cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
a380_fox
Newcomer I

How to get more security exposure?

I come from a networking background and have some security experience.

 

What would be the best way to get more experience in security?

12 Replies
Secur3
Newcomer I

Hello. The best way to get experience in security would be to either get a job in security, start working on security certifications or both. There are a lot of online forums, youtube channels, and training site (free/paid) that you can try until you find out what interests you. Once you find out, you can focus on the specific training/education you need to help you advance.

 

Hope that helps.

SecurIT
Viewer

I too come from a Networking background.  Actually Training then Networking but who's keeping track, Right?  What I am finding the best way is to jump right in and start reading all you can, joining groups like this, asking questions and put yourself in positions that allows for you to challenge your skills.

 

Just like when I wanted to learn about networking, I had to start somewhere.  This is no different.  While I am now the Security Analyst for the Hospital I work for, I have a lot more to learn, a long road ahead.  If I don't start, I never get started. 

 

I read as much as I can, either books or on newsgroups.  I have joined several affiliations that provide excellent news letters, and use my resources around me to find out what I don't know.  

 

While this isn't a definitive path of x,y,z, you will never start unless you start.  Some excellent books to get you going are, CISSP Study guide by Wiley, CISSP by ISC(2), and many more...

jcaccount
Viewer

talking with many users and unsterdanding how working and uses his computers, smartphone ect

Karlos
Newcomer I

ISC2 provide a number of really good resources to help you get more Security exposure/awareness.  Bright Talk have some really good webinars from vendors also that cover some of the newer technologies in security.

 

What are your goals/what are you hoping to achieve?  Are you looking to specialize in a network security field or move into more of a information security role?

CuZiCaN
Viewer II

Coming from the networking world just making your network secure from hackers and the outside world was your first step in security. Now build on that and you'll be on your way.

The_Red_Pill
Newcomer II

The best way for a networking guy to break into security is through penetration testing.   Go look into the penetration testing certs and get certified.  A large portion of that field is mapping a network and being able to pick apart header and packet information. You will have to learn some of the nuances of how different operating systems react to different types of packets being sent to them, but I always felt I had a leg up on a lot of people, because I understood how routers, switches and network traffic worked.

bhutfless
Viewer III

My suggestion is to leverage your existing employer if possible. Talk with your supervisor and see whether you can take a more active role within an existing or needed security function. There's a good chance that your experience with netflow, logging, packet capture and other routine tasks would be very welcome by the organization security team members.

Another option would be to spend some time studying and thoroughly documenting IDS, IPS, firewall, and other typical perimeter defense solutions that your company employs. One of the most overlooked areas of any program is formal configuration and change management. By documenting the port and protocols, rules, whitelists, blacklists, historical changes, and validation testing, you can gain a great deal of insight into your current environment and recommend changes. This type of evolution will allow you to cross train, gain granular security-relevant experience, and let you work with additional tools and processes that may be secondary to your current role. 

The_Red_Pill
Newcomer II

I like this approach. bhutfless, great suggestion!

a380_fox
Newcomer I

I assume network security would be the easiest way to get a foot in.

 

What I have found is if you are good in one field say network support trying to move to another field becomes difficult as you get labelled as being good in network support. This tends to push perspective employers to offer network support roles.