I come from a networking background and have some security experience.
What would be the best way to get more experience in security?
Hello. The best way to get experience in security would be to either get a job in security, start working on security certifications or both. There are a lot of online forums, youtube channels, and training site (free/paid) that you can try until you find out what interests you. Once you find out, you can focus on the specific training/education you need to help you advance.
Hope that helps.
I too come from a Networking background. Actually Training then Networking but who's keeping track, Right? What I am finding the best way is to jump right in and start reading all you can, joining groups like this, asking questions and put yourself in positions that allows for you to challenge your skills.
Just like when I wanted to learn about networking, I had to start somewhere. This is no different. While I am now the Security Analyst for the Hospital I work for, I have a lot more to learn, a long road ahead. If I don't start, I never get started.
I read as much as I can, either books or on newsgroups. I have joined several affiliations that provide excellent news letters, and use my resources around me to find out what I don't know.
While this isn't a definitive path of x,y,z, you will never start unless you start. Some excellent books to get you going are, CISSP Study guide by Wiley, CISSP by ISC(2), and many more...
ISC2 provide a number of really good resources to help you get more Security exposure/awareness. Bright Talk have some really good webinars from vendors also that cover some of the newer technologies in security.
What are your goals/what are you hoping to achieve? Are you looking to specialize in a network security field or move into more of a information security role?
Coming from the networking world just making your network secure from hackers and the outside world was your first step in security. Now build on that and you'll be on your way.
The best way for a networking guy to break into security is through penetration testing. Go look into the penetration testing certs and get certified. A large portion of that field is mapping a network and being able to pick apart header and packet information. You will have to learn some of the nuances of how different operating systems react to different types of packets being sent to them, but I always felt I had a leg up on a lot of people, because I understood how routers, switches and network traffic worked.
My suggestion is to leverage your existing employer if possible. Talk with your supervisor and see whether you can take a more active role within an existing or needed security function. There's a good chance that your experience with netflow, logging, packet capture and other routine tasks would be very welcome by the organization security team members.
Another option would be to spend some time studying and thoroughly documenting IDS, IPS, firewall, and other typical perimeter defense solutions that your company employs. One of the most overlooked areas of any program is formal configuration and change management. By documenting the port and protocols, rules, whitelists, blacklists, historical changes, and validation testing, you can gain a great deal of insight into your current environment and recommend changes. This type of evolution will allow you to cross train, gain granular security-relevant experience, and let you work with additional tools and processes that may be secondary to your current role.
I assume network security would be the easiest way to get a foot in.
What I have found is if you are good in one field say network support trying to move to another field becomes difficult as you get labelled as being good in network support. This tends to push perspective employers to offer network support roles.