To add to what Paul said . . .

What interests you?  I know many sysadmins that don't develop code; many developers that can't spell Linux (OK, they can, but they also think 777 permissions fix everything, even access to data files).  I've even met SA's that couldn't script, but that limits their usefulness and shows a lack of motivation and curiosity - both highly desirable traits in the workplace.  IMHO, learn scripting not just to learn it, learn it to make your work more efficient.  If you can document some manual task, you can automate it.  Then you can then run that automation on all the servers in your care and have time left over, which makes you efficient.  In a previous job, I had over twice the number of servers as anyone else on my team, and four times the company average because I documented and semi-automated the server build finishing process, and I automated the daily health check.  So all my servers were consistent (almost identical) and I was done with my daily routine by 10am.  This gave me time to help others, project work, find ways to improve processes, collateral duties and irritate management.

And then there's security . . . I got a phone call one day asking to speak to the head of IT Security.  I work at a large organization and quickly counted up 11 different security organizations - which one would you like to talk to?  Click.  LOL.  We have network, application, infrastructure security organizations, and their operations, engineering and architectural groups.  And don't forget audit, compliance, and CISO.  Most people think network operations when they think of security, but there is so much more to it.  Looking at the 10 Domains of the CISSP (Certified Information System Security Professional) certification shows there is a lot to "IT Security."

So whereas I hate to see security last in your list (most companies put security last on their list, too), the reality is you need to have a solid foundation doing *something* before you go down that road.  Understanding the fundamentals and history will help, like . . . why is there a shadow file?  . . . what is the directory sticky bit used for? . . . why isn't the classic File Security Packet suitable for some common security situations?  Why did the NSA develop SELinux, then absolutely fail at deploying THEIR OWN CREATION and allow Edward Snowden* inappropriate access to classified materials (hidden question is what does SELinux provide that would have prevented this situation; and the bonus question is prove my implied assertion false)?  If I were to point to one thing in security to pique your curiosity, I would suggest looking up the FBI Top Ten for Unix Security and understand how to find and fix those problems.  As you can tell by my questions, I'm not a developer, even though I was (a long time ago in a galaxy far, far away), and that's a whole different world, too.  If coding interests you, pursue certification in secure code development - that will help you in many ways.

* I hope you ratbastards at the NSA read this email and understand how you utterly failed in the most incompetent way.
Regards,

George Toft
On 8/23/2013 1:11 PM, Paul Mooring wrote:
I think there's a bit of a misconception for how the industry works that leads to questions like this.  Web design is really more of it's own thing centered around graphic design and css, although programs *have* to know html these days.  Outside that it sounds like you are getting ahead of yourself in terms of specialization, everyone doing non-entry level IT work needs to know a bit of programming (you can call it scripting if you like) and any non-entry level programmer needs to know a bit the systems they right code for (sys-admin 101).

If what you're worried about is building up the knowledge needed for a career, in my opinion the right approach is "what don't I know?"  If you have never written any code before don't worry about learning web development, go learn some basic scripting simple perl/ruby/python scripts and the basics of writing code in general.  If you're comfortable with that but you don't know how your OS works, go set up a linux server or compile a kernel or whatever else interests you.  If you already know all that dive into something deeper, pick up a new programming language or run through linux from scratch.

One more thought, I'm of the opinion you can't "learn security"  Securing a system is really more of a by-product of intrinsically understanding that system and how it can be exploited.  That implies that if you aren't already very competent writing code and understanding system internals you can't be a useful security person until you are.


Paul Mooring
Operations Engineer

From: plug-discuss-bounces@lists.phxlinux.org <plug-discuss-bounces@lists.phxlinux.org> on behalf of Michael Havens <bmike1@gmail.com>
Sent: Friday, August 23, 2013 11:31 AM
To: PLUG
Subject: what to learn
 
you know, I've asked the question about what to learn multiple times. I think I've been asking the wrong question. The new incarnation of my question is what do you think I should learn. Programming is one option and web design is another. Is there another option i'm not thinking  of? I guess security is a third. Any others? Things to consider when answering that question would be what is needed? What is the potential? What isn't being addressed.... things like that.

I have more questions but I guess we should get that question out of the way first.
:-)~MIKE~(-:


---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss