.

want to move from dev to security admin profile

<<

kumar

Newbie
Newbie

Posts: 2

Joined: Fri Feb 12, 2010 11:24 am

Post Fri Feb 12, 2010 11:57 am

want to move from dev to security admin profile

Hi guys,

just now joined this group and want to put forward a query.

I've got 7+ years of exp in dev (VC++, Win32, COM/DCOM, ... all windows stuff) and am pretty good in it (well, not that good). I want to change my field from dev to security; my interest lies here and I see my future into Network Sec / Forensics.

I started preparing for CEH exam but only yesterday noticed on their website that 2 years of exp is required in security. That really seems to be tough luck to me.

So, what do you guys suggest: how do I proceed with my plans to move to security.

Please advise. thanks in advance.
k
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Fri Feb 12, 2010 12:22 pm

Re: want to move from dev to security admin profile

Welcome to the forums, kumar.

In terms of your concerns about the requirements for the CEH - I think 7+ years of dev experience should be sufficient, although it might not be related to security (depending on what you have developed ;)), but programming skills are a must-have in order to become a good ethical hacker imho. So I would just apply for the CEH if you are interested in it and list what you have done so far. Often it is also a question of interpretation and how you present yourself and what you have done so far.

I would like to mention that you won't be an ethical hacker at all, just because you passed the CEH exam. Though it is a good start in order to get your feet wet. ;)

For general advices on how to proceed and advance in the it-security area, I would recommend to browse a little through the forums as plenty recommendations were already given.
<<

kumar

Newbie
Newbie

Posts: 2

Joined: Fri Feb 12, 2010 11:24 am

Post Fri Feb 12, 2010 12:51 pm

Re: want to move from dev to security admin profile

Hi awesec,

thanks for your comments.

But the point is my dev exp has nothing to do with security or hacking. I haven't even worked on web dev. all my exp is in stand alone or client-server apps. But I do have basic understanding of common protocols.
So, as per your suggestion, I'll go ahead and apply for the exam and see how they respond. (I'm really keeping my fingers crossed).

"I would like to mention that you won't be an ethical hacker at all, just because you passed the CEH exam. Though it is a good start in order to get your feet wet. Wink"
I completely agree with you. Neither reading books nor passing certification exams will help in becoming a hacker. I think it comes only with exp. But this exam is very important for me as I need something to show in my resume related to security to get a job in this field.

This forum is great. really very informative; I'm going through all the threads related to CEH. Will ping you guys again in case I've more queries.

Thanks,
k
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Fri Feb 12, 2010 1:09 pm

Re: want to move from dev to security admin profile

If you should be rejected anyway, you would have to take one of their classes in order to circumvent the 2 years of experience requirement - I don't know if this would be an option for you.
I have taken recently such a class and have written a short review on it which should be published here in near future. Also I am currently reviewing some of the materials which are available for studying, such as the Official CEH Review Guide, Prep Guide, etc., and will put them online as well.

Let us know if you are eligible for the self-study route when you have received your response from EC-Council.
Last edited by UNIX on Fri Feb 12, 2010 1:11 pm, edited 1 time in total.
<<

unsupported

User avatar

Sr. Member
Sr. Member

Posts: 318

Joined: Sun Feb 08, 2009 3:38 pm

Location: 407

Post Fri Feb 12, 2010 8:47 pm

Re: want to move from dev to security admin profile

Instead of going straight for the CEH, maybe you should start with a general security certification like Security + by CompTIA.  You will learn a lot of the basics required for understanding CEH.

Once you have your Sec+ you can write up an experience waiver to EC-Council to see if you can waive the experience.
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Fri Feb 12, 2010 11:09 pm

Re: want to move from dev to security admin profile

With a development background, especially in C++, you may like the exploit development and reverse engineering side of security.  How is your understand of memory and CPU architecture?  I personally love these areas of security. 

Regardless of the direction  you chose, your development background is your greatest asset when applying for security positions.  I value such experience when I am looking for people quite a bit. 
~~~~~~~~~~~~~~
Ketchup
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Sat Feb 13, 2010 12:06 am

Re: want to move from dev to security admin profile

Hi kumar, and welcome.

In addition to the aforementioned thoughts, how is your background with 'Object oriented' languages like Ruby and Python?  If you've got even a decent background in C++, and as Ketchup noted, you understand memory and such, you'd likely be able to pick up on the other languages pretty easily, and Ruby and Python are very heavily utilized in many of the tools and exploit development projects (CANVAS, CoreImpact, Metasploit, etc.)  Granted, the object oriented side of them is different than C++, but the concepts are easily understood, and I'm sure you could quickly adapt.

Assuming you could pick them up fairly easily, you could really go far on the exploit end of the security spectrum, but even if you don't, the understanding you've gained as a programmer will help you to know what types of things you can be looking for, and you'll better understand, at least, what exploits are doing under the hood, giving you an advantage over many of the 'script-kiddie' types that both attack systems (unethically,) as well as quite a few who are looking to get into the proactive side of security (ethically.)

As far as the security knowledge / experience requirements for CEH, I'd agree, that you could work on something like Sec+, etc, or you could even do some co-op work with existing companies, directly assisting or developing security offerings, to begin getting that time in.  Either way, from my experiences with other folks who needed to meet the requirements (I met mine, prior to even reviewing the course, so I haven't personally had to consider alternate options,) I know EC-Council has been pretty reasonable, provided the experience you have in IT and programming is documented and verifiable, and you can show you're working towards direct activity in security.

Good luck, and if you do approach them, let us know how they respond.  It's always nice to get feedback that we can give to others, who are in the same types of situations.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH

Return to CEH - Certified Ethical Hacker

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software