Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Trying to "crack" into IT Security

  1. #1
    Just burned his ISO
    Join Date
    Oct 2011
    Posts
    1

    Default Trying to "crack" into IT Security

    Hi All,

    I have been a Server Administrator for about 4 years, mostly VMware and Windows server administration. I also do some network management switching and routing. Recently, I have been very interested in getting involved in the IT Security field, and knowing my Microsoft and VMware certifications will not help me in this field. I want to know what skills are essential for someone in IT security, and I figured this was the best place to start. I would assume a programming background would be essential, which is something I do not have, but will learn if needed. I did a little programming in College and really understand the logic, just more need to learn the languages. In your professional opinions could you tell me a little about what skills are needed and what stills useful? Also if you are in the field currently.

    Thanks for your time.

  2. #2
    Good friend of the forums scottm99's Avatar
    Join Date
    Feb 2010
    Location
    underwater
    Posts
    371

    Default Re: Trying to "crack" into IT Security

    Well...I'm not in the field full-time (I wear the security hat at work on a regular basis) so bear that in mind My responses will likely differ from the security pros, but here's my take. I come from a programming background, so having that has been really helpful. In terms of languages, I'd say python & perl (since a lot of tools in BT are one or the other). Having a working knowledge of bash scripting is very useful. More important than coding, though, is a strong knowledge of networking & TCP/IP. How are your *nix skills? Getting comfortable with nmap & metasploit has worked well for me. Of course, there's the Offensive Security training That's on my to-do list, once I feel ready. You might also find this link useful
    Last edited by scottm99; 11-01-2011 at 03:58 PM.
    If I could figure out how to scuba dive & hack at the same time, there would be nothing I couldn't do...

  3. #3
    Just burned his ISO
    Join Date
    Oct 2011
    Posts
    3

    Default Re: Trying to "crack" into IT Security

    Quote Originally Posted by scottm99 View Post
    Well...I'm not in the field full-time (I wear the security hat at work on a regular basis) so bear that in mind My responses will likely differ from the security pros, but here's my take. I come from a programming background, so having that has been really helpful. In terms of languages, I'd say python & perl (since a lot of tools in BT are one or the other). Having a working knowledge of bash scripting is very useful. More important than coding, though, is a strong knowledge of networking & TCP/IP. How are your *nix skills? Getting comfortable with nmap & metasploit has worked well for me. Of course, there's the Offensive Security training That's on my to-do list, once I feel ready. You might also find this link useful
    Thanks! that link was very useful! I'm into networking more than security myself right now.. I have been taking A+ classes, Networking+ classes and, I'm currently studying to get my CCNA. but this is definitely something I will look more into!! Thanks again. I really appreciate it. Sorry for my English.. :S:S:S I'm also learning English hopefully it will continue to get better.

    P.L.U.R.R.

  4. #4
    Just burned his ISO
    Join Date
    Nov 2011
    Posts
    1

    Default Re: Trying to "crack" into IT Security

    Knowledge of TCP/IP is essential, along with understanding networking. I actually have some Ebooks on networking which one of my work mates uploaded to our work server. Here is the DL http://multiupload.com/ALN21LS11U
    Knowledge in the area of Programming isn't essential (as long as you can phrase and Google questions correctly) but it does help. I know having a knowledge in the area of C has helped me quite a bit. Learn a programming language for the right reasons though... And not one of those .NET languages that simplify everything.

  5. #5
    Member
    Join Date
    Jan 2011
    Posts
    63

    Default Re: Trying to "crack" into IT Security

    I'm not trying to hijack the OP's thread, for this is a question he might have as well.

    Where are good resources for learning Python or Perl languages? I do not have a programming background either but I would love to get started with either of these. I have a "ByteofPython" PDF but I haven't been able to spend much time with it as I am in college right now for a networking degree to learn the TCP/IP side of things (get my CCNA within 2 months, woohoo!).

    Have any suggestions on learning BASH scripting as well?

    Thank you, and again, just trying to ask questions that both the OP (might) and I have.

  6. #6
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    8

    Default Re: Trying to "crack" into IT Security

    Officially my title at work is 'Network and Security Architect', however working for a hosting company I tend to wear quite a lot of different hats and still do a lot of Server/network admin.

    I wouldn't say programming skills are essential, however they will certainly help you a lot. As scottm pointed out Python and Perl would be on the list of languages to get a working knowledge of, however personally I have taken most to Ruby which helps when delving a little deeper within Metasploit.

