programming opportunity...
NetworkNewb
Member Posts: 3,298 ■■■■■■■■■□
in Off-Topic
So at my company, we have web application that we have bunch of techs around the country use. Right now, we outsource the programming functionality of that application and pay that person alot to take care of it. My manager came to me yesterday saying that the person we outsource it to is not going to be doing it anymore later this year and asked if I would be willing to learn how to do it and take it over.
I would need to learn how to program in C and .Net. I've had a couple years of programming Java classes in college and have looked at C and doesn't seem all that difficult so pretty certain I could learn how to do it. So that wouldn't be an issue. (I even worked for a Fortune 100 company doing web development for short period of time right out of college)
Also, it wouldn't be like I would be doing this full-time. I would still handling doing pretty much JOAT position at my office (only 50 ppl at our office). Pretty certain we are going hire someone under me later this summer to take care of the smaller tasks.My question is would it help me down road to have this experience if I want to get into Security? I don't have a concrete idea of exactly what area of security I want to get into atm. Plan on getting some entry level security certs before choosing a specific path. Plan on getting Security+ and GSEC this year. But I was thinking working on application like this might be beneficial...
What do you guys think or what would you guys do?
I know some people hate programming but it really doesn't bother me at all.
I would need to learn how to program in C and .Net. I've had a couple years of programming Java classes in college and have looked at C and doesn't seem all that difficult so pretty certain I could learn how to do it. So that wouldn't be an issue. (I even worked for a Fortune 100 company doing web development for short period of time right out of college)
Also, it wouldn't be like I would be doing this full-time. I would still handling doing pretty much JOAT position at my office (only 50 ppl at our office). Pretty certain we are going hire someone under me later this summer to take care of the smaller tasks.My question is would it help me down road to have this experience if I want to get into Security? I don't have a concrete idea of exactly what area of security I want to get into atm. Plan on getting some entry level security certs before choosing a specific path. Plan on getting Security+ and GSEC this year. But I was thinking working on application like this might be beneficial...
What do you guys think or what would you guys do?
I know some people hate programming but it really doesn't bother me at all.
Comments
-
nelson8403
Member Posts: 220 ■■■□□□□□□□
What kind of Security do you want to get into? Information Security or more of a Security Operations role? Either way it can't hurt to have programming knowledge though you may not use it as much in a Security Analyst role.
When you take over the project, does your company own the source code? Is this something that was developed by a third party? Do you have documentation for what each function or piece of code does? If the designers and maintenance team for the software doesn't work for your company will you have support at all if you run into an issue and it's not something you can resolve? I'm not sure what the program does but those will definitely be some things you need to go over, even the most basic applications that is coded with little notes or using functions that may be known to the developer but not to outside parties can be very difficult to just jump into and know exactly what to do, especially with no knowledge of the coding.Bachelor of Science, IT Security
Master of Science, Information Security and Assurance
CCIE Security Progress: Written Pass (06/2016), 1st Lab Attempt (11/2016) -
NetworkNewb
Member Posts: 3,298 ■■■■■■■■■□
I believe I want to get into more the operations side. Excuse my lack of knowledge, but when you say "operations role" I'm assuming that would be the side that actually implements the changes in system?
My company does own the code. I definitely understand what your saying about the documentation for each piece code though. One person's thinking of how to code something could be completely different on how another person would. That is definitely something I would need to address with the current person working on it. I haven't looked in the code of the application myself. A few months away from actually taking on project this if I decide to.
It isn't a super complex application, from what I've worked with it at least. Pretty much an inventory application. Our techs scan in the items they use and it connects to our SQL database and makes updates. -
iBrokeIT
Member Posts: 1,318 ■■■■■■■■■□
Here are a few questions off the top of my head I would ask:
What sort of documentation exists for this application?
Do you have a development environment for this application?
No? Are you able to setup one up?
What resources will be provided if you get stuck and need assistance?
Depending on those are answered I would/n't take the project.2019: GPEN | GCFE | GXPN | GICSP | CySA+
2020: GCIP | GCIA
2021: GRID | GDSA | Pentest+
2022: GMON | GDAT
2023: GREM | GSE | GCFA
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops | SANS Grad Cert: Incident Response -
nelson8403
Member Posts: 220 ■■■□□□□□□□
Right, Information Security/Analysts make the policies and Operations usually implements the changes or advises what should be done. At least that's what my definition is, there may be others.
Make sure your boss is able to get you that information before you can commit to accepting the role, and maybe see if they can send you to some training or pay for something to help get you caught up on C and .Net at an accelerated pace for this project.Bachelor of Science, IT Security
Master of Science, Information Security and Assurance
CCIE Security Progress: Written Pass (06/2016), 1st Lab Attempt (11/2016)