Networking, Security & Programming

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi,

Well i need some solid advice at the moment, I'm 19 years old and currently im at my first proper IT job (1st Line Support). I currently have an MCSE & MCDBA (my employer does not know about my certs). I hope to specialise in Computer Security, but im curious would i need to know networking well? & what about programming, do i also need to know programming lang such as C++ & Java? If yes how well do i need to know networking, to CCNA level or above? and programming would i need to know it well enough to write intermediate level applications?

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Good idea on keeping your certs secret - you're way overcertified for your experience level.

If you're interested in security, your focus will depend on what aspect of security you want to do. Do you want to do network security? If so, networking is an absolute must. Do you want to learn how to secure code? If so, programming is in order.

All that said, you're nowhere close to being ready for security responsibilities yet... to illustrate, you're worried about running a marathon when you've just learned how to stand on two feet. Security generally comes after networking, which generally comes after server administration, which generally comes after desktop support, which generally comes after help desk/level 1 tech support. Experience will come in time... just keep directing your career towards your ultimate goal... not by studying and taking more certifications... but by gaining real-world responsibilities and learning how stuff works in a business environment. That experience will be absolutely invaluable to you in advancing your career.

Best of luck!

 

I agree with what's been said above. Also you'll have to be patient because these kind of things don't happen over a period of a year let say, its years of experience and hard work and dedication.

 

Thank you guys! been very helpfull, i think im going to try programming a bit and learning networking at the same time and see how it goes but iv looked at the CCNA books and it kinda makes me wanna puke!

 

Be advised that programming and networking are rather separate jobs... programmers don't do much (or any) networking, and network admins don't do much (or any) programming.

 

How did you get your MCSE then? I would have thought that 70-291 would have been pretty difficult for you if you think the CCNA is that hard. Admittedly it's Cisco, but it's pretty basic stuff and you should be able to get your head round it if you can pass 70-291.

I think you hiding your certs from your employer is a very good idea. Its always suspicious when someone with no experience has an MCSE - if I was an employer I wouldn't look twice at your CV before binning it. Sounds like you have the right idea with starting at the bottom. I suggest that you build yourself a home lab and learn all the stuff you used to pass your exams with properly at home, at a leisurely pace. You already have a foot in the door, which is always good as it means you will be earning whilst you learn.

There's some sound advice earlier about Networking and programming being completely different. I've worked with people who were utterly useless at anything to do with networking, but give them a problem to solve in code and they could bash it out in ten minutes flat. In my experience, you either 'get' programming, or you don't. I personally don't think its a skill you can learn easily - if it comes to you naturally, then great. If not, then stick with networking, as I think you'll be more successful trying to pick up the skills needed to succeed.

Above all, you've got to love working in IT. Some people come to the field late (it took me ten years from leaving college) others start out early. Whatever happens, if you don't love the profession, you'll end up disheartened and dejected. If you love it, and want it, you'll succeed (keep quiet about that MCSE though - however you came by it)

PS: Don't even think about security until you have five years of experience. That is NOT a role where inexperience will suit you well!

 

Thank you for solid advice!!!!

So say if i wish to get into "Security" what are the criteria's? Same for networking and then Network Security. Would Security Programming be a different Criteria??

 

No worries - advice is what we're here for (most of the time anyway!)

There are no hard and fast criteria as such for working in the security arm of the profession. Pretty much the same can be said for many areas of IT tbh, but Security in particular seems to be one of those branches of IT that a lot of people suddenly wake up one day and find themselves working in without realising that they were headed in that direction!

There are a lot of different roles a security admin needs to perform that, unless you are blessed with working for an enormous organisation with a security team of around 20 people will pretty much be done by one guy. This can be very challenging, but also extremely enjoyable and rewarding. You may have responsibility for infrastructure security, physical security, security policy, legal, data retention, compliance and all sorts of other things, so need to be able to turn your mind to a lot of different disciplines.

If I was recruiting for a Security Admin for a company that couldn't afford more than one (most likely where you'll be looking at if you decided to eventually go down that road), then I would be looking for someone with around 3-5 years' experience in a network/sys admin role, (preferably with experience of both), having held some form of responsibility for corporate security in the past - even if at a junior level.

You'd need to be experienced in at least one of the 'big three' firewall vendors' products (Juniper, Checkpoint, Cisco) and, in addition, have plenty of experience with enterprise-class content filtering at the gateway (Trend, SurfControl, BlueCoat, Finjan), anti-spam solutions (MessageLabs, IronMail, Trend, IronPort), corporate AV (McAfee, Symantec) and any other security-focussed technologies (IDS, NAC etc).

I'd need you to have experience at performing basic intrusions (port scanning, enumeration, vulnerability exposure etc), know how to set up and maintain effective system logging, understand and be able to capture network traffic so you can analyse it, perform password cracking and have a decent overall grasp of networking theory.

You would have to demonstrate at least a basic understanding of almost all of the technologies you would use in the day-to-day job of a security admin, be able to communicate extremely effectively - including the ages-old chestnut of possessing the ability to explain some quite complex security issues to people at management level who have NO clue of how vital your job is and see IT Security as a bottomless pit they keep plowing money into.

Finally, and most importantly, you need to not give a damn that you have to take your blackberry with you anywhere on the planet because if you are responsible for perimeter security and some turd has just penetrated you, you better be DAMN sure you are on the first plane back home - because the job of a security admin is amongst the most important roles in a company's IT team. But hey - that's why we get paid so much, right?

Still wanna work in security?

Seriously - I've loved every minute of the last two years. I've now moved into a more senior role in a completely different industry - I still have security responsibilities, but I also now have senior systems and network functions too. I only moved to get more money and be able to work in a more challenging environment. Eventually I will move back into a pure security role, because that is definitely what i want to do - I love it. if you can handle all the above and more, read books on cryptography in the bath, set up your home network with managed switching just so that you can do port mirroring to a snort box you built yourself and dual boot your lappy with BackTrack so that you can sniff wirelessly on the train through South london in the morning every six months and count the number of unsecured WLANs on the train ride from Croydon to Victoria every morning (down 14% in November 2007 from May 2007 if anyone's interested) then you are a security nerd - welcome to the fold!



PS: Security programming isn't really a career path I'd know much about. TBH, everything development does to me is a mystery - you'd need to ask someone who programs for a living what its like trying to get into that field. As far as I understand it, there isn't really that much of a call for 'pure' security programmers. All programmers are supposed to be able to/know how to write secure code. If they did, then there would be much less need for security admins of course, but thats another story...

 

Zeb thank you for a great response!!! By reading your response and others I have decided to do the following basically:

IT Professional: Enterprise Support Technician
70-620 * 70-623

IT Professional: Consumer Support Technician
70-620 * 70-622

Upgrade MCSE 2003 ---> MCITP: Enterprise Admin - MCITP: Server Admin
70-620 * 70-649 * 70-647

CCNA

Obviously i will not be telling any of my employeers about the qualifications I have well not untill I have done about 12 months on helpdesk, I'm just doing most of them for my own achievements and to increase my knowledge, i mean whats I have done my CCNA then i can sit down and think about which career path i wish to take. I mean i am only 19 :P got hell of alot ahead of me. In the mean time, im going to learn how to use softwares like Snort, Wiresharek, Nmap & Nagios also learn abit more C++ on the side i can see its going to be a very very tough year but as they say no pain no gain!!!

Just one last question, the people that find vunrabilities and write exploits for applications and people who make networking/security related applications such as NMap, Port Scanners etc what would they be classied as? Security Programmers?

 

You really shouldn't be pursing the MCITP: Enterprise Admin or MCITP: Server Admin until you've got more experience... otherwise, you're going to continue to overcertify yourself even more than you already are. According to Microsoft, here:

Not one year of experience... one year of experience doing THAT. You don't have any of that as a 1st line tech.

Be patient... certifications don't make you a good tech... experience makes you a good tech. And this advice is coming from someone who sells IT certification training for a living.