "other" software engineering chores for as long as your customer is willing to pay you. (Then its on to the next customer.)
Considering what a poor start the CSSLP cert has had i the software engineering industry, I understand why I don't see a lot of "swooping" by software security people. Citigal is hiring, so they must be having success in this area. -
vin_eets Registered Users Posts: 6 ■□□□□□□□□□I wanna ask that I had done Java.
So shud I lool out for a job in java and do some projects in java
Or shud I move to networking field
bcz my ultimate goal is security:an Infosec professional!!!! -
JDMurray Admin Posts: 13,091 Adminbcz my ultimate goal is security:an Infosec professional!!!!
-
codeace Member Posts: 38 ■■□□□□□□□□A couple of my "Developer" friends started as a Threat Analyst for companies (like WebRoot). Their work involved code dissection and behavioral analysis. Certifications like the GREM could give you a helping hand.
No matter what nothing beats passion and no certification can equal experience!Everything happens for a good reason! Don't question it. Just accept it -
JDMurray Admin Posts: 13,091 AdminThis brings up an interesting philosophical point: is a reverse engineer an "unveloper?" I mean, reverse engineers don't actually build anything, they just tear stuff apart.
-
codeace Member Posts: 38 ■■□□□□□□□□
"unveloper?"
Everything happens for a good reason! Don't question it. Just accept it -
JDMurray Admin Posts: 13,091 AdminHere's a very good blog post on how to reverse engineer the package of a firmware update for a Linksys WAP. The author's explanation is so clear and detailed that you can actually follow along on your own computer. This is a good example of what reverse engineers do (and get excited about).
/dev/ttyS0 Blog Archive Reverse Engineering Firmware: Linksys WAG120N