Starting out in security

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi,

I was wondering what you guys would consider the "first line" in an IT security job. For you guys that are security pros now, what type of tasks did you perform to start building on that all essential experience?

I imagine that at the beginning there is a lot of log auditing, monitoring, response to basic threats, user awareness/education?

Cheers for any thoughts.

 

Cheers for the comments. I got the security+ but there is still a mountain of reading to do. I know what you mean about continuing the MSDST. I have studied the books, used the knowledge to improve what I do in the day, but not yet taken the exams. Recently, I have been looking at developing a more in depth knowledge about AD/windows server environment as thats the technology I work with. So what you are saying about hitting the MCSA while maintaining the angle on security study is spot on.

I know what you mean about the CISSP - 6 hour exam, 250 questions! I did some premilinary reading and as it describes the cert as a "mile wide and an inch deep". Also, its not just the exam you need to worry about, but the ongoing commitment that comes with this certification, the recertification, and the fact you have to have 5 years proven security experience under your belt before they even give you the cert.

I found the MS learning path for security interesting and will follow that in my own time as well as following the SANS security white papers. Have you read any of these?

 

There's not really a "first line" IT security job. Most people who get into IT security learn by doing network administration first (and you've probably seen enough posts by now to know the steps to get up to network administration, right?).

 

How was the course? Just checked out the website - and it looks intense. Does it differ much from CEH?

Cheers for all the tips, after sleeping on it, it's MCSA here I come

 

If you've got 6 months of server administration experience, that's a good cert to get.

 

Yep got about a year and a half now

 

well done on the pass Congratulations.

 

The easiest "Security" path I've found so far (from working in such a position), is to begin by having a good understanding of, and being able to enforce policies in a manner which makes sense to others.

Just as an example, few people these days truly comprehend why certain things should not be done in a certain manner. Simple examples would be "replying to a spammer" or "sending a password for a sensitive account, via email, to a huge distribution list".

It just doesn't register bells in some people, so the next step is to begin enforcing manners in which some of this at the very least can be avoided by either improving communication (telling people to not reply to emails, or to never divulge passwords) or improving the systems (block all spam mail whenever possible so that it doesn't reach the recipient, or never provide systems passwords to anyone or at the very least, have a centralised system which regularly changes the password for service account and the like with zero user intervention and knowledge).

All of the above is just the tip of the iceberg of course. Just the bare essentials.

Once you dig deeper, you find the joys of auditing, or even better, the joys of system hardening (takes considerably time to test and develop, research and implement), but is overall the path which leads one to the ethical hacker path of trying to exploit systems in order to harden them even better.

Personally, I do not count myself expert enough in the subject matter at hand (still a relative n00b in this particular field of IT), so take most of what I said with a grain of salt. I guess in the end "IT Security" is what you make of it, and everyone has a way of identifying a basis for security in their current infrastructure.