Results 1 to 9 of 9

Thread: Skills needed for security experts

  1. #1
    Senior Member SephStorm's Avatar
    Join Date
    Aug 2008
    Posts
    166

    Default Skills needed for security experts

    What skills should someone who is interested in being a security expert be focusing on? Firewall implementation? IDS/IPS configuration? Straight up technical knowledge?
    "You're only smoke and mirrors..."

  2. #2
    Junior Member
    Join Date
    Jan 2010
    Location
    Canada
    Posts
    84

    Default

    Understand TCP/IP To The Level Where you could (if need be) implement it all in RAW sockets. (Dont actually do this if you dont have a death wish, but just understand it enough )


    Learn to Program, I suggest C(++) and ASM as your low Level Programs, and Python and Shell Scripts as your Higher Level.


    Learn the CLI, it is all possible in the GTK, but nothing beats a good old:
    ls -Rla / | grep -e "wsr" -e "\-sr" -e "ws\-" -e "\-s\-"
    To get a list of SUID Binaries on the system. (In case anyone didnt get it)


    I hate to sound Cliche, but learn Linux, aside from the obvious (tools are made for it), theres also the whole "you get way more freedom to do things like inject modules and all that great stuff"


    If at all possible, learn physical security, and social engineering + hardware hacking. I havent really found my niche yet, but being able to tailgate to get in to a building, pick a lock to get into the sesitive areas where tailgating isnt possible. Then slice an ethernet cable and make my own connection into their network is a nice feeling.

  3. #3
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Don't forget regular expressions
    dd if=/dev/swc666 of=/dev/wyze

  4. #4
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by SephStorm View Post
    What skills should someone who is interested in being a security expert be focusing on? Firewall implementation? IDS/IPS configuration? Straight up technical knowledge?
    I think your question is too general, there are many different specialties within the IT security field such as incident response, penetration testing, forensics, security administration, etc, and each will have different skill requirements. Even within those areas there can be further specialties (such as wireless pen testers, web app pen testers, network pen testers, network forensics, non volatile storage forensics, etc).

    In addition, many security related positions (jobs) would require different levels of skill in each of those areas.

    If you're asking because you want to know what you should learn, then the answer depends on the potential job you want to get and what type of duties you will be performing.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  5. #5
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by SephStorm View Post
    What skills should someone who is interested in being a security expert be focusing on? Firewall implementation? IDS/IPS configuration? Straight up technical knowledge?
    All of the above, plus:
    • Good communication skills (written and oral)
    • Interest in learning and reading constantly
    • Networking Knowledge
    • Understanding of protocols
    • Scripting skills
    • etc


    While our focus is security it seems that the most talented people who do things like Vulnerability Assessment, Penetration Testing, and Threat and Risk Assessment are usually "jack of all trades" type people.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  6. #6
    Member PeppersGhost's Avatar
    Join Date
    Jan 2008
    Posts
    204

    Default

    What everyone said and the obvious Security+ with CISSP.
    <EeePc 1000HA BT4/W7 USB boot Alfa500 GPS BlueTooth>

  7. #7
    Senior Member SephStorm's Avatar
    Join Date
    Aug 2008
    Posts
    166

    Default

    no offense to any here, but I am tired of CISSP. To many people asking for it, not enough people applying it, IMO. While I respect ISC2, and their certs, but when you have a "industry standard" the HR departments tend to throw out the guy who can protect their organization, for the guy who has CISSP. I personally would never say "MCSE required, CISSP required.".

    That is why certifications have been devalued. Take me for example. I studied for my Sec+, I have a good grasp of the knowledge, but in this economic situation, I cant pay to take the test. How many doors does that close for me? How many organizations are currently insecure because they want a certified professional, instead of someone who can get the job done?

    Right now, closest I plan on going is SSCP. That is enough for me as an individual. Maybe my job will require it. maybe I'll get it, or maybe i'll go do something else I enjoy.
    "You're only smoke and mirrors..."

  8. #8
    Junior Member
    Join Date
    Jan 2010
    Location
    Canada
    Posts
    84

    Default

    Quote Originally Posted by wyze View Post
    Don't forget regular expressions
    lol like this:

    ls -anR / | grep "^[^/]..s"


  9. #9
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by HitThemLow View Post
    lol like this:

    ls -anR / | grep "^[^/]..s"

    No, I believe he meant things like:

    How's the weather?

    Do you want fries with that?
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •