Alright guys, i have setup (through my college) a job shadow.  We have not hashed out the details, but it should be within the next month.  They are trying to find someone in the info sec field that is willing to allow me to shadow them for a day or three, but i might end up following around a network admin (admins often wear the security hat in a smaller business right?)  If i end up with someone not specificly in the security field, but is knowledgable about this topic what kind of questions should i be thinking about?  I guess a better way to ask this question would be, what do you wish you asked about before you got your job in the field?

Also, in trying to find someone suitable what should the advisors helping me with this (and me as well) be asking about the person involved?  If a info sec person is not someone i can find what would be the next best thing?

Anyone want to lend a hand here?  What should i be looking to accomplish when building a hack box?  Should i just throw some spare parts together, put *nix on it and network into everything else at home?  Then what? 

Sorry if it seems like a 'duh' question, but i really do mean whats next?

Thanks again for all the help with this guys, but i am having some trouble finding info about setting up a hack box/what kind of things i could do with one. 

I am slowly buying parts to rebuild my computer (getting stuff as 24 hour sales pop up, waiting for price drops, etc...) and i am thinking i will turn my current computer into a hack box.  Can someone link me to anything useful?

That would be a SQL injection right?

I am about 14% into that course (when you are logged in and "learning", there is a small meter that tells you how far along you are in the current course).  Its very useful, and explains everything quite well in basic computer terms that anyone with some experience would understand.  My only complaint is they introduce concepts abruptly.  Its hard to explain, but they use terms that they have not defined or explained.  If you go back through the lesson though, it all becomes quite clear.  But if you were just to watch/listen only once you would have a hard time getting through it.  Also the scenarios in which they teach you change from demo to demo.  In one you will be "working" on the host computer, then in the very next demostration you are working remotely on a computer in "London" while you are in "Vancouver".  If you miss that little fact the lesson gets very confusing quickly!  lol

I just signed up and I am starting this course, thanks for pointing this out! 

Thanks for the suggestion Bill!  Did M$ just start doing the trainging courses online?  I thought i saw that pop up recently on del.ico.us....?

That makes me feel better about the language's.  If i was going to take a wild guess as to whats wrong with the php you posted, i would guess its something to do with how the sql is delivered to the db or modified by the inputs?  I really dont know, i need to get more comfortable with it i guess.

Thanks BillV, I just got done with my college adviser yesterday.  I am finishing my current degree in November, and will start on the info sec degree in January of '09.  I am going to go for the A+ cert before the new year just to get a little bit of a start and try to get in somewhere (anywhere!) to start working in the IT field asap. 

When you say i should know how ________ programming language works, do you mean i should be able to code using it or just be able to look at it and understand why it does what it does?

I am comfortable with PHP right now, but if i had to sit down and make a program that would interact with a dbase forget it...lol.  However, i can look at php files and see what they do and why without viewing them in a browser.

I am pretty certain i know this, but i want to be sure.

A program that carries the CNSS seal (also from a nationally accredited institution) is approved by the NSA correct?

I asked this from a adviser at my college yesterday, and she could not answer me.  To her credit, she is the business adviser and not the IT adviser.

Thanks for the help!  I noticed after posting that this is probably the most popular topic on the forums  Oooops....

I have been reading and searching and reading some more, and from what it looks like, security is:

-One of the more difficult IT professions to get into(?)
-a career requires more exp than education(?)
-a state of mind, not a job  

The first two are general questions that i assume are true, correct?

You answered my education question, but i want to make sure i understand completely.  You would recommend a specific degree specializing in security rather than a more general network degree if someone wanted to work in security?

Thanks!

Hello everyone!

I will start with a quick run down of how i got here.  I am 2 classes away from finishing an associates in managment.  About 18 months ago I was bitten by the tech bug (building little static sites for small businesses) and it has only gotten stronger.  Now i am thinking about switching from my management degree to an IT degree once i get my A.S. this semester (my current school has a CNSS endorsed B.S. in info tech and security). 

I started researching this IT field about a week ago after talking with a few people who are knowledgeable about this topic (for those who want to know, i found this site by googling "CNSS"...1st page results).  So far i have had a hard time finding solid info from a "hands on" source.

  I really just want to know what i should expect to get out of this type of work?  What knowledge do you use the most (hardware, programming, neither)?  Is a specific degree that focuses on info security the way to go or should i get a more general degree (computer sciences?)

And lastly, is there any way i could jump in before switching majors and try some of this kind of work at home?  I have been playing with HTML, CSS, JS, and a little php for the past 18 months...will any of that carry over to this?

Thanks, and hello again