i need some advice

[Imre Kertesz]

Computer security is simply an extension or specialization of what you all already know.  If you already have a strong foundation
involving software development, network engineering or system administration, you MAY already be a winner. However, because information
security is such a volatile field, classes in security are not sufficient enough to gain enough mastery in the field to be competitive.
Mastery involves living, eating, and breathing FOO and LORE. You have to have passion for computer security. To determine whether you
have this passion, ask yourself the following questions:

Have you ever:

1. .. built a router out of a linux box and a bunch of network interface cards?
2. .. installed an older version of an operation system or service to try to break it with a known exploit?
3. .. intentionally installed a service on a non-standard port for the sake of obscurity?
4. .. built a VPN simply to tunnel network game traffic between home networks?
5. .. modified a scanning utility to reduce it's radar signature?
6. .. browsed the source code of a tar ball to look for hidden "phone home" routines - and know what to look for?
7. .. built a DMZ at home for the sake of having a DMZ?
8. .. gone home at the end of the day only to stay up all night doing network foo (NOT involving video games) ?
9. .. installed a wireless in a laptop just to drive around town sniffing SSIDs and cracking WEP?
10. .. have your own registered domain that points to your own Apache web server (NOT hosted by someone else) ?
11. .. attended DEFCON with the intention of learning something rather than stealing payphones and out-drinking the British Royal Air
Force (who happen to be staying at the Alexis Park at the same time as the CON) ?

If you answered YES to more than one of these, you already have what it takes to don the security hat.  The real value to a potential
employer or client is that you know a little bit about many technologies (and perhaps ALOT about a few). Many people tell themselves
that there is no value in knowing how to troubleshoot a Check Point firewall or know how RACF works -- but when the opportunity presents
itself, those who can immediately step forward are the ones who get the contracts.  Infosec is not a dark art - it just involves a lot
of personal commitment.

-I


bob smith wrote:

> --- Imre Kertesz <ikertesz@fastq.com> wrote:
> > Raymond -
> > Certificates are great to have and like degrees,
> > look good on paper.
>
> If someone wanted to get into computer security as a
> possible career choice is there anything else you
> would recommend they do? In your opinion, how could
> one gain some good experience and be considered as a
> possible candidate for the job?
>

-· · ···- · ·-· ·--· · - ·- -··· ··- ·-· -· ·· -· --· -·· --- --·
"If you sit quietly at the edge of a river, eventually
you will see the bodies of your enemies float by"
-A maxim of patience, author unknown

Imre Kertesz
480.363.1492
PGP ID: 0x1C1E5054