PDA

View Full Version : Becoming system security analyst? How?



jbaerbock
August 10th, 2007, 08:03 AM
Hi I am just attempting to complete my college degree and was wondering which computer degree would be best for a information system security possition. I'm looking to get into a career in which my job is to test network security and set up network security and monitor network security. Which career would be best for that and which degree would work out best for that? Also any recommendations on a good entry level position which would give me some experience in that general area?

Also any documentation about testing windows security via a linux machine or testing linux/windows server security and network in general security from a Linux (Kubuntu specificaly) machine would be useful in expanding my experience in that area.

Any advice would be greatly appreciated since I am kind of lost as to how to get to my goal.

ahvargas
August 10th, 2007, 08:30 AM
You can play with nmap and nessus.
If you want a good sniffer try snort.

mips
August 10th, 2007, 09:40 AM
I don't really know about degrees but I gather they will just scratch the surface and give you a basic security base to work from.

Certifications would be more specific and probably more attractive to employers but get a degree first !

You can look at:
https://www.isc2.org/cgi-bin/index.cgi
http://www.cisco.com/web/learning/le3/le2/le41/le85/learning_certification_type_home.html
http://www.cisco.com/web/learning/le3/le2/le37/le54/learning_certification_type_home.html
http://www.cisco.com/web/learning/le3/ccie/security/index.html

MrHorus
August 10th, 2007, 12:19 PM
I'm looking to get into a career in which my job is to test network security and set up network security and monitor network security.

The best path IMO would be to try and get a job as a junior sysadmin.

You will get a lot of exposure to the day to day processes of looking after systems, including patching and vulnerability scanning and so on.

Once you have done that sort of work for a few years and have a feel for it, then you could start looking for a specialised security job but don't be under any illusions that you can just leave college and walk into a security job with no experience or proven track record - if a company is going to trust you with their systems then they want proof that you know what you are doing.

jbaerbock
August 10th, 2007, 05:51 PM
Yup they always want experience, my brother (a sys/net admin of 5 years now) advised try to get an assistant admin job too and try that out for a few years. I have most of my college degree done but have a few credits left so yeah. Thanks for all the advice thus far!

toupeiro
August 10th, 2007, 07:04 PM
There is a certification called CISSP which is very sought after by IT-Centric businesses. While its a vendor cert (all of them are, MCSE, RHCE etc etc..) I would seriously consider having this one under your belt at some point if security is where you want to specialize.

jbaerbock
August 10th, 2007, 08:35 PM
Been looking in areas of network security along with Unix/Linux Systems Admin. Definitly want to use linux in whatever i do :D.

amlucent23
August 10th, 2007, 09:06 PM
Hello..

Some advise for you. I am a senior systems admin supporting the largest corporation in the world (Im sure with a tiny bit of googleing you can find out where- I work out of Detroit). myself and my team are responsible for approx 600 Windows based servers and about 300 Solaris Unix machines in North America. I am young but I have been in this field going on 5 years ever since I got out of college. That said, finishing your degree is advisable however in this field a degree doesn't mean what it use to! I only have an associates degree in liberal arts and I will tell you that I can work circles around some masters degrees that I work with here.

I am telling you to go ahead and finish your degree but you should not expect your journey to stop there, not even close. If security is your aim (which it should be, security is HOT.. BIG MONEY HOT! MAKE MORE THAN GOOD DOCTORS AND LAWYERS HOT!), I would also recommend you pass these certification exams at some point I have listed them in no particular order:

- Comptia Security + (this is an entry level security certification, you should be able to pass this now with little studying)

- MCSE + Security (this is an expensive series of exams however they are not very difficult and I can give you advise on how to go about it cheaply)

- Cisco CCSP (These are tough tests and they are nearly as expensive as the Microsoft exams however if you complete the CCNA portion you can finish the remainder after you start making better money)

- CISSP (This is the granddaddy oldest/most respected security certification in the industry. It will be difficult)

- CEH or Certified Ethical Hacker (This is a new exam that is quickly gathering steam in the industry and the exam is layed out in a manner which challenges your security understanding across multiple platforms, as you would find in a real world corporation. This one is fun to learn, dont be scared of it.. it will teach you how to hack and think like a hacker)

If you want to hit the ground running while your learning in college take these exams. Particularly the Security + (its only one test.. cost you like $200), CCNA (this will only cost $125 but it introduces some network ideas/technologies that you may not be familiar with. Also it is fairly vendor specific), and MCSE (its windows so its not very hard but its around 8 exams at $125 each.. however your Sec + will count as one)

I recommend you take these while your in college because you will find that you will do better while the knowledge your learning there is fresh in your head also you are use to studying (as opposed to latter in life when you have a family).

I will go ahead and tell you that I have found that many company s prefer your certifications opposed to your degree.

You probably notice that I have not listed any linux or unix certs here that is because around 90% of companys will not have the junior admin working on a production unix or linux box.. unless he is heavily supervised. But if you feel you must stretch your legs away from the MS Machine.. just take a Comptia Linux +. its cheap and it proves a basic understanding of *nix systems.

wow.. sorry for such a long post but I was once in your shoes and I could have really used some real world advise back then.

jbaerbock
August 10th, 2007, 10:05 PM
Hey thanks for the advise. What material would be the most important to study for a Security+ exam? And what dos the Comptia Linux+ exam all entail as well as what materials are most important to study for that?

jbaerbock
August 10th, 2007, 10:29 PM
Took the network+ practice and for 6 of 9. Security+ 3 of 10 and Linux+ 3 of 10. Means I need more studying lol.

amlucent23
August 11th, 2007, 10:29 PM
Hey thanks for the advise. What material would be the most important to study for a Security+ exam? And what dos the Comptia Linux+ exam all entail as well as what materials are most important to study for that?

no problem glad I could help. As far as the most important material there is no simple answer to that.. depends on how you learn the best. As far as books go I personally have better results with the sybex books (here) (http://www.amazon.com/CompTIA-Security%2B-Study-Guide-SY0-101/dp/0470038217/ref=pd_bbs_sr_1/105-5031419-7038855?ie=UTF8&s=books&qid=1186866258&sr=8-1)
I have also heard the exam crams are good. Personally I try not to learn from the books. I use computer simulations most of the time, I have tons. I like these (http://www.cbtnuggets.com/) and these (http://trainsignal.com/) the best. Now for me I will watch the video training material a couple times over the period of several weeks along with reading the book (but usually only before I go to bed, it makes me tired) then right before the exam I will have a look at a practice test simulator.. like this (http://www.pass4sure.com/) to ensure I am not about to waste my money failing the exam.

In the IT feild most companies love certs. I have gotten jobs that dice.com required certs and a degree and they never even asked me about my degree,they just made sure I had the certs, like my current job! :lolflag:

I dont know what you do for a living but you stated your in college. I can suggest you that if you get a job at a local computer shop and work your way up. Most places like a local geek squad will want you to have a A+ (and preferably a Net +).. but the good news those tests will count towards your MCSA cert.. so in short all this is an investment in yourself. I know those local shops wont pay much to start but after just a few certifications you will find yourself ahead of everyone who works there and youll be ready to move on.

PM me and I will give you some training material so you wont have to shell out money.

tgalati4
August 11th, 2007, 11:00 PM
The quickest way is to hack into a secure US Department of Defense computer system. Make your self known. Get caught. Enter a plea bargain to cooperate. Work for the Department of Defense as a computer network security analyst.

jbaerbock
August 12th, 2007, 04:54 AM
That would be cool, problem is I don't know how to hack into a system that does not have a trojan planted on it for easy access. Trojan hacking i only know from reading haven't tried it yet.