Excellent advice Michael! It closely mirrors a post that will be up next week on this topic. I've summarized much of what has been posted here and added my own experiences.
Bonus: remember I said I took a picture of my computers to an interview? I found the pic and its in the blog post ;) Post should drop Monday, I link to this archive thread as a reference, and hopefully we can encourage a whole new generation of grasshoppers :) Thanks! Cheers, Paul Michael Dickey wrote: > Lots of great suggestions already! I am inclined to say that you stick > to your BS studies, even if it is not focused. I know it is not > absolutely necessary, but it certainly does help and should repay you > back over time. > > Some more rapidfire suggestions: > > 1. Get Security+ cert. It's not a glamorous cert, but it's an entry > level, inexpensive one that will get your feet wet. If you listen to > Pauldotcom regularly, you should be able to grasp the concepts and pass. > > 2. If you get a chance, pick up a job as a systems admin or network > admin. The background is extremely helpful and will add to your > experience. If you get a chance to work as a security intern, analyst, > or tag-along with a pen testing or auditing crew, consider yourself > really lucky for that opp! > > 3. Read, read, read. Read blogs, read mailing lists, participate as > necessary, and as much as not being afraid to work, don't be afraid to > ask questions, even those that sound stupid and basic. Few security > geeks know every technology field well enough to not sound stupid in > something at some point. Get used to it early. :) > > 4. Build your own network and start playing with tools. While I > shouldn't openly condone being a nuisance on open wireless networks, I > can't condemn someone for poking around them as well. Run some scans, do > some probing/sniffing, see what you can read/decode. Practical > experience effort should equal your reading time, eventually. Explore > BackTrack 3/4. If you read about neat tools, set aside the time to try > them out, even superficially. (A very hard thing for me, personally.) > > 5. When you get more confident in what you're doing, check out the OSCP > courses. They mix videos with reading with practical work. It's not > overly expensive and the money winds up in good hands. Consider it a > donation to BackTrack. :) I know some of the material in OSCP will be a > bit deeper like exploit coding and debugging, but consider it a > necessary challenge and learning opportunity. Mubix has mentioned (and I > agreee) that this may not get you a job in itself, it still demonstrates > desire and should expand your skills. > > 6. Combine the suggestions for being a volunteer with going to > conventions: Volunteer to help set up Shmoocon or other cons in your > area, if any. Find out if there is a local hackerspace or infragard > group and poke your head in. Few activities in security seem to be as > positive as working with other people and sharing ideas. Even just IRC > if you have the free time. > > 7. As Jack Daniel suggested, blog. Not for readers, but for yourself. > This gives others a digital "face" to see you and what you're into. It > gives you a personal sounding board to practice writing and organizing > thoughts. And it gives you a way to document what you do so you can > refer to it later on. "Now, how did I always set that server up...?" > Documentation is a key concept in IT, and is oft-missed. > 8. As early as possible, think about learning a programming language, > especially if you have any background in coding or your courses include > anything like computer science "lite." If you don't know what to code, > play with Metasploit or even find some challenges online. Hopefully > Microsoft scripting does their annual "games" again and include Perl or > something newer (Python, Ruby). At the very least, learning some coding, > even if it is "just" Perl is not a bad thing. > > Good luck! > > www.terminal23.net <http://www.terminal23.net/> > > > To: [email protected] > <mailto:[email protected]> > Subject: [Pauldotcom] NIT (Ninja in Training) looking for guidance. > > Dear PaulDotCom community, > > I am young (at heart, not in body) aspiring Security Professional. I > am currently in a blue collar job (good job just not my passion) and I > am wanting to work my way into the Information Security career space. > I am looking for a little advice and guidance in my first steps. I > was a silly youth and didn't make my way through college (I have a > handful of credits). Since dropping out I have grown a little family, > wife and 16 month old daughter, so my choices are guided by that a lot > (both money and time commitment wise). Currently I am enrolled in an > online B.S. in Information Technology degree from University of > Massachusetts though I am finding the $300 plus a credit hour (about > 6k a year on my current plan), the time in which it will take to > complete (about 5 years at 2 classes every semester), and the lack of > focus to the information security field disheartening and making me > re-evaluating my choice. While I don't mind devoting time and money I > would prefer to do it toward something more relevant and focused to > where I want to be. > I know that I will want take classes from SANS in time but I do not > feel that I have the fundamentals yet. I also almost religiously > listen to PaulDotCom Security Weekly. > > So I am hoping that you all will grace me with your earned wisdom and > give me a few nudges in the right direction so I don't waist too much > time and money. > I'm looking for advice on mainly on what are the best building blocks > to develop a solid foundation for my Ninja skills. Any programs, > certs, classes, books, websites, podcasts, video tutorials that you > can think of would be appreciated. > > In advance, thank you for your time, energies and knowledge. > > Sincerely, > Nick G > Your friendly UPS man (though hopefully not for long) > > ~All healing is self healing.~ > > P.S.- I feel so newbie and I know doubt will receive some RTFB / RTFM > and GIF (Google it Fool) but I'll live through the embarrassment. > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com -- Paul Asadoorian PaulDotCom Enterprises Web: http://pauldotcom.com Phone: 401.829.9552 _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
