what to learn
Michael Havens
bmike1 at gmail.com
Mon Aug 26 13:58:51 MST 2013
Thank you so much for your answers. Okay... here is what I think I'll do;
scripting and linux from scratch first. While programs are compiling with
LFS I'll work on python. I have a python book, it is Python, How to Program
but it is old (2002). I also have a book entitled "Linux Shell Scripting
with BASH". What do you recommend? I think I should do scripting with BASH
because, while it too is old (2004), BASH has always been the same and
therefore the age of the book is irrelevant (I think).
:-)~MIKE~(-:
On Mon, Aug 26, 2013 at 8:34 AM, George Toft <george at georgetoft.com> wrote:
> To add to what Paul said . . .
>
> What interests you? I know many sysadmins that don't develop code; many
> developers that can't spell Linux (OK, they can, but they also think 777
> permissions fix everything, even access to data files). I've even met SA's
> that couldn't script, but that limits their usefulness and shows a lack of
> motivation and curiosity - both highly desirable traits in the workplace.
> IMHO, learn scripting not just to learn it, learn it to make your work more
> efficient. If you can document some manual task, you can automate it.
> Then you can then run that automation on all the servers in your care and
> have time left over, which makes you efficient. In a previous job, I had
> over twice the number of servers as anyone else on my team, and four times
> the company average because I documented and semi-automated the server
> build finishing process, and I automated the daily health check. So all my
> servers were consistent (almost identical) and I was done with my daily
> routine by 10am. This gave me time to help others, project work, find ways
> to improve processes, collateral duties and irritate management.
>
> And then there's security . . . I got a phone call one day asking to speak
> to the head of IT Security. I work at a large organization and quickly
> counted up 11 different security organizations - which one would you like
> to talk to? Click. LOL. We have network, application, infrastructure
> security organizations, and their operations, engineering and architectural
> groups. And don't forget audit, compliance, and CISO. Most people think
> network operations when they think of security, but there is so much more
> to it. Looking at the 10 Domains of the CISSP (Certified Information
> System Security Professional) certification shows there is a lot to "IT
> Security."
>
> So whereas I hate to see security last in your list (most companies put
> security last on their list, too), the reality is you need to have a solid
> foundation doing *something* before you go down that road. Understanding
> the fundamentals and history will help, like . . . why is there a shadow
> file? . . . what is the directory sticky bit used for? . . . why isn't the
> classic File Security Packet suitable for some common security situations?
> Why did the NSA develop SELinux, then absolutely fail at deploying THEIR
> OWN CREATION and allow Edward Snowden* inappropriate access to classified
> materials (hidden question is what does SELinux provide that would have
> prevented this situation; and the bonus question is prove my implied
> assertion false)? If I were to point to one thing in security to pique
> your curiosity, I would suggest looking up the FBI Top Ten for Unix
> Security and understand how to find and fix those problems. As you can
> tell by my questions, I'm not a developer, even though I was (a long time
> ago in a galaxy far, far away), and that's a whole different world, too.
> If coding interests you, pursue certification in secure code development -
> that will help you in many ways.
>
> * I hope you ratbastards at the NSA read this email and understand how you
> utterly failed in the most incompetent way.
>
> Regards,
>
> George Toft
>
> On 8/23/2013 1:11 PM, Paul Mooring wrote:
>
> I think there's a bit of a misconception for how the industry works that
> leads to questions like this. Web design is really more of it's own thing
> centered around graphic design and css, although programs *have* to know
> html these days. Outside that it sounds like you are getting ahead of
> yourself in terms of specialization, everyone doing non-entry level IT work
> needs to know a bit of programming (you can call it scripting if you like)
> and any non-entry level programmer needs to know a bit the systems they
> right code for (sys-admin 101).
>
> If what you're worried about is building up the knowledge needed for a
> career, in my opinion the right approach is "what don't I know?" If you
> have never written any code before don't worry about learning web
> development, go learn some basic scripting simple perl/ruby/python scripts
> and the basics of writing code in general. If you're comfortable with that
> but you don't know how your OS works, go set up a linux server or compile a
> kernel or whatever else interests you. If you already know all that dive
> into something deeper, pick up a new programming language or run through
> linux from scratch.
>
> One more thought, I'm of the opinion you can't "learn security"
> Securing a system is really more of a by-product of intrinsically
> understanding that system and how it can be exploited. That implies that
> if you aren't already very competent writing code and understanding system
> internals you can't be a useful security person until you are.
>
>
> Paul Mooring
> Operations Engineer
> www.opscode.com
>
> ------------------------------
> *From:* plug-discuss-bounces at lists.phxlinux.org
> <plug-discuss-bounces at lists.phxlinux.org><plug-discuss-bounces at lists.phxlinux.org>on behalf of Michael Havens
> <bmike1 at gmail.com> <bmike1 at gmail.com>
> *Sent:* Friday, August 23, 2013 11:31 AM
> *To:* PLUG
> *Subject:* what to learn
>
> you know, I've asked the question about what to learn multiple times. I
> think I've been asking the wrong question. The new incarnation of my
> question is what do you think I should learn. Programming is one option and
> web design is another. Is there another option i'm not thinking of? I
> guess security is a third. Any others? Things to consider when answering
> that question would be what is needed? What is the potential? What isn't
> being addressed.... things like that.
>
> I have more questions but I guess we should get that question out of the
> way first.
> :-)~MIKE~(-:
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20130826/fa0c373b/attachment.html>
More information about the PLUG-discuss
mailing list