NEW JOINER, Please Help!

[pushpender]

hello all,

I am pleased to join THE bunch of talented people.

I am a fresher just completed my graduation and stepped into this hugely increasing IT world.
As i have starting my career i want to know more about SECURITY as i just build up interest in this field.
Please let me know how to gain knowledge?, what i have to study as being new to this environment and the concepts to have a good start for my career in SECURITY which i want to be a part of?

Thanks!

[hayabusa]

Your biggest allies will be time, and the ability to research for yourself (a LOT.)

I'll give you a very basic starting list of topics you'll want to come up to speed on, if you want to grow in IT Security.  I would then suggest you sit down and go through the forums here, as we've had discussions like this, posted, numerous times.

- Networking - understand the OSI model, communications protocols, how devices talk to one another, different types of firewalls, IDS/IPS, etc

- Programming - at a MINIMUM, understand some sort of scripting language, including knowledge of shell scripting in BASH, and batch file writing in Dos and Powershell.  Beyond those, look into languages like C, Python, Perl and Ruby (you'll not need to know them all, and may never be an 'expert' in any, but it will help you when  you reach the point of learning about stacks and exploits, if you have at least a foundational knowledge of some language(s))

- Professional networking - make friends, build contacts, and learn who, how and where to gain insight and knowledge as you grow.  Look into local IT Security groups, if any exist in your area, and begin to attend meetings, seminars, etc.  There's MUCH to be learned, even through community interaction.

- Research - understand how to lookup and find security-related information, such as CVE's, 0-days, etc.  Learn how to use Google more effectively (Google IS your friend, here)

- Persistence / Determination - nothing ever comes easy in security.  Be prepared to be committed and spend a lot of time honing and maintaining your skills, because it's always changing.  The attack vectors change, the landscape changes, and even the underlying technologies change, quite frequently.

Next, once you know the areas you need to focus on, depending on your level of understanding, already, look into courses (whether college, online, self-study / cbt, etc) at the level you're at, and progressing forward from there.  Good security-specific certs and programs:  Security+, Hacking DOJO (various levels of classes from more basic to advanced, and Tom Wilhelm is a member here - Grendel), CEH, eLearnSecurity (again, different levels and Armando is a member here, as well), ECSA/LPT, CHFI (if you want to go more into forensics), OSCP, and the list goes on.  We could write books with the lists of certs, but the important thing is to understand what each cert teaches, and apply that to your current level, and the direction you want to go.

Hope that HELPS, but remember, you'll need to be willing to put a lot of time, energy and effort into it, while still maintaining your passion for it, else, it'll fade quickly.

PS - I didn't vote in your poll, because I feel BOTH are equally important, if you're just beginning, and you don't have an option for BOTH...

[pushpender]

Hello Hayabusa,

Thanks a ton! for the useful information you have provided.
This will be really helpful to have a clear view about every perspective, that you have elaborated in a simple fashion.

[millwalll]

That is some really good advice from Hayabusa.

I have been trying to get into security for about a year now. I am working on  making connections within the industry and always working on my skills. I spend everyday doing something related to security.

Reading books
Watching video
Research
Using BT in my lab

There are lots resources online and Google is your friend as Hayabusa said.

Trying to break into security is not easy I have started to get job interview now and sometimes I feel like I take a step forward and other times it feels like ten steps back.

I would say take Hayabusa advice and if you really want it you will get it but you have to want it more than anything as its not an easy task.

[Yanni]

Pushpender -> Although I'm new to this forum, I think forums like this are crucial to the continuation of learning in the IT world. I can't believe I'm going to say this... but almost better than class experience... Textbooks just can't keep up with technology.

[d4ym4n]

go to conferences. blackhat is pricey but there are a ton of other conferences. shmoocon, notacon, b-sides, the list goes on.
also podcasts are a good source of info.
   pauldotcome, security justice, CERT is ok,
*warning be prepared for poor humor during the podcasts. if you can get through that there is good information in there.