Linux security focus

Lisa Kachold lisakachold at obnosis.com
Wed Mar 13 12:27:04 MST 2013 

Hans has mentored Linuxities in Phoenix (and California at ScaLe) for many
years now and is supposed to be a fair teacher.

Security careers are not just pursued through any one arena.

WE ARE ALL responsible for SECURITY in our own lives, with technology, and
in our professions.

Security compartmentalization can be a huge problem, especially when we
attempt to educate the masses.

The best way to get into security is to DO IT.  Since there is a great deal
of material covering the full OSI stack, and many protocols, we suggest
that you attend DefCon in Las Vegas.  Also, studying for and taking ANY
certification is one of the requirements.

After you have one or two respectable certs to your name, you can pretty
much work anywhere.  They are not going to quibble about less than 2 years
experience.  You can gain experience by attending local events from UAT, to
DeVry Hackfests, to OWASP monthly groups.

Assuming and requiring someone else will "educate you" is antithical to
hacker thinking.  You have the ability to "go look".  You can by taking
things apart, start observing (using regular tools from Firefox Developer
plugin to gdb, to an inline sniffer) security behaviors.

I recommend you go to the Phoenix Public Library and read every Security
book they have (excluding fiction).   They have a few study guides as well
for certifications.  It's recommended that you take a class ONLY if you
don't feel confident to go through the materials and take the test
successfully.   I recommend that you also READ the full OWASP site, and
play with the various security distros and tools (Nexus scanning, free scan
tools and network discovery tools).

Somewhere along the line you will find an affinity to one area:  forensics,
virus, VLAN Layer 3/VPN, application including SQL injection, web
applications, bluetooth, wireless, buffer overflow/fuzzing, systems
exploits via patch management holes, human social engineering.    While you
might get glazy-eyed with one particular area of security, it's doubtful
you will actually have the opportunity to work in that one area.

Most baby security analysts (without a 4 year degee) are ticket hockey
resources, as I have said before.  If you have the capacity for pure
research, or coding, you can write plugins for Metasploit for instance  -
getting a name for yourself via your open source contributions.   Putting
up a blog and hanging out your shingle (after you have a certain
confidence) for the purposes of scanning web systems or assisting with post
exploit forensics.   Putting on presentations for local groups and
submitting to DefCon is you have something really cool or noteworthy (which
will come from full immersal into all things security) will get you noticed
and raise your stock.

Again, while a degree or classes are NOT necessary, some employers, like
the NSA and Federal Government require education for each one of their GS
levels.  They do hire contractors from time to time, but if you plan to
work on the cutting edge of cyber security - government is where it's at.


So, I will question you:

1) Do you have a copy of Backtrack5 or another exploit distro available and
have you going through the tools available?
2) Have you watched every video available on YouTube?
3) Have you scanned or tested your own systems?

Those are basic things we all need to be doing (not just security
professions) but it gives you a place to start.


On Wed, Mar 13, 2013 at 1:07 AM, der.hans <PLUGd at lufthans.com> wrote:

> Am 12. Mar, 2013 schwätzte blake gonterman so:
>
> moin moin blake,
>
>
>  I attended a few of the stammtisches a few years back, but kind of fell
>> out
>> of the Linux community...
>>
>
> General topics meeting this Thursday at Iguana Mack's and Stammtisch there
> next Tuesday :). Lisa mentioned the hackfests as well.
>
>
>  I've been working at a medium sized company trying to figure out where to
>> go next. A coworker of mine is suggesting I go down the road of Unix
>> security. To that end, I've built a small lab at home and have started
>>
>
> The quarter is just starting, so you can get into a GNU/Linux Security
> class at a community college if you want.
>
> Get into Chris' class in Mesa if you can, but you'll need an override from
> him. Or get into Joey's class in Goodyear.
>
> http://classes.sis.maricopa.**edu/index.php?keywords=**
> cis271dl&subject_code=any&all_**classes=true&terms[]=4132&**
> credit_career=B&credits[min]=**gt0&credits[max]=lte9&start_**
> hour=any&end_hour=any&**startafter=&instructors=<http://classes.sis.maricopa.edu/index.php?keywords=cis271dl&subject_code=any&all_classes=true&terms[]=4132&credit_career=B&credits[min]=gt0&credits[max]=lte9&start_hour=any&end_hour=any&startafter=&instructors=>
>
> MCC now has a student group focused on security as well.
>
> Also, get into CactusCon if you can.
>
> http://www.cactuscon.com/
>
>
>  getting back into learning to tools available. I'm not looking for a
>> glamorous pentesting position, just a functional security position focused
>> on Linux.
>>
>> I'm curious what people already in the field are focused on these days. I
>> have quite a bit of experience with FIM (tripwire) and I'm focused on
>> mcafee Web gateway at work currently.  Once my contract is over at the end
>> of the year, I want to focus on more Linux relayed work.
>>
>> So, is there a need for a dedicated Linux security person here in the
>> valley, or should I focus on the sysadmin portion and work security into
>> the mix?
>>
>
> There will increasingly be a need for security professionals. It's the
> nature of society.
>
>
>  By the way, I have the RHCSA certificate, I just decided standard sysadmin
>> work wasn't for me.
>>
>
> There's a RH security cert as well. Estrella is probably the route to go
> if you want to pursue that.
>
> ciao,
>
> der.hans
> --
> #  http://www.LuftHans.com/        http://www.LuftHans.com/**Classes/<http://www.LuftHans.com/Classes/>
> #  Intelligence without compassion is a waste.  -- der.hans
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



-- 

(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
it-clowns.com
Chief Clown
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20130313/37140a23/attachment.html>

More information about the PLUG-discuss mailing list