My contribution to the topic is a bit of a no-brainer and is how I got my start.
"You don't need a security job to do security work."
I accomplished this at a previous job by identifying failures in our standard
build documents for desktops and servers and documenting ways to automate the
process and updated hardening recommendations. Machine deployment became faster
(tangible business benefit) and configurations were more uniform (more tangible
business benefits by decreasing support costs) while greatly improving overall
security (WIN!). Did not take me long after that to make the jump to the
security team once they saw the reduction in malware related incidents. Find
ways you can provide value NOW. Don't wait for someone to hand you your dream
job.
I filled out the survey and encourage others to do so as well.
-Tony
________________________________
From: Brian Erdelyi <[email protected]>
To: PaulDotCom Security Weekly Mailing List
<[email protected]>
Cc: PaulDotCom Mailing List <[email protected]>; GPWN
<[email protected]>
Sent: Monday, February 20, 2012 11:26 AM
Subject: Re: [GPWN-list] [Pauldotcom] breaking in to security, trying to get
answers
Good survey. Don't underestimate security incident response and handling. I
think a lot of people may come from a help desk background.
My biggest advice is for people to build skill and experience in a particular
technology first. Your first job may not be security related, however, as
people trust yor skills you'll be able to transition to more security centric
roles. Know how to work with people!!!
To build street cred I also suggest people be active online in discussion
groups and other projects. Do research, blog and publish articles. Eventually
you'll get a reputation for knowing your stuff even if it's not work
experience. Being recognized as an expert or leader is part of the challenge.
B
_______________________________________________
gpwn-list mailing list
[email protected]
https://lists.sans.org/mailman/listinfo/gpwn-list
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
