Hey Cheap5.0,

Welcome on board EH-Net.
Most of the questions projected by you are already discussed in detail under various forums here. Go through it and you will get what you looking for. However, let me try to answer few:

• What i should expect to get out of this type of work? - 100% Job Satisfaction – that would be my first answer if you are really passionate about security.
• What knowledge do you use the most (hardware, programming, neither)? - Common Sense and a combination of hardware, programming, networking and system concepts
• Is a specific degree that focuses on info security the way to go or should i get a more general degree (computer sciences?) - Yes there are many Universities and educational institutions that provide various courses that specialize on information security and information assurance.
• Is there any way i could jump in before switching majors and try some of this kind of work at home? - Yes, you can setup a hack lab at your home and do all your R&D. There are various threads on EH-Net that discusses on how to setup or the ideal configuration for a home lab. You can start off with Virtualization also.

Hope I covered most of your questions and expect more contributions from your side also. All the best and Happy Hacking (Ethical) 

Hi Cheap5.0! Welcome to the community.

Is security harder to get into compared to other areas of IT? Perhaps. Mostly because to be good at security, you have to have a good understanding of a lot of other areas. For example, if you're going to be protecting web applications but don't know anything about the code that is running those applications, you'll soon find yourself in trouble

Does an InfoSec career require more experience than education? In my opinion, I would say yes. I myself don't have anything more than a high school diploma and a few college credits, but I'm also still early in my career.  I know there are several others floating around here that are in the same boat. This doesn't mean that an HR person or a recruiter isn't going to think highly of someone with a lot of education, but when you really get down to it, hands-on experience with the technology or being able to manage those technical folks is really what's going to help out. If you're considering a degree, and you're 100% sure that you want to stick with security, then I would agree that you should find one that specializes in security. There are multiple schools out there that are recognized by the NSA for their information assurance programs. Check into one of those. Steer clear from 'computer science,' though.. that's typically "programming" in disguise. You would want a computer information systems program or something that puts more emphasis on networking (unless of course you want to program).

HTH (and again, welcome

BillV

Nope, you certainly don't need to be an "enterprise developer" in any language. More so like you have stated... that you can look at the code and understand it well enough to determine what's going on and where the security holes are.

So, for the PHP example, when you see something like...


You would know that we quite obviously have a problem. I also don't mean that you need to know 'every' language either.

Also, going along with your 'studying for A+' idea and wanting to get into something... you may also want to have a look at the Microsoft MCDST (Desktop Support Technician). You can study for the exam for FREE directly though Microsoft with their E-Learning site...

https://www.microsoftelearning.com/eLearning/offerDetail.aspx?offerPriceId=54989

Good luck

BillV

If you're looking at getting some industry certs to start of with I would suggest going for one of the MS ones first rather than a CompTIA cert. In my experience they're cheaper, more interesting (less basic) and are worth more as far as employers are concerned. By all means go for one later on, maybe the Security+, Network+ or Linux+. A+ is very basic hardware/software maintenance, the sort of skills you tend to pick up after a couple of PC builds, whereas the MS certs demonstrate a high level of proficiency with (unfortunate but true) the dominant industry OSs.

As someone else suggested, I would definitely look at setting up some sort of lab to play around in also. VMWare is very useful for this if you don't want a load of old PCs lying around.

No problem. I'm not sure how long they have been offering training courses online. I would guess a while judging by the availability of different courses. I know I came across them sometime last year.


Yup, you'd be correct. Taking a variable (username) that's input from a form and placing it directly into a SQL query with no proper validation is not a good idea


Good luck!! Let us know how it goes

BillV

That would be a SQL injection right?

I am about 14% into that course (when you are logged in and "learning", there is a small meter that tells you how far along you are in the current course).  Its very useful, and explains everything quite well in basic computer terms that anyone with some experience would understand.  My only complaint is they introduce concepts abruptly.  Its hard to explain, but they use terms that they have not defined or explained.  If you go back through the lesson though, it all becomes quite clear.  But if you were just to watch/listen only once you would have a hard time getting through it.  Also the scenarios in which they teach you change from demo to demo.  In one you will be "working" on the host computer, then in the very next demostration you are working remotely on a computer in "London" while you are in "Vancouver".  If you miss that little fact the lesson gets very confusing quickly!  lol

Fair enough  . It's been a few years since I saw the material and it was very basic at that point. Thinking about it that was nearly 10 years ago so no surprise that it's been updated really