Mobile Security

the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
Attempting to plan my future and where I would like to see myself in the coming years. Mobile is slowly, but surely exploding. Everyone at someone point will probably have a smartphone and in less developed nations that will be the main point of access to the internet. So the question is how does one begin to specialize in mobile security? In researching, there isn't much certification wise and I'm thinking most companies don't have a specialized team dedicated just to mobile devices. I think this is even more true given the move to BYOD. I wouldn't mind working on the exploitation side of the house, but I guess I'm trying to gauge if there are other positions in the market beyond just hunting for bugs or exploits.

Obviously, forensics is a big possibility, but I think that is being lumped in with regular computer forensics (as they are fairly related). Just looking for some opinions.
WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff

Comments

  • jasong318jasong318 Member Posts: 102
    Don't know anything about certifications for the area, but you could always just start messing around with projects out there. Android is pretty easy to get started with. One project is the 'Smartphone Pentest Framework', download the code, take it apart, and see what's going on. This page has a good write up on the security related issues with permissions in Android. Good luck and let us know what else you find!
  • ptilsenptilsen Member Posts: 2,835 ■■■■■■■■■■
    In terms of regular IT infrastructure, ie administration and securing mobile devices, I see no future there. Mobility had a place in the enterprise well before virtualization. BES was widespread years ago, before ActiveSync devices started to eliminate its need. I don't see mobile as exploding in terms of enterprise or small/medium business acceptance. It has been there for a long time, and technology is only making it easier to implement and secure, not harder.

    Don't get me wrong, setting up MDM in some form or another will always be an aspect of systems administration, but it's not that complicated. As with most aspects of systems administration, you're generally implementing established, documented software. Some companies might have MDM administration teams, but not many.

    Outside of that, forensics, pentesting, and other security fields are certainly roles to consider.
    Working B.S., Computer Science
    Complete: 55/120 credits SPAN 201, LIT 100, ETHS 200, AP Lang, MATH 120, WRIT 231, ICS 140, MATH 215, ECON 202, ECON 201, ICS 141, MATH 210, LING 111, ICS 240
    In progress: CLEP US GOV,
    Next up: MATH 211, ECON 352, ICS 340
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Thanks for the info guys! Definitely going to look into those resources jasong! I know SecurityTube has an iOS certification (SecurityTube iOS Security Expert « SecurityTube Trainings) so I might look into that. My assumption is he'll come out with an Android one as well?

    ptilsen - thanks for the heads up. I'll focus more on the forensics/pentesting/etc side of the house.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • JDMurrayJDMurray Admin Posts: 13,091 Admin
    Mobile devices use operatings systems (Android, BeOS, IOS, Linux, etc.), wireless communications (cellular, 802.11, Bluetooth, ZigBee, etc.), and (most commonly) IPv4 networking. I would start with certifications that concentrate in those areas.
  • wes allenwes allen Member Posts: 540 ■■■■■□□□□□
    You might also look into Identification, Authentication, and Authorization type technologies. Stuff like 802.1x, biometrics, two factor tokens (SecurID, google authenticator), etc are starting to become more widespread as people spend more time away from secure internal physical networks. I think Novel has some pretty cool technologies in that area.
Sign In or Register to comment.