1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Starting out in security

Discussion in 'Employment & Jobs' started by demarrer, Aug 6, 2009.

  1. demarrer

    demarrer Byte Poster

    165
    5
    25
    Hi,

    I was wondering what you guys would consider the "first line" in an IT security job. For you guys that are security pros now, what type of tasks did you perform to start building on that all essential experience?

    I imagine that at the beginning there is a lot of log auditing, monitoring, response to basic threats, user awareness/education?

    Cheers for any thoughts.
     
    Certifications: A+, Security +, CCNA, CCSA
    WIP: music, (dreaming of) CCIE Security :D
  2. wagnerk
    Highly Decorated Member Award

    wagnerk aka kitkatninja Moderator

    10,831
    357
    341
    I can't speak for others as my role is general IT covering IT Security and not an IT security specific role. I did 2 security based certs (70-298 & Comptia Security+) and it was integrated into being part of my role as I was promoted.

    Anyway tasks: reviewing logs (windows, ISA, etc), setting up CCTV & IPCCTV and reviewing footage, maintaining firewalls and updates, locking down systems and periodically reviewing staff access rights (to ensure access to what they need, not want they want), network (re-)design, ensuring physical security of equipments, audits of equipment (both software & hardware), etc, etc, etc... Ok, not all of that is level 1 stuff, but you get the point...

    -ken
     
    Certifications: CITP, PGCert, BSc, HNC, LCGI, PTLLS, MCT, MCITP, MCTS, MCSE, MCSA:M, MCSA, MCDST, MCP, MTA, MCAS, MOS (Master), A+, N+, S+, ACA, VCA, etc... & 2nd Degree Black Belt
    WIP: PGDip
  3. jk2447

    jk2447 Petabyte Poster Moderator

    5,483
    354
    249
    It depends on how big the company is. I've been fortunate to work for corporations so in that situation you tend to specialise more i.e. you'd work on a team of 30 security analysts, you and another person in charge of access logs and ensuring calls/tickets are raised for password resets, another 2 would be in charge of checking ISA/Firewall logs etc etc as Ken says. In this respect I think its better to work for a smaller firm as you'd get to be more of a "jack of all trades".

    To put yourself in a position to get your 1st IT Sec role its VERY important to tailor your certifications toward security, as every IT Sec manager I've met have been fond of certain Certs . . CCNA, MCSA/MCSE:Sec, CISSP, CISA, CEH being the main ones I can think of top of my head.

    I see that you are studying for your MCDST. IMO thats not going to be any use at all other than to count toward your MCSA if your only aim is to work in IT Sec. To cut down your workload which is going to be intensive as it is, I'd drop the MCDST as this represents what? 2 months hard study is my guess???

    I'd focus on your MCSA and CCNA. Leave CISSP because to be blunt, its very very hard. Maybe go for Security+ and 70-299 as I did to get the MCSA:Security.

    Good luck,

    Jim
     
    Certifications: BSc (Hons), HND IT, HND Computing, ITIL-F, MBCS CITP, MCP (270,290,291,293,294,298,299,410,411,412) MCTS (401,620,624,652) MCSA:Security, MCSE: Security, Security+, CPTS, VCP4, CCA (XenApp6.5), MCSA 2012, VCP5, VCP6-NV
  4. demarrer

    demarrer Byte Poster

    165
    5
    25
    Cheers for the comments. I got the security+ but there is still a mountain of reading to do. I know what you mean about continuing the MSDST. I have studied the books, used the knowledge to improve what I do in the day, but not yet taken the exams. Recently, I have been looking at developing a more in depth knowledge about AD/windows server environment as thats the technology I work with. So what you are saying about hitting the MCSA while maintaining the angle on security study is spot on.

    I know what you mean about the CISSP - 6 hour exam, 250 questions! I did some premilinary reading and as it describes the cert as a "mile wide and an inch deep". Also, its not just the exam you need to worry about, but the ongoing commitment that comes with this certification, the recertification, and the fact you have to have 5 years proven security experience under your belt before they even give you the cert.

    I found the MS learning path for security interesting and will follow that in my own time as well as following the SANS security white papers. Have you read any of these?
     
