Post Reply 
 
Thread Rating:
  • 1 Votes - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Information Security as a Career
12-16-2011, 02:36 PM (This post was last modified: 12-19-2011 11:06 PM by manu_zacharia.)
Post: #1
Star Information Security as a Career
One of most encountered question when it comes to Information Security is how can I build a career in Information Security?

Introduction

Information security can be basically divided into the following:
  • Information Security (Technical), and
  • Information Security (Management)

It can also be divided based on the security nature as follows:
  • Defensive Security, and
  • Offensive Security

Job Profiles

Various job profiles are there in the security industry. Some of most demanded job profiles are listed below based on the nature and role categorization:

[Image: 95287039.png]
[Image: 68389962.png]

Apart from the above mentioned categories and job profiles, there is another domain which is generally considered as an information security career - Digital / Cyber Forensics. Some of the job profiles under the forensics category are:
  • Forensics Analyst
  • Forensics Investigator
  • Forensics and Fraud Detection Manager

The basic foundation skills-set required for a Forensics Investigator is very similar to that of a security professional as both deals with systems, networks and processes.

Where to start??

As an information security enthusiasts, you should first select which row, column or cell you prefer to work. As a fresher you have to get into one of the cell and then can grow vertically or horizontally. In this post, I will try to concentrate more on the Information Security (Technical) side.

Common Sense:
Simple common sense, which is very un-common to find, is one of the pre-requisite to become a good security professional.

Master the Trio
To excel in security, a good command over the following is recommended:
  • Operating System
  • TCP / IP and Networking Concepts
  • A good command over two or three programming / scripting langugages.

OS Learning

There is a general misconception that mastering *nix systems makes you a good security professional, which is not true. Yes, it will make you a *nix security professional, but not a good Security Professional. If you are working only with *nix systems, then it makes sense to master only that technology. However, in the present scenario, it is very difficult to find a non-heterogeneous network. So the ideal way is to starting working on two platforms / Operating Systems so that you have good understanding of both the systems. Try to automate the OS / System tasks using the inbuilt scripting languages like Bash / awk in *nix and Batch File programming and Power Shell in windows systems. This will make your life easier when you handle programming languages in the future.

TCP/IP and Networking

Most of the basic networking can be covered as part of your OS study. However, an in-depth understanding requires additional effort and commitment. RFC + a good network sniffer like tcpdump or wireshark will help you with this task. Develop your skills to a level where you can read the raw header of Ethernet, TCP, IP, ICMP and ARP protocols.

Programming / Scripting Skills

To start off with you can select one compiler based language like C or C++ and an interpreted / scripting language like Python or PERL. Once you have pretty good command over the above two categories, you can get into assembly and debugging which will help you communicate with the systems at a low level. Assembly language will help you get into domains like reverse engineering and malware analysis.

Division multiplies the operands i.e. Sharing doubles your knowledge level

I know it’s a confusing title, but knowledge is gained and doubled, only when you share it. Create the habit of sharing what you learned. Mentoring is synonymous to mastering.

Summary

Getting into security domain is not an herculean task if you know your goals. Planning is of upmost importance and remember change is inevitable. Technology change, so does the vulnerabilities, and so does the security scenario. Cultivate the habit of adapting to new environments. It is a challenging domain, not for the weak-hearted.

So find a good mentor, grab your arsenal, let the world know your fire power....

Happy Hacking Smile

Manu Zacharia
C|EH, C|HFI, CCNA, MCP
Certified ISO 27001-2005 Lead Auditor
MVP-Enterprise Security(2009-2012), ISLA-2010 (ISC)²

http://www.matriux.com | http://www.hackit.co | http://www.informationsecurityday.com
Find all posts by this user
Like Post Quote this message in a reply
[-] The following 5 users Like manu_zacharia's post:
(01-19-2017), (10-02-2016), (09-22-2015), (05-20-2014), niraj_mohite (01-15-2012)
12-18-2011, 11:31 PM
Post: #2
RE: Information Security as a Career
Sirr please upload fast Wink
Find all posts by this user
Like Post Quote this message in a reply
12-19-2011, 11:08 PM
Post: #3
RE: Information Security as a Career
(12-18-2011 11:31 PM)hacksid369 Wrote:  Sirr please upload fast Wink

Updated Smile

Manu Zacharia
C|EH, C|HFI, CCNA, MCP
Certified ISO 27001-2005 Lead Auditor
MVP-Enterprise Security(2009-2012), ISLA-2010 (ISC)²

http://www.matriux.com | http://www.hackit.co | http://www.informationsecurityday.com
Find all posts by this user
Like Post Quote this message in a reply
05-18-2012, 05:49 PM
Post: #4
RE: Information Security as a Career
Another good read for year 2012

How to Become an IT Security Expert in 2012 - http://www.cisco.com/cisco/web/solutions...index.html

Manu Zacharia
C|EH, C|HFI, CCNA, MCP
Certified ISO 27001-2005 Lead Auditor
MVP-Enterprise Security(2009-2012), ISLA-2010 (ISC)²

http://www.matriux.com | http://www.hackit.co | http://www.informationsecurityday.com
Find all posts by this user
Like Post Quote this message in a reply
07-09-2012, 02:19 PM
Post: #5
RE: Information Security as a Career
This is what Bruce Schneier has to say:

http://www.schneier.com/blog/archives/20...e_a_1.html
Find all posts by this user
Like Post Quote this message in a reply
02-21-2013, 01:21 PM
Post: #6
RE: Information Security as a Career
A very good introduction to Penetration Testing and how to build you career in Pen Testing from - eLearnSecurity - Armando Romeo - http://www.elearnsecurity.com/collateral...beginners/

Manu Zacharia
C|EH, C|HFI, CCNA, MCP
Certified ISO 27001-2005 Lead Auditor
MVP-Enterprise Security(2009-2012), ISLA-2010 (ISC)²

http://www.matriux.com | http://www.hackit.co | http://www.informationsecurityday.com
Find all posts by this user
Like Post Quote this message in a reply
04-26-2013, 03:06 PM
Post: #7
RE: Information Security as a Career
(12-16-2011 02:36 PM)manu_zacharia Wrote:  One of most encountered question when it comes to Information Security is how can I build a career in Information Security?

Introduction

Information security can be basically divided into the following:
  • Information Security (Technical), and
  • Information Security (Management)

It can also be divided based on the security nature as follows:
  • Defensive Security, and
  • Offensive Security

Job Profiles

Various job profiles are there in the security industry. Some of most demanded job profiles are listed below based on the nature and role categorization:

[Image: 95287039.png]
[Image: 68389962.png]

Apart from the above mentioned categories and job profiles, there is another domain which is generally considered as an information security career - Digital / Cyber Forensics. Some of the job profiles under the forensics category are:
  • Forensics Analyst
  • Forensics Investigator
  • Forensics and Fraud Detection Manager

The basic foundation skills-set required for a Forensics Investigator is very similar to that of a security professional as both deals with systems, networks and processes.

Where to start??

As an information security enthusiasts, you should first select which row, column or cell you prefer to work. As a fresher you have to get into one of the cell and then can grow vertically or horizontally. In this post, I will try to concentrate more on the Information Security (Technical) side.

Common Sense:
Simple common sense, which is very un-common to find, is one of the pre-requisite to become a good security professional.

Master the Trio
To excel in security, a good command over the following is recommended:
  • Operating System
  • TCP / IP and Networking Concepts
  • A good command over two or three programming / scripting langugages.

OS Learning

There is a general misconception that mastering *nix systems makes you a good security professional, which is not true. Yes, it will make you a *nix security professional, but not a good Security Professional. If you are working only with *nix systems, then it makes sense to master only that technology. However, in the present scenario, it is very difficult to find a non-heterogeneous network. So the ideal way is to starting working on two platforms / Operating Systems so that you have good understanding of both the systems. Try to automate the OS / System tasks using the inbuilt scripting languages like Bash / awk in *nix and Batch File programming and Power Shell in windows systems. This will make your life easier when you handle programming languages in the future.

TCP/IP and Networking

Most of the basic networking can be covered as part of your OS study. However, an in-depth understanding requires additional effort and commitment. RFC + a good network sniffer like tcpdump or wireshark will help you with this task. Develop your skills to a level where you can read the raw header of Ethernet, TCP, IP, ICMP and ARP protocols.

Programming / Scripting Skills

To start off with you can select one compiler based language like C or C++ and an interpreted / scripting language like Python or PERL. Once you have pretty good command over the above two categories, you can get into assembly and debugging which will help you communicate with the systems at a low level. Assembly language will help you get into domains like reverse engineering and malware analysis.

Division multiplies the operands i.e. Sharing doubles your knowledge level

I know it’s a confusing title, but knowledge is gained and doubled, only when you share it. Create the habit of sharing what you learned. Mentoring is synonymous to mastering.

Summary

Getting into security domain is not an herculean task if you know your goals. Planning is of upmost importance and remember change is inevitable. Technology change, so does the vulnerabilities, and so does the security scenario. Cultivate the habit of adapting to new environments. It is a challenging domain, not for the weak-hearted.

So find a good mentor, grab your arsenal, let the world know your fire power....

Happy Hacking Smile

Helpful information
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)