.

Moving from System Administration to Security Analysis

<<

eth3real

User avatar

Sr. Member
Sr. Member

Posts: 309

Joined: Wed Feb 27, 2008 10:35 am

Location: US

Post Tue Oct 25, 2011 9:39 am

Moving from System Administration to Security Analysis

Hi everyone,

I've been the Systems Administrator for a small company since 2006, and I'm trying to make the transition from Systems Administrator to Security Analyst, and was hoping to get some insight to see if what I'm doing it right, or if there's anything I can be doing better.

Being the only tech professional for a small company has it good points and bad points.
On the good side:
  • I'm involved with every piece of technology that comes through here.
  • I've learned to adapt quickly and learn new technologies very rapidly.
  • I have a basic knowledge of a wide variety of systems.

On the bad side:
  • I don't have any help.
  • I'm not an expert on any one of the technologies I deal with.
  • I don't have any experience in a larger corporation.

I haven't had much to do with security for a long time, as I typically don't get to use it at my current job. That being said, I realized at a security competition that I attended last week, that my passion still lies in security. I can't remember a time that I've been more excited and motivated. This can even be seen with my activity in this forum. I was very active around the time I got my CEH, back in 2008, but it died off. I've become active again in the past couple of months, while preparing for this competition.

I'm now active in many local groups, including a Linux Users Group, InfraGard, ISSA, ISACA, 2600, and Def Con groups. I'm planning on doing my first presentation at the Linux Users Group next month. My goal is to become very active in the local community, presenting as much as possible (focusing on quality, not quantity). I'm hoping that this will open some doors for me and help me get into a Jr Security Analyst position, or something similar.

I've had a really difficult time trying to find a security related job in my area, but I know I need to keep expanding my network and hopefully get some good recommendations once people in the community are familiar with my work. I know it's going to still take a long time, but I wanted to see if anyone had some insight for me, or if this is a bad approach. I know I eventually need to finish at least my AA, and I'm planning on studying for the CISSP soon. I hear that CISSP is slightly less in depth than CEH, can anyone confirm or deny that?

Thanks in advance everyone, this is a fantastic community that I'm proud to be a part of. :)
Put that in your pipe and grep it!
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Tue Oct 25, 2011 10:29 am

Re: Moving from System Administration to Security Analysis

I was in a similar position, I think in your environment you lernt how to protect very well your network and that will help you a lot in the future.

One way to begin to go inside of security is to move to an IT company, in that moment you begin to touch a lot of equipement and begin to see different security products
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Tue Oct 25, 2011 10:44 am

Re: Moving from System Administration to Security Analysis

I was sort of in your boat.  For the last 10 years I spent much of my time as a Sys Admin.  Even as a consultant for 5+ years I still mainly focused on Sys Admin duties with the ability to branch out in other areas.  As you have seen Sys Admins can easily move into a Security role by being able to focus on more security related areas - AV, Patching, Perimeter security etc...  As you also know, Info Sec is a very general area, there are many branches from Security Engineers who build and ensure the systems are configured correctly and hardened properly to Pentration testers who try to break those systems.  Then you have branches that involve a bit more knowledge in coding like exploit writing/analysis, malwware analysis and reverse engineering.  And as you know there are soooo many cool areas to focus in but each requires its own skillset.

The question for you, what industry is your current company in?  Does it need to be compliant with any standards?  PCI, HIPAA or SOX?  If so see if you can get them to allow you to focus more in that direction and build a new role for yourself, meanwhile you can try to bring in additional help.  If they won't go for that, then your only other option is to look for a new opportunity.  Depending on your location, this can prove difficult or very easy.  

While I was consulting, the last year or so I focused more on security and was able to do more vulnerability assessments.  Eventually I saw an opportunity for a Network Security Admin.  Most of the requirements were heavily related to what I did as a consultant.  Backups, Symantec AV, IPS, Firewall configurations etc...  So I reworked my resume thanks to a recruiter and made it reflect my 10 years of experience so I didn't have to worry too much about the alphabet game.  What you will need to show is the ability to adapt and learn which sounds like you can.  Then just go for a job.  You also may need to relocate depending on where you live now.  Some markets just don't have the demand but Security is now on the minds of even small businesses.  What SMBs can't do is afford the really experienced guys.  

If you like who you work for, and want to give them a chance, work at showing them they need in-house security.  Do a vulnerability assessment of the current environment.  Show them the findings and the risks.  If anything you get some vulnerability testing experience.  
Certs: GCWN
(@)Dewser
<<

eth3real

User avatar

Sr. Member
Sr. Member

Posts: 309

Joined: Wed Feb 27, 2008 10:35 am

Location: US

Post Tue Oct 25, 2011 10:58 am

Re: Moving from System Administration to Security Analysis

Thanks for the comments.

Unfortunately, we don't have any kind of standards that we need to comply to, none of our customers have required it. That would be a good thing to work on, though. I'm going to put some thought into that.

And I agree that I could probably convince the company that we need to have some focus on security if I did a pentest. Is there any sample documentation, outlines, etc. that I could use as a template?

I know that it if I can't find any new opportunities, I need to at least give some focus to security while I'm still here. At this point, I think finding another opportunity would be best, but I also have to make the best use out of what I still have. :)
Put that in your pipe and grep it!
<<

eth3real

User avatar

Sr. Member
Sr. Member

Posts: 309

Joined: Wed Feb 27, 2008 10:35 am

Location: US

Post Tue Oct 25, 2011 12:07 pm

Re: Moving from System Administration to Security Analysis

What about internships? Has anybody has experience being/recruiting an intern in the information security industry?
Put that in your pipe and grep it!
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Tue Oct 25, 2011 3:02 pm

Re: Moving from System Administration to Security Analysis

I'm sure there are templates.  I think what you would have to figure out is where the money lies with the company.  Are there major database apps used?  Are there publically facing web/app servers?  What kind of customer data is stored and where is it stored?  Hell look at performing a risk analysis.  Get a decent idea of the business needs and work off that.  Then once you have this information you can determine how to scare... I mean prove to them they require better controls than are currently in place.

Find the window that the money will fly out of if someone left it open!  So lets say the only server that faces the internet is email.  Lets say its Exchange and OWA is in use.  Well is the server fully patched?  Both Windows and Exchange?  Get authorization to run a vulnerability scan against the outside portion.  Document the findings and ensure they are not false positives.  Now what can happen if those findings are true and there is an exploitable vulnerability present?  Can someone use that to bypass the logon and gain access to a mailbox?  What is in the mailbox?  Will it hurt the company in the coin purse if it is leaked?  If all the doors and windows are locked up tight, turn your attention to the gewy inside.  Do the users like clicking on things?  Are your desktop apps fully patched?  Are you utilizing application whitelisting?  Use a tool such as Metasploit to craft a bogus PDF file and show a demo of what an unpatched Adobe Reader app can be used for.  There are many vectors to choose from but it is most important to prove the risk will hurt the company.  Small Businesses can easily be closed if proprietary data is leaked/stolen or customers information is stolen and they decide to sue the company.

As far as Internships, I am sure there are, but you may have to do some digging.  but you may need to keep a full time job if the internship doesn't pay.
Certs: GCWN
(@)Dewser

Return to Career Central

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software