.

Another new member intro

<<

Cheap5.0

Newbie
Newbie

Posts: 10

Joined: Mon Jul 28, 2008 7:36 pm

Post Mon Jul 28, 2008 8:29 pm

Another new member intro

Hello everyone!

I will start with a quick run down of how i got here.  I am 2 classes away from finishing an associates in managment.  About 18 months ago I was bitten by the tech bug (building little static sites for small businesses) and it has only gotten stronger.  Now i am thinking about switching from my management degree to an IT degree once i get my A.S. this semester (my current school has a CNSS endorsed B.S. in info tech and security). 

I started researching this IT field about a week ago after talking with a few people who are knowledgeable about this topic (for those who want to know, i found this site by googling "CNSS"...1st page results).  So far i have had a hard time finding solid info from a "hands on" source.

  I really just want to know what i should expect to get out of this type of work?  What knowledge do you use the most (hardware, programming, neither)?  Is a specific degree that focuses on info security the way to go or should i get a more general degree (computer sciences?)

And lastly, is there any way i could jump in before switching majors and try some of this kind of work at home?  I have been playing with HTML, CSS, JS, and a little php for the past 18 months...will any of that carry over to this?

Thanks, and hello again :)
<<

morpheus063

User avatar

Sr. Member
Sr. Member

Posts: 393

Joined: Sun Jun 25, 2006 10:08 am

Location: Cochin - India

Post Mon Jul 28, 2008 8:53 pm

Re: Another new member intro

Hey Cheap5.0,

Welcome on board EH-Net.
Most of the questions projected by you are already discussed in detail under various forums here. Go through it and you will get what you looking for. However, let me try to answer few:

  • What i should expect to get out of this type of work? - 100% Job Satisfaction – that would be my first answer if you are really passionate about security.
  • What knowledge do you use the most (hardware, programming, neither)? - Common Sense and a combination of hardware, programming, networking and system concepts
  • Is a specific degree that focuses on info security the way to go or should i get a more general degree (computer sciences?) - Yes there are many Universities and educational institutions that provide various courses that specialize on information security and information assurance.
  • Is there any way i could jump in before switching majors and try some of this kind of work at home? - Yes, you can setup a hack lab at your home and do all your R&D. There are various threads on EH-Net that discusses on how to setup or the ideal configuration for a home lab. You can start off with Virtualization also.


Hope I covered most of your questions and expect more contributions from your side also. All the best and Happy Hacking (Ethical)  :)
Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

[b]There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n
<<

Cheap5.0

Newbie
Newbie

Posts: 10

Joined: Mon Jul 28, 2008 7:36 pm

Post Mon Jul 28, 2008 10:11 pm

Re: Another new member intro

Manu Zacharia (-M-) wrote:Hey Cheap5.0,

Welcome on board EH-Net.
Most of the questions projected by you are already discussed in detail under various forums here. Go through it and you will get what you looking for. However, let me try to answer few:

  • What i should expect to get out of this type of work? - 100% Job Satisfaction – that would be my first answer if you are really passionate about security.
  • What knowledge do you use the most (hardware, programming, neither)? - Common Sense and a combination of hardware, programming, networking and system concepts
  • Is a specific degree that focuses on info security the way to go or should i get a more general degree (computer sciences?) - Yes there are many Universities and educational institutions that provide various courses that specialize on information security and information assurance.
  • Is there any way i could jump in before switching majors and try some of this kind of work at home? - Yes, you can setup a hack lab at your home and do all your R&D. There are various threads on EH-Net that discusses on how to setup or the ideal configuration for a home lab. You can start off with Virtualization also.


Hope I covered most of your questions and expect more contributions from your side also. All the best and Happy Hacking (Ethical)  :)



Thanks for the help!  I noticed after posting that this is probably the most popular topic on the forums  :-[ Oooops....

I have been reading and searching and reading some more, and from what it looks like, security is:

-One of the more difficult IT professions to get into(?)
-a career requires more exp than education(?)
-a state of mind, not a job :) 

The first two are general questions that i assume are true, correct?

You answered my education question, but i want to make sure i understand completely.  You would recommend a specific degree specializing in security rather than a more general network degree if someone wanted to work in security?

Thanks!
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Thu Jul 31, 2008 3:01 pm

Re: Another new member intro

Hi Cheap5.0! Welcome to the community.

Is security harder to get into compared to other areas of IT? Perhaps. Mostly because to be good at security, you have to have a good understanding of a lot of other areas. For example, if you're going to be protecting web applications but don't know anything about the code that is running those applications, you'll soon find yourself in trouble ;)

Does an InfoSec career require more experience than education? In my opinion, I would say yes. I myself don't have anything more than a high school diploma and a few college credits, but I'm also still early in my career.  I know there are several others floating around here that are in the same boat. This doesn't mean that an HR person or a recruiter isn't going to think highly of someone with a lot of education, but when you really get down to it, hands-on experience with the technology or being able to manage those technical folks is really what's going to help out. If you're considering a degree, and you're 100% sure that you want to stick with security, then I would agree that you should find one that specializes in security. There are multiple schools out there that are recognized by the NSA for their information assurance programs. Check into one of those. Steer clear from 'computer science,' though.. that's typically "programming" in disguise. You would want a computer information systems program or something that puts more emphasis on networking (unless of course you want to program).

