I'm doing a security baseline class for a financial company all this week. For those thinking of moving into security, here's my 2 cents worth of advice.
1. Get you some Linux; Redhat, Suse, Fedora, it doesn't matter. If you really plan on making serious headway, you will need to be comfortable in front of a Linux command line. Things like compiling shell code on the fly or actually while you're in the middle of an exploit is a power you needn't do without. Also certain tools (Nmap comes to mind) are 100 times better and more flexible in a Linux environment.
2. Get some literature. For example, all of the books from the Stealing the Network series (co-authored by Fyodor (the creator of Nmap) is a good start. While all of these stories are fiction, the tools, techniques and exploits are very very real. Read these, make a list of the tools, exploits, etc you read about. Then start googling away, looking for information on these tools and exploits, and start practicing Learn and get comfortable with some of the popular IDS tools out there. Start with Snort, there's tons of info on the web explaining how to create filters, rules, etc. .
3. Start asking questions.
4. I know it's a bore, but go ahead and take the time to learn the 7 Layers of the OSI model and master them. Also, learn your ports and protocols and learn what they're for (TFTP is one of your best friends when it comes to pentesting). Snmp is your enemy when trying to secure your network.
These things will help you out in your near future (if your goal is to move to security). It will also help out your future instructors
Only one person in my class this week knew how to compile a simple program (ADMsnmp) from the linux console. Even though the prerequisites for the class clearly state "intermediate to advanced Linux experience...."
Good luck to you all. I'm sure Johan, /usr, kenny, and some of you others can add some more to this.
