<div dir="ltr">Thank you so much for your answers. Okay... here is what I think I'll do; scripting and linux from scratch first. While programs are compiling with LFS I'll work on python. I have a python book, it is Python, How to Program but it is old (2002). I also have a book entitled "Linux Shell Scripting with BASH". What do you recommend? I think I should do scripting with BASH because, while it too is old (2004), BASH has always been the same and therefore the age of the book is irrelevant (I think).</div>
<div class="gmail_extra"><br clear="all"><div>:-)~MIKE~(-:</div>
<br><br><div class="gmail_quote">On Mon, Aug 26, 2013 at 8:34 AM, George Toft <span dir="ltr"><<a href="mailto:george@georgetoft.com" target="_blank">george@georgetoft.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>To add to what Paul said . . .<br>
<br>
What interests you? I know many sysadmins that don't develop
code; many developers that can't spell Linux (OK, they can, but
they also think 777 permissions fix everything, even access to
data files). I've even met SA's that couldn't script, but that
limits their usefulness and shows a lack of motivation and
curiosity - both highly desirable traits in the workplace. IMHO,
learn scripting not just to learn it, learn it to make your work
more efficient. If you can document some manual task, you can
automate it. Then you can then run that automation on all the
servers in your care and have time left over, which makes you
efficient. In a previous job, I had over twice the number of
servers as anyone else on my team, and four times the company
average because I documented and semi-automated the server build
finishing process, and I automated the daily health check. So all
my servers were consistent (almost identical) and I was done with
my daily routine by 10am. This gave me time to help others,
project work, find ways to improve processes, collateral duties
and irritate management.<br>
<br>
And then there's security . . . I got a phone call one day asking
to speak to the head of IT Security. I work at a large
organization and quickly counted up 11 different security
organizations - which one would you like to talk to? Click.
LOL. We have network, application, infrastructure security
organizations, and their operations, engineering and architectural
groups. And don't forget audit, compliance, and CISO. Most
people think network operations when they think of security, but
there is so much more to it. Looking at the 10 Domains of the
CISSP (Certified Information System Security Professional)
certification shows there is a lot to "IT Security."<br>
<br>
So whereas I hate to see security last in your list (most
companies put security last on their list, too), the reality is
you need to have a solid foundation doing *something* before you
go down that road. Understanding the fundamentals and history
will help, like . . . why is there a shadow file? . . . what is
the directory sticky bit used for? . . . why isn't the classic
File Security Packet suitable for some common security
situations? Why did the NSA develop SELinux, then absolutely fail
at deploying THEIR OWN CREATION and allow Edward Snowden*
inappropriate access to classified materials (hidden question is
what does SELinux provide that would have prevented this
situation; and the bonus question is prove my implied assertion
false)? If I were to point to one thing in security to pique your
curiosity, I would suggest looking up the FBI Top Ten for Unix
Security and understand how to find and fix those problems. As
you can tell by my questions, I'm not a developer, even though I
was (a long time ago in a galaxy far, far away), and that's a
whole different world, too. If coding interests you, pursue
certification in secure code development - that will help you in
many ways.<br>
<br>
* I hope you ratbastards at the NSA read this email and understand
how you utterly failed in the most incompetent way.<br>
<pre cols="72">Regards,
George Toft
</pre><div><div class="h5">
On 8/23/2013 1:11 PM, Paul Mooring wrote:<br>
</div></div></div>
<blockquote type="cite"><div><div class="h5">
<div name="divtagdefaultwrapper" style="font-size:12pt;margin:0;font-family:Calibri,Arial,Helvetica,sans-serif">
<div name="divtagdefaultwrapper" style="font-size:12pt;margin:0;font-family:Calibri,Arial,Helvetica,sans-serif">
I think there's a bit of a misconception for how the industry
works that leads to questions like this. Web design is really
more of it's own thing centered around graphic design and css,
although programs *have* to know html these days. Outside
that it sounds like you are getting ahead of yourself in terms
of specialization, everyone doing non-entry level IT work
needs to know a bit of programming (you can call it scripting
if you like) and any non-entry level programmer needs to know
a bit the systems they right code for (sys-admin 101).</div>
<div name="divtagdefaultwrapper" style="font-size:12pt;margin:0;font-family:Calibri,Arial,Helvetica,sans-serif">
<br>
</div>
<div name="divtagdefaultwrapper" style="font-size:12pt;margin:0;font-family:Calibri,Arial,Helvetica,sans-serif">
If what you're worried about is building up the knowledge
needed for a career, in my opinion the right approach is "what
don't I know?" If you have never written any code before
don't worry about learning web development, go learn some
basic scripting simple perl/ruby/python scripts and the basics
of writing code in general. If you're comfortable with that
but you don't know how your OS works, go set up a linux server
or compile a kernel or whatever else interests you. If you
already know all that dive into something deeper, pick up a
new programming language or run through linux from scratch.</div>
<div name="divtagdefaultwrapper" style="font-size:12pt;margin:0;font-family:Calibri,Arial,Helvetica,sans-serif">
<br>
</div>
<div name="divtagdefaultwrapper" style="font-size:12pt;margin:0;font-family:Calibri,Arial,Helvetica,sans-serif">
One more thought, I'm of the opinion you can't "learn
security" Securing a system is really more of a by-product of
intrinsically understanding that system and how it can be
exploited. That implies that if you aren't already very
competent writing code and understanding system internals you
can't be a useful security person until you are.<br>
<div><br>
<br>
<div name="divtagdefaultwrapper">
<div style="font-family:Tahoma;font-size:13px">Paul
Mooring
<div>Operations Engineer</div>
<div><a href="http://www.opscode.com" target="_blank">www.opscode.com</a></div>
</div>
</div>
</div>
<br>
<div style="color:rgb(40,40,40)">
<hr style="display:inline-block;width:98%">
<div dir="ltr"><font style="font-size:11pt" color="#000000" face="Calibri,
sans-serif"><b>From:</b>
<a href="mailto:plug-discuss-bounces@lists.phxlinux.org" target="_blank">plug-discuss-bounces@lists.phxlinux.org</a>
<a href="mailto:plug-discuss-bounces@lists.phxlinux.org" target="_blank"><plug-discuss-bounces@lists.phxlinux.org></a> on
behalf of Michael Havens <a href="mailto:bmike1@gmail.com" target="_blank"><bmike1@gmail.com></a><br>
<b>Sent:</b> Friday, August 23, 2013 11:31 AM<br>
<b>To:</b> PLUG<br>
<b>Subject:</b> what to learn</font>
<div> </div>
</div>
<div>
<div dir="ltr">you know, I've asked the question about
what to learn multiple times. I think I've been asking
the wrong question. The new incarnation of my question
is what do you think I should learn. Programming is one
option and web design is another. Is there another
option i'm not thinking of? I guess security is a
third. Any others? Things to consider when answering
that question would be what is needed? What is the
potential? What isn't being addressed.... things like
that.
<div><br>
</div>
<div>I have more questions but I guess we should get
that question out of the way first.<br clear="all">
<div>:-)~MIKE~(-:</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><div class="im"><pre>---------------------------------------------------
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.org</a>
To subscribe, unsubscribe, or to change your mail settings:
<a href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss" target="_blank">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></pre>
</div></blockquote>
<br>
</div>
<br>---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss" target="_blank">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a><br></blockquote></div><br></div>