    Certifications: A+, Security +, CCNA, CCSA
    WIP: music, (dreaming of) CCIE Security :D
  5. jk2447

    jk2447 Petabyte Poster Moderator

    5,483
    354
    249
    I have mate, they produce some brilliant stuff so good work finding them. You could do something similar to me, I've not long got MCSA: Security, started my CCNA self study and am sitting the Certified Penetration Testing Specialist exam tomorrow after being on the Mile2 course all week. I'll then carry on to get my MCSE:Sec then CEH and I'm all done. Only thing left is CISSP which as you rightly say is a mile wide and inch deep. One of my friends in work, very bright, degree, CCNA etc; she's failed it 3 times! So I'm a bit scared. . . . hence doing it last. Jim
     
    Certifications: BSc (Hons), HND IT, HND Computing, ITIL-F, MBCS CITP, MCP (270,290,291,293,294,298,299,410,411,412) MCTS (401,620,624,652) MCSA:Security, MCSE: Security, Security+, CPTS, VCP4, CCA (XenApp6.5), MCSA 2012, VCP5, VCP6-NV
  6. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    There's not really a "first line" IT security job. Most people who get into IT security learn by doing network administration first (and you've probably seen enough posts by now to know the steps to get up to network administration, right?).
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  7. demarrer

    demarrer Byte Poster

    165
    5
    25
    How was the course? Just checked out the website - and it looks intense. Does it differ much from CEH?

    Cheers for all the tips, after sleeping on it, it's MCSA here I come :)
     
    Certifications: A+, Security +, CCNA, CCSA
    WIP: music, (dreaming of) CCIE Security :D
  8. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    If you've got 6 months of server administration experience, that's a good cert to get.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  9. demarrer

    demarrer Byte Poster

    165
    5
    25
    Yep got about a year and a half now
     
    Certifications: A+, Security +, CCNA, CCSA
    WIP: music, (dreaming of) CCIE Security :D
  10. jk2447

    jk2447 Petabyte Poster Moderator

    5,483
    354
    249
    CPTS course was amazing mate, really couldn't fault it. From what I hear its similar to the CEH but more hands on which is what you want. Passed the exam today so going to put a new thread up in the security section I think. Check it out. Jim
     
    Certifications: BSc (Hons), HND IT, HND Computing, ITIL-F, MBCS CITP, MCP (270,290,291,293,294,298,299,410,411,412) MCTS (401,620,624,652) MCSA:Security, MCSE: Security, Security+, CPTS, VCP4, CCA (XenApp6.5), MCSA 2012, VCP5, VCP6-NV
  11. demarrer

    demarrer Byte Poster

    165
    5
    25
    well done on the pass :) Congratulations.
     
    Certifications: A+, Security +, CCNA, CCSA
    WIP: music, (dreaming of) CCIE Security :D
  12. jk2447

    jk2447 Petabyte Poster Moderator

    5,483
    354
    249
    Thanks mate, intensive week but really worth it :D
     
    Certifications: BSc (Hons), HND IT, HND Computing, ITIL-F, MBCS CITP, MCP (270,290,291,293,294,298,299,410,411,412) MCTS (401,620,624,652) MCSA:Security, MCSE: Security, Security+, CPTS, VCP4, CCA (XenApp6.5), MCSA 2012, VCP5, VCP6-NV
  13. Shinigami

    Shinigami Megabyte Poster

    896
    40
    84
    The easiest "Security" path I've found so far (from working in such a position), is to begin by having a good understanding of, and being able to enforce policies in a manner which makes sense to others.

    Just as an example, few people these days truly comprehend why certain things should not be done in a certain manner. Simple examples would be "replying to a spammer" or "sending a password for a sensitive account, via email, to a huge distribution list".

    It just doesn't register bells in some people, so the next step is to begin enforcing manners in which some of this at the very least can be avoided by either improving communication (telling people to not reply to emails, or to never divulge passwords) or improving the systems (block all spam mail whenever possible so that it doesn't reach the recipient, or never provide systems passwords to anyone or at the very least, have a centralised system which regularly changes the password for service account and the like with zero user intervention and knowledge).

    All of the above is just the tip of the iceberg of course. Just the bare essentials.

    Once you dig deeper, you find the joys of auditing, or even better, the joys of system hardening (takes considerably time to test and develop, research and implement), but is overall the path which leads one to the ethical hacker path of trying to exploit systems in order to harden them even better.

    Personally, I do not count myself expert enough in the subject matter at hand (still a relative n00b in this particular field of IT), so take most of what I said with a grain of salt. I guess in the end "IT Security" is what you make of it, and everyone has a way of identifying a basis for security in their current infrastructure.
     
    Certifications: MCSE, MCITP, MCDST, MOS, CIW, Comptia
    WIP: Win7/Lync2010/MCM

Share This Page

Loading...