Hello everybody, I've been viewing a lot of the threads over the past week or two, just trying to learn as much as possible.  And I waited till now to ask some noob questions.

Here's a little bit about myself..
- turning 23 in a few weeks
- i was studying to be an actuary for 2 years
- i work for a fortune 100 company in retirement plans
- I'm looking to get into the information assurance field and work on the offensive side (red team?)


So from reading these threads I realized how very little I actually know about computers and everything else involved with them. SO here are my NOOB questions.

1. I want to get a degree in Information Assurance, I live by a state university but I prefer to keep my job and do the degree online. So... How do employers look at IA degrees from online schools in a bad way, say from Capella University? It's marked as a center of excellence from th DoD.

2. Explain to me what a home lab is?  I tried to search "what is a home lab" but nothing good came up.  I think I'm too early to even think about getting one but it sounds super fun lol

3. My cert. route:  network+, sec+, then I have no idea...there are so many cred. in IT it's crazy...its so hard to keep track


I have bought about $70 worth of books... hacking for dummies, prep exam for A+ and network + (just to learn the very basics), hacking 3, system enigeering textbook, c++ for dummies..


I welcome any extra information or advice

What does the lab consist of? and how do you hack it? Do you create a network and hack it?  thanks

See also:

http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6855.msg36943/#msg36943

Thanks again guys. Do most of you work in the security field?

Wow, Bill. That was basically going to be my response verbatim. Thanks for saving me the time

Honestly, the most challenging aspect of what you want to do will probably be humbling yourself and starting over. You seem to lack basic computer skills that children in their early teens have nowadays. I apologize for being blunt, and I'm not trying to be rude, but if you don't genuinely appreciate what lies ahead of you, you're not going to be successful.

With the amount of ground you have to cover, you're probably looking at 5+ years to get where you need to be to do such work adequately. You'll probably have to get your foot in the door with basic systems or network administration and then work your way into security.

Having said that, it's certainly possible. There have been others who have been older and had less experience who have made the transition. Resources like this website will provide you with excellent direction. You're going to have roll your sleeves up and dig in though. Simply getting a cert or degree won't lead to true success with that type of work. You need to have an insatiable desire to understand how things work internally and the patience, persistence, and perseverance to work through the obstacles you'll encounter.

While you have a nice broad sample of books, you need to pick a starting place and focus on that. You're going to spin your tires and ultimately get nowhere if you try to learn systems, networking, and programming simultaneously. Develop a road map with short-term, manageable goals. You'll be astonished where you end up in a year or two if you can stick to such a plan.

In regards to Capella specifically, I'm extremely wary of for-profit schools, even if it is accredited. That just rubs me the wrong way and makes me question their priorities. Anyway, for any online school you're considering, make sure it's regionally (not nationally) accredited, and do some googling to find what current and past students think about it.

Review the other centers of excellence. This is one program I'm considering: http://www.scis.nova.edu/masters/msis.html It's a B&M school that offers that degree online; there's no distinction between the online or on-campus degree you end up with. There are several others like that out there as well. Just do some research and trust your instincts. If something seems to be too good to be true, it probably is.

Also, keep an eye on SANS' masters program. I know they've applied for accreditation and if that's granted, that could be a pretty good route to take. You'd also end up with some stellar certs in the process.

Finally, how about some weekend homework?

Download VirtualBox or VMware player and get one Ubuntu 10.10 and one Backtrack 4 VM installed and running. Home lab in a box.

Extra Credit: Use Nmap from within Backtrack to identify the default services running on your Ubuntu system.

Edit: http://www.infiltrated.net/pentesting101.html (courtesy of sil). I don't think the timeline's feasible for your current skill level, but that provides some additional direction.

You know, dynamik, it's funny you should put it in those terms...

I started out (as many did in this field) coming from a non-computer academic background. I studied Sociology/Anthropology in my undergraduate degree. I decided to go back to school in Information Systems, and while its a business degree it has a technical aspect to it. I spent two years to complete my Masters. I then spent two years working on a Security desk, but we were more of a glorified help desk more or less. But, I got a ton of experience troubleshooting and learning TCP/IP...a lot of the stuff you DON'T learn in school. Then I spent three years as a Unix/Linux sysadmin. I just started a new job as a pentester a couple months ago.

If you had told me 7 years ago when I started my Masters that it would take me an advanced degree and 5 years of on the job training in addition to half a dozen or so professional certifications to get to a Jr. level position, I would have probably given up right then and there....so maybe ignorance really is bliss! Seriously, though....in pretty much any technical field, you will never be able to have the luxury of sitting on the knowledge you currently have, because it is such a quickly evolving industry that you have to be constantly learning...if you get your head around that and accept that fact, you're already on your way.

I used to be the Senior Network Engineer / senior technical resource / infrastructural engineer / system and network architect / person blamed by management when they ignored my recommendations and things broke like I warned them they would. I had an interest in security, and maintained the firewall and network monitoring tools.

Currently I'm a Data Network Engineer, and my job revolves around creating VPN user accounts, Site to Site VPN tunnels, Access List rule changes, server load balancers (mostly taking servers in and out of service) and Documentation.

I don't see it as a security job, but it has enough security included to keep me interested.

Hah, maybe it is!

That's one of the reasons I stressed breaking up the entire journey into manageable steps (i.e. first focus on the CCNA and getting an entry-level networking job). If your attitude at the onset is, "I could either do this or start a PhD from scratch..." you're truly setting yourself up for failure.

IMHO, if the intrinsic rewards are there for you, it's with the effort; I don't know what I'd be doing if it wasn't this.


I just one-clicked the Kindle edition. I've repeatedly seen that recommended and finally had to check it out.

Have you read: http://www.amazon.com/Stealing-Network-Complete-Collectors-ebook/dp/B002ZFXTZ6/ref=sr_1_1?ie=UTF8&m=AG56TWVU5XWC2&s=digital-text&qid=1302389409&sr=1-1

Some of it's a bit dated at this point, but it's a REALLY FUN work of technical fiction.

The Hackers Challenge books are also in a similar vein, but that might be what the OP was already referring to with the "Hackers 3," book reference.


It's funny how diverse our backgrounds are. I *almost* have an undergrad in psychology (only need to fulfill my second-language requirement). I try to trick myself into believing it's really useful for social engineering, but, well, not so much...

I think the real benefit to me was being forced to become a semi-competent writer and learning to get up in front of a group and give a decent 15-minute presentation (check out Toastmasters if you want to hone those skills). I've seen people who are technical geniuses but have atrocious communication skills (poor grammar, stuttering on the phone/in-person, etc.). If you're in, or want to get into, a customer-facing position (which I consider to include providing written reports), it's extremely important to develop soft skill sets as well.


This is an excellent point. A career in security isn't an all-or-nothing proposition. Security is intertwined with all aspects of information technology.

I forgot to respond to this question, but I recently took on a role as an information security manger. However, my previous role involve penetration testing, social engineering, audits, risk assessments, etc. I have some pretty interesting/challenging objectives to work towards over the next couple of years, but I ultimately want to get back into the technical side of things.