topic Re: How to get more security exposure? in Career Discussions

How to get more security exposure?

a380_fox — Mon, 30 Oct 2017 14:29:17 GMT

I come from a networking background and have some security experience.

What would be the best way to get more experience in security?

Re: How to get more security exposure?

Secur3 — Mon, 30 Oct 2017 14:47:16 GMT

Hello. The best way to get experience in security would be to either get a job in security, start working on security certifications or both. There are a lot of online forums, youtube channels, and training site (free/paid) that you can try until you find out what interests you. Once you find out, you can focus on the specific training/education you need to help you advance.

Hope that helps.

Re: How to get more security exposure?

SecurIT — Mon, 30 Oct 2017 14:55:08 GMT

I too come from a Networking background. Actually Training then Networking but who's keeping track, Right? What I am finding the best way is to jump right in and start reading all you can, joining groups like this, asking questions and put yourself in positions that allows for you to challenge your skills.

Just like when I wanted to learn about networking, I had to start somewhere. This is no different. While I am now the Security Analyst for the Hospital I work for, I have a lot more to learn, a long road ahead. If I don't start, I never get started.

I read as much as I can, either books or on newsgroups. I have joined several affiliations that provide excellent news letters, and use my resources around me to find out what I don't know.

While this isn't a definitive path of x,y,z, you will never start unless you start. Some excellent books to get you going are, CISSP Study guide by Wiley, CISSP by ISC(2), and many more...

Re: How to get more security exposure?

jcaccount — Mon, 30 Oct 2017 14:58:12 GMT

talking with many users and unsterdanding how working and uses his computers, smartphone ect

Re: How to get more security exposure?

Karlos — Mon, 30 Oct 2017 15:02:58 GMT

ISC2 provide a number of really good resources to help you get more Security exposure/awareness. Bright Talk have some really good webinars from vendors also that cover some of the newer technologies in security.

What are your goals/what are you hoping to achieve? Are you looking to specialize in a network security field or move into more of a information security role?

Re: How to get more security exposure?

CuZiCaN — Mon, 30 Oct 2017 15:15:46 GMT

Coming from the networking world just making your network secure from hackers and the outside world was your first step in security. Now build on that and you'll be on your way.

Re: How to get more security exposure?

The_Red_Pill — Mon, 30 Oct 2017 15:28:33 GMT

The best way for a networking guy to break into security is through penetration testing. Go look into the penetration testing certs and get certified. A large portion of that field is mapping a network and being able to pick apart header and packet information. You will have to learn some of the nuances of how different operating systems react to different types of packets being sent to them, but I always felt I had a leg up on a lot of people, because I understood how routers, switches and network traffic worked.

Re: How to get more security exposure?

bhutfless — Mon, 30 Oct 2017 16:14:45 GMT

My suggestion is to leverage your existing employer if possible. Talk with your supervisor and see whether you can take a more active role within an existing or needed security function. There's a good chance that your experience with netflow, logging, packet capture and other routine tasks would be very welcome by the organization security team members.

Another option would be to spend some time studying and thoroughly documenting IDS, IPS, firewall, and other typical perimeter defense solutions that your company employs. One of the most overlooked areas of any program is formal configuration and change management. By documenting the port and protocols, rules, whitelists, blacklists, historical changes, and validation testing, you can gain a great deal of insight into your current environment and recommend changes. This type of evolution will allow you to cross train, gain granular security-relevant experience, and let you work with additional tools and processes that may be secondary to your current role.

Re: How to get more security exposure?

The_Red_Pill — Mon, 30 Oct 2017 17:43:44 GMT

I like this approach. bhutfless, great suggestion!

Re: How to get more security exposure?

a380_fox — Mon, 30 Oct 2017 17:47:53 GMT

I assume network security would be the easiest way to get a foot in.

What I have found is if you are good in one field say network support trying to move to another field becomes difficult as you get labelled as being good in network support. This tends to push perspective employers to offer network support roles.

Re: How to get more security exposure?

CISOScott — Mon, 30 Oct 2017 17:48:27 GMT

Look for jobs that are being undone. When I first started I had to run backup tapes on a server. This server also ran our anti-virus console. I asked my boss who was monitoring it and she said no one. I asked her could I do it and she said yes. Thus my career in information security was born.

I also set up my own lab at home with 14 machines. I asked my bosses if they minded me setting up a test lab at work with leftover computers/servers. They let me. I had to create my own environment to learn on, but I also had the courage to ask for permission to do it. I read a lot of books. Took all the free training I could find.

Re: How to get more security exposure?

a380_fox — Mon, 30 Oct 2017 18:16:12 GMT

Are they any free training programs that are structured? from beginner to expert? ones with more practical tasks?

Re: How to get more security exposure?

CISOScott — Mon, 30 Oct 2017 18:28:38 GMT

The best way I have found is to just jump in and try the security tools. On networks you own and have permission for of course! DO NOT DO THESE on your company networks without permission and some understanding/experience with the tools.

I have gained massive experience by trying and failing on my own lab networks.

Back in the day I had to have 14 computers, a KVM switch, my own routers and switches. Now I can use a virtual machine (Oracle's Virtual Box, VMWare Player, etc) which are free to simulate machines. No longer do I have to have the noisy basement, but a streamlined computer dedicated to providing the lab environment I need.

You will seriously have more learning experiences if you do it yourself and do the research into setting it up and struggling versus some nicely laid out training program. Not that I am against structured training, but that should not be your sole desire. Insecure.org has lots of free/trial programs you can download. Download some Linux ISO's. Download KALI Linux. Use any free tools you can get your hands on and try/fail/succeed at as many things you can.