Thursday, October 23, 2014

Security as a Career

Career and soul searching ? In high school and just starting to think about college? In college for computer science but not sure what you want your first job to be? Been working in IT for many years but looking for something else?

Security has quickly become a viable option with a promising outlook. From my experience I see this arena as wide open and struggling to find strong talent with a dedication to security.

With all the news about Heartbleed, Shellshock, Samdworm, and Poodle ... Plus all the stories about Russian espionage , Chinese hacktivism, Retail outlet POS breaches, etc .., it's clear to me that when looking at the industry as a whole the bad guys are winning.

Thus we need you to step up and help build and and strengthen the army of good guys!

If your concerned about where or how you'd fit in, don't be. The good news is I am certain no matter what your area of expertise is, there is a need for you to step up and solidify the security in that area.

  • Are you a database guru? Know your SQL inside and out? Great! Nearly all of the industries information that needs protecting is stored in a database, so securing them is crucial!
  • Are you a website guru? Know your forms, JavaScript, etc? Awesome! Websites are the prime target for most attacks because of their public exposure to the world. And currently there are too many people building them, many which don't truly understand what they're doing ... They need your help to understand attacks and mitigate them.
  • Are you an application guru? Building windows apps, intranet sites, Sharepoint pages, etc? Sweet. That is one of the biggest holes in our industry right now is once you're beyond the firewalls and inside the network. Insider attacks are generally more costly to a company than any other attack ... And in general internal apps are given the Least scrutiny and most lax in terms of security ... so they certainly need your help understand in the basics of secure development !
  • Are you a network guru? If you're familiar with routers, switches, and firewalls then it's a pretty logical leap to make to the security realm. Your help would be greatly appreciated!
  • Are you a system administrator? Familiar with patching servers, setting up accounts and permissions? Your type of knowledge is greatly needed in the security arena.
  • Are you more of the management type? There are lots of opportunities to lead and coordinate Security Incident response events, to perform Risk Management, deal with compliance and auditing. If you like those things your help is needed!
  • Are you an Assembly programmer? You could jump right into Malware analysis!
  • Are you a help desk/custom service type person? You could get involved in the day to day action of Security Operations!

Security can be a daunting task, because the landscape is constantly changing. The required skillset is ever growing. You need to know about and manage all network types, all applications, all operating systems, etc.

Whatever your skill or background, as long as you're willing to get excited about security, be energetic, and have a desire to learn ... then consider making Security a career choice. The industry as a whole needs you.

If you're not up for the move quite yet, at a minimum you should learn security and start using it daily in your current role. Start writing more secure code. Start closing the wholes in your network. Start locking down your servers. Start patching your applications. Stay on top of your game and read the security news/blogs. Be that pro-active voice in your team meetings suggesting changes to improve security.

I look forward to seeing your positive contributions in action!

Bonus Blogging!

Wondering where to get started? Here's my tips:
  • Learn Networking & the OSI model and play with a tool called Wireshark
  • Once you're comfortable with that, get VMWare Workstation or Oracle Virtual Box installed
  • Download Kali Linux in a VM and experiment with all it's tools such as starting with nmap
  • After a while, consider getting other older OS's in a VM, then using Kali Linux's metasploit software against those Old OS's to practice understanding how exploits work

Copyright © 2014, this post cannot be reproduced or retransmitted in any form without reference to the original post.