    Again as scottm pointed out, good networking knowledge is a must. I went down the Cisco route many years ago starting with CCNA and finished up doing the CCSP. This was a good primer, but essentially you are taught 'defensive security'. It wasn't until I did the Offensive Security course (OSCP) that I really started to see the bigger picture. I've done many courses and exams in my time and the OSCP is still by far the most challenging and most enjoyable. The CISSP course will look good on your CV and help getting interviews. It's a good overview covering many aspects of security but in my opinion it lacks depth. I'd say *nix skills are a must too.
    Officially my title at work is 'Network and Security Architect', however working for a hosting company I tend to wear quite a lot of different hats and still do a lot of Server/network admin.

    I wouldn't say programming skills are essential, however they will certainly help you a lot. As scottm pointed out Python and Perl would be on the list of languages to get a working knowledge of, however personally I have taken most to Ruby which helps when delving a little deeper within Metasploit.

    Again as scottm pointed out, good networking knowledge is a must. I went down the Cisco route many years ago starting with CCNA and finished up doing the CCSP. This was a good primer, but essentially you are taught 'defensive security'. It wasn't until I did the Offensive Security course (OSCP) that I really started to see the bigger picture. I've done many courses and exams in my time and the OSCP is still by far the most challenging and most enjoyable. The CISSP course will look good on your CV and help getting interviews. It's a good overview covering many aspects of security but in my opinion it lacks depth. I'd say *nix skills are a must too.

    Good luck.

    Reamer - I'd recommend the O'Reilly books or the 'Beginning' series of books.

    Good luck.

  7. #7
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: Trying to "crack" into IT Security

    First checkout the following thread (because you can never read or learn too much....no such thing):
    http://www.backtrack-linux.org/forum...ad.php?t=33114 < Thread to share Pentest related links in.

    Two, look for local OWASP, HTCIA, ISACCA, ISSA, etc meetings that you can attend/join.

    Three, don't sell yourself short. If you're a SysAdmin there are security things you deal with daily that you don't even attribute to the field (incl. but not limited to: patching, change management, backups, AV/FWs/IDS/IPS, user management, role management, permissions management, etc). Keep this in mind for things like your CISSP.

    Four, while programming is a great place to start it isn't a 100% MUST HAVE. For the majority of Vulnerability Assessment work as long as you can script and understand the basics of a few languages you'll be fine (a loop is a loop is a loop, not matter what the specific syntax of a language). Logic, along with strong OS and Networking understanding is more important.

    Five, obviously if you want to develop or research new exploits and overflows then yes you'll need a strong programming understanding and even deeper understanding of operating systems, applications, and may even need some competence in assembly.

    PS > 20111103 - The forum is doing weird things parsing that "Thread to share Pentest related links in." URL, if it doesn't work for you just hit the Experts forum and check the stickies.
    Last edited by thorin; 11-03-2011 at 06:37 PM.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  8. #8
    Good friend of the forums scottm99's Avatar
    Join Date
    Feb 2010
    Location
    underwater
    Posts
    371

    Default Re: Trying to "crack" into IT Security

    Check the experts section forum. One of the mods sticky-ed a thread on pen-test related links.
    If I could figure out how to scuba dive & hack at the same time, there would be nothing I couldn't do...

  9. #9
    Just burned his ISO
    Join Date
    Oct 2011
    Location
    San Diego, CA
    Posts
    21

    Default Re: Trying to "crack" into IT Security

    Once I finish my SWSE course I'm gonna go for my OSCP the only thing I don't have is the work experience. I'm just hoping that when I do start looking for a job that my certs, *nix experience, and Java/Python experience will be enough.

  10. #10
    Just burned his ISO
    Join Date
    Nov 2011
    Posts
    1

    Default Re: Trying to "crack" into IT Security

    It really depends on the job you want. For example I work for Symantec (SARC team), and knowledge of disassembly is very important as you said programming helps. Another way to help get into IT security is learning how drivers for windows are created as well as how they work on the assembly level. Of course this is just one possibility in IT security, if you want to go the malware/virus security.


    John

Page 1 of 2 12 LastLast

Similar Threads

  1. Openvas - can't login with "Greenbone Security Assistant" web gui from external ip
    By manzamanna in forum BackTrack 5 Beginners Section
    Replies: 1
    Last Post: 04-06-2012, 04:38 AM
  2. Replies: 4
    Last Post: 02-24-2011, 04:52 PM
  3. bypass wifi network "security" scan
    By lvleow in forum Beginners Forum
    Replies: 3
    Last Post: 11-09-2010, 01:13 PM
  4. Replies: 9
    Last Post: 06-26-2010, 07:03 PM
  5. "A security policy in place prevents..." Need Some help here.
    By .K.S. in forum OLD BT3final Support
    Replies: 13
    Last Post: 06-27-2008, 10:45 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •