.

Advice on switching to a security focused career

<<

Mulchie

Newbie
Newbie

Posts: 1

Joined: Wed Nov 25, 2009 9:00 am

Post Wed Nov 25, 2009 9:41 am

Advice on switching to a security focused career

Good afternoon all,

After quite some time of being interested in the area of security (e.g. penetration testing, malware/virus discovery and removal, vulnerability of operating systems etc) I'm finally looking to actually get off my lazy arse and do something about moving into this area of expertise.

Some background on myself. For the last 14 years (yes people can be that old and not be dead) I've been working in IT in the area of Java design and development (with about 8 years of team leading). Primary development platform is Windows with primary deployment platform being Solaris so I have reasonal experience of using Unix (shell scripts are your friend). I also have experience using PERL, VBScript and C/C++ although my knowledge is far from exhaustive in those areas. My networking experience is limited to the usual configuring of work LAN/work PC's so again far from exhaustive.

The advice I'm after (now that i'm finally getting to the point) is whether after so long in software design/dev it is practical for me to switch streams to a security focused (network penetration) career.

My plan was to take a break from software dev (contracting has some benefits) and focus on getting my networking/basic security knowledge up to a decent level via the Network+ and Security+ CompTIA certs. Is it practical to self-teach those without actually working in a networking/security based role already? Obviously VM Labs can help a huge amount there but would that end up being sufficient (with those 2 certs) to eventually get into an initial security role (junior role) and get myself started on that career path and on to further certs (CEH etc)?

Would also be interested to hear of experiences from others that have switched paths like this (especially in the UK but thats asking a bit much).

Any thoughts/advice anyone can give would be gratefully received.
<<

Grendel

User avatar

Full Member
Full Member

Posts: 246

Joined: Thu Aug 28, 2008 8:48 am

Location: Colorado Springs, CO

Post Wed Nov 25, 2009 10:15 am

Re: Advice on switching to a security focused career

Is it practical to switch to a security field? Absolutely.

Is it practical to self-teach Network+ and security+ without experience? Yes, but it'll take a lot of focus and time (which is often a problem for most people).

Are those two certs sufficient to get into a security job? Yes, especially with 14 years of experience in programming.

There are three paths that people take into the security field - software development, networking, and system administration. Coming from a programming background, it would be the easiest for you to transition into malware or software analysis, but that's not your only option.

I came from a background of the system administrator, and eventually worked on a team doing everything from code reviews to network pentesting to system attacks to... everything. Most security teams are made up of people with years of non-security experience, so you're following a well-worn path.

As for the certifications, I don't want to say they are critical to you getting a job in the security field, but from personal experience most companies expect certs now - if nothing other than to prove you can speak and understand the language of security. So definitely get security+ and if you need to take a boot camp, do so - working by yourself is certainly possible, but there is a lot of shared knowledge that happens in boot camps. Study groups are another option, but everyone I've been part of, it was the "blind leading the blind." I'm not too sold on Network+ getting anyone into a job; not saying the knowledge isn't helpful, but check out monster.com and see what certs are in more demand.

Hope that helps some.
- Thomas Wilhelm, MSCS MSM
ISSMP CISSP SCSECA SCNA IEM

Web Site:
  • http://HackingDojo.com
Author:
  • Professional Penetration Testing
  • Ninja Hacking
  • Penetration Tester's Open Source Toolkit
  • Metasploit Toolkit for Penetration Testing
  • Netcat Power Tools
<<

unsupported

User avatar

Sr. Member
Sr. Member

Posts: 318

Joined: Sun Feb 08, 2009 3:38 pm

Location: 407

Post Wed Nov 25, 2009 11:15 am

Re: Advice on switching to a security focused career

Self motivation is key to a security career.  I think you are in a much better place than someone who just has a passing knowledge of computers who wants to be an elite hacker like in the movies.  A working knowledge of programing will help you go far in your quest for pen testing, malware/virus, and vulnerability exploitation.

It is very important that you understand networking and basic security concepts, like those taught in Net+ and Sec+.  With a small network, a few computers, a couple of bucks in late fees from your local library you can study the subject of networking and security.  You may even be able to get started in the security field, even if it is a less than desirable position like basic log monitoring or account management/active directory management.

After you have a grasp in the fundamentals there are some really good resources for malware research, like Ed Skoudis' book and a lot of SANS courses.  If you were more interested in penetration testing programming knowledge will go a long way if you temper your knowledge with the methodologies taught through the Certfied Ethical Hacker certification.  For vulnerability research, you can get started in learning the open source (for now) framework of Metasploit.

Use your time wisely.  There is no magic bullet for information security work.
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
<<

KamiCrazy

Jr. Member
Jr. Member

Posts: 78

Joined: Wed Jun 17, 2009 8:40 pm

Post Wed Nov 25, 2009 4:21 pm

Re: Advice on switching to a security focused career

I truly believe that pentesting as a career is one of the few IT specialties (if you can call it a specialty) where knowing about everything is as synergistic as specialising in one thing.

Because so much of security in IT requires a healthy dose of creativity, insight and experience you never know when that little tidbit of knowledge will come in handy.

I trained to become a network engineer. Did that for a little while and then moved into system administration.
I have plans in the near future to focus on a programming language or two.

So I've come from a different perspective but in the end I will hopefully end up with a strong skillset in networking, system administration and programming.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software