HTH (and again, welcome :)

BillV
<<

Cheap5.0

Newbie
Newbie

Posts: 10

Joined: Mon Jul 28, 2008 7:36 pm

Post Fri Aug 01, 2008 9:30 am

Re: Another new member intro

Thanks BillV, I just got done with my college adviser yesterday.  I am finishing my current degree in November, and will start on the info sec degree in January of '09.  I am going to go for the A+ cert before the new year just to get a little bit of a start and try to get in somewhere (anywhere!) to start working in the IT field asap. 

When you say i should know how ________ programming language works, do you mean i should be able to code using it or just be able to look at it and understand why it does what it does?

I am comfortable with PHP right now, but if i had to sit down and make a program that would interact with a dbase forget it...lol.  However, i can look at php files and see what they do and why without viewing them in a browser.
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Fri Aug 01, 2008 2:57 pm

Re: Another new member intro

Nope, you certainly don't need to be an "enterprise developer" in any language. More so like you have stated... that you can look at the code and understand it well enough to determine what's going on and where the security holes are.

So, for the PHP example, when you see something like...

  Code:
<form action="" method="post">
<input type="text" name="username"><br />
<input type="password" name="pass"><br />
<input type="submit" value="Login">
</form>
<?php
if ($_POST[submit]) {
 $sql = "SELECT * FROM users WHERE username='$_POST[username]' AND password='$_POST[password]'";
}
?>


You would know that we quite obviously have a problem. I also don't mean that you need to know 'every' language either.

Also, going along with your 'studying for A+' idea and wanting to get into something... you may also want to have a look at the Microsoft MCDST (Desktop Support Technician). You can study for the exam for FREE directly though Microsoft with their E-Learning site...

https://www.microsoftelearning.com/eLea ... ceId=54989

Good luck :)

BillV
<<

Cheap5.0

Newbie
Newbie

Posts: 10

Joined: Mon Jul 28, 2008 7:36 pm

Post Wed Aug 06, 2008 9:31 am

Re: Another new member intro

Thanks for the suggestion Bill!  Did M$ just start doing the trainging courses online?  I thought i saw that pop up recently on del.ico.us....?

That makes me feel better about the language's.  If i was going to take a wild guess as to whats wrong with the php you posted, i would guess its something to do with how the sql is delivered to the db or modified by the inputs?  I really dont know, i need to get more comfortable with it i guess.
<<

RobMongoose

User avatar

Newbie
Newbie

Posts: 28

Joined: Sat May 31, 2008 1:52 pm

Location: Sunderland, UK

Post Wed Aug 06, 2008 7:30 pm

Re: Another new member intro

Cheap5.0 wrote: I am going to go for the A+ cert before the new year just to get a little bit of a start and try to get in somewhere (anywhere!) to start working in the IT field asap


If you're looking at getting some industry certs to start of with I would suggest going for one of the MS ones first rather than a CompTIA cert. In my experience they're cheaper, more interesting (less basic) and are worth more as far as employers are concerned. By all means go for one later on, maybe the Security+, Network+ or Linux+. A+ is very basic hardware/software maintenance, the sort of skills you tend to pick up after a couple of PC builds, whereas the MS certs demonstrate a high level of proficiency with (unfortunate but true) the dominant industry OSs.

As someone else suggested, I would definitely look at setting up some sort of lab to play around in also. VMWare is very useful for this if you don't want a load of old PCs lying around.
Mutterings of an evil genius in training -
http://robmongoose.blogspot.com/
<<

Cheap5.0

Newbie
Newbie

Posts: 10

Joined: Mon Jul 28, 2008 7:36 pm

Post Wed Aug 06, 2008 8:02 pm

Re: Another new member intro

BillV wrote:Nope, you certainly don't need to be an "enterprise developer" in any language. More so like you have stated... that you can look at the code and understand it well enough to determine what's going on and where the security holes are.

So, for the PHP example, when you see something like...

  Code:
<form action="" method="post">
<input type="text" name="username"><br />
<input type="password" name="pass"><br />
<input type="submit" value="Login">
</form>
<?php
if ($_POST[submit]) {
 $sql = "SELECT * FROM users WHERE username='$_POST[username]' AND password='$_POST[password]'";
}
?>


You would know that we quite obviously have a problem. I also don't mean that you need to know 'every' language either.

Also, going along with your 'studying for A+' idea and wanting to get into something... you may also want to have a look at the Microsoft MCDST (Desktop Support Technician). You can study for the exam for FREE directly though Microsoft with their E-Learning site...

https://www.microsoftelearning.com/eLea ... ceId=54989

Good luck :)

BillV


I just signed up and I am starting this course, thanks for pointing this out! 
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Thu Aug 07, 2008 7:57 am

Re: Another new member intro

Cheap5.0 wrote:Thanks for the suggestion Bill!  Did M$ just start doing the trainging courses online?  I thought i saw that pop up recently on del.ico.us....?


No problem. I'm not sure how long they have been offering training courses online. I would guess a while judging by the availability of different courses. I know I came across them sometime last year.

Cheap5.0 wrote:That makes me feel better about the language's.  If i was going to take a wild guess as to whats wrong with the php you posted, i would guess its something to do with how the sql is delivered to the db or modified by the inputs?  I really dont know, i need to get more comfortable with it i guess.


Yup, you'd be correct. Taking a variable (username) that's input from a form and placing it directly into a SQL query with no proper validation is not a good idea ;)

Cheap5.0 wrote:I just signed up and I am starting this course, thanks for pointing this out! 


Good luck!! Let us know how it goes :)

BillV
Last edited by venom77 on Thu Aug 07, 2008 8:12 am, edited 1 time in total.
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Thu Aug 07, 2008 8:11 am

Re: Another new member intro

RobMongoose wrote:If you're looking at getting some industry certs to start of with I would suggest going for one of the MS ones first rather than a CompTIA cert. ... A+ is very basic hardware/software maintenance, the sort of skills you tend to pick up after a couple of PC builds, whereas the MS certs demonstrate a high level of proficiency with (unfortunate but true) the dominant industry OSs.


I agree and disagree.

I used to have the same thinking back when I knew what the objectives were for the old A+ version when it was Cord Hardware and Core Operating Systems.

Recently, now that I've taken a closer look at the new A+ objectives (Essentials + IT Tech/Remote Tech/Depot Tech), I've been suggesting that to people looking at getting into IT. And, as I replied above, I also send them in the direction of that MCDST since that's a good place to start and the training is free from MS.

I really think that the A+ has changed a lot compared to what it used to be.
<<

Cheap5.0

Newbie
Newbie

Posts: 10

Joined: Mon Jul 28, 2008 7:36 pm

Post Thu Aug 07, 2008 9:15 am

Re: Another new member intro

BillV wrote:
Yup, you'd be correct. Taking a variable (username) that's input from a form and placing it directly into a SQL query with no proper validation is not a good idea ;)


Good luck!! Let us know how it goes :)

BillV


That would be a SQL injection right?

I am about 14% into that course (when you are logged in and "learning", there is a small meter that tells you how far along you are in the current course).  Its very useful, and explains everything quite well in basic computer terms that anyone with some experience would understand.  My only complaint is they introduce concepts abruptly.  Its hard to explain, but they use terms that they have not defined or explained.  If you go back through the lesson though, it all becomes quite clear.  But if you were just to watch/listen only once you would have a hard time getting through it.  Also the scenarios in which they teach you change from demo to demo.  In one you will be "working" on the host computer, then in the very next demostration you are working remotely on a computer in "London" while you are in "Vancouver".  If you miss that little fact the lesson gets very confusing quickly!  lol
<<

sgt_mjc

Sr. Member
Sr. Member

Posts: 294

Joined: Tue Feb 05, 2008 8:34 am

Location: AL

Post Thu Aug 07, 2008 4:11 pm

Re: Another new member intro

One last piece of advice Cheap, and this is the easy part, ask questions. If you don't know something, ask around here. Some one will know the answer. I got in to he security field more by accident than design. I had a friend that knew me back when we served together and served as a mentor. He steered me towards this line of work and I love it. Good luck on your own journey.
Mike Conway
CISSP
CompTia Security +
C|EH
<<

RobMongoose

User avatar

Newbie
Newbie

Posts: 28

Joined: Sat May 31, 2008 1:52 pm

Location: Sunderland, UK

Post Thu Aug 07, 2008 8:56 pm

Re: Another new member intro

BillV wrote:I really think that the A+ has changed a lot compared to what it used to be.


Fair enough  :). It's been a few years since I saw the material and it was very basic at that point. Thinking about it that was nearly 10 years ago so no surprise that it's been updated really :P
Mutterings of an evil genius in training -
http://robmongoose.blogspot.com/
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Thu Aug 07, 2008 9:00 pm

Re: Another new member intro

Yeah, I'd imagine we're probably on the same page. Take a look over at the CompTIA website at the A+ objectives when you get a chance. You'll probably be pretty surprised at the changes. I know I was! Especially when I saw that 'security' is one of the domains. It's a much more well-rounded certification than it used to be :)
Next

Return to News Items and General Discussion About EH-Net

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software