RE: Getting In
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yes I finally did though I am still in a intro position the experience I am gaining will make myself more marketable for the next job I search for. - -Original Message- From: Manuel Lanctot [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 12, 2003 4:37 PM To: [EMAIL PROTECTED] Subject: RE: Getting In > De : Michael LaSalvia [mailto:[EMAIL PROTECTED] > Envoye : 12 aout, 2003 15:10 > A : 'Jay Woody'; [EMAIL PROTECTED]; > [EMAIL PROTECTED]; [EMAIL PROTECTED] > Objet : RE: Getting In > > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hum I had the same issue a year ago. I just had gotten laid off and > decided to peruse my dream job of security. I had tons of non > professional experience but nothing to show and employer. I went > out and got my TICSA and took the LCA also. I then searched around > for entry level positions in the security field. I even put a post > on the security jobs mailing. I was completely honest. I was like > green > security professional looking for entry to intermediate position > and blah, blah. I got many leads from the list. I suggest during > your off time while looking to get in work on some certs and read > up on what you can. But what we all want to know is: Did you get a job in the field? :) - -- Manuel Lanctot Inventory Tech Bayard Press - -- - - - -- - -- -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBPzmIJXAnVb+gRdsVEQJGtACfRcZy1EpxN/w4WnztuPmbAdA2CncAoJx1 Y9wRCGJnWwUemGAqTsGC3mhT =dzQA -END PGP SIGNATURE- ---
RE: Getting In
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have the TICSA, the cert was a well rounded cert and many believe it to be hands on vs of the CISSP. Though you won't get much recognition for having it, it will definitely help you in your day to day work. I took mine at the www.trainingcamp.net , located in Bushkill PA. They do have offices other place. If anyone has questions on the exam please feel free to ask me. I will help out as much as possible. If you get the TICSA you should also go to take the security + test right after would. The material is closely related. - -Original Message- From: David Olsen [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 12, 2003 1:13 PM To: [EMAIL PROTECTED] Subject: RE: Getting In Hi, It's not the biggest cert but the Security+ might be a start. There is no experience requirement but demonstrates some basic knowledge. You could follow this up with the TICSA which requires two years of experience or 48 hours of classes. The GIAC courses also do not require experience. They require a written practical and an exam. Dave - -- - - - -- - -- -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBPzk6WHAnVb+gRdsVEQJHvQCgm1dCf0I9qnXYqHbt4IN2k6SYkOsAnik/ Ul230cgArYpuW7A5mtKR8ReL =Wluh -END PGP SIGNATURE- ---
RE: Getting In
Did TICSA gave you any jumpstart as other security certification e.g. CISSP or CheckPoints ? Regards, Leonard > -Original Message- > From: ext Michael LaSalvia [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 13, 2003 3:10 AM > To: 'Jay Woody'; [EMAIL PROTECTED]; [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Subject: RE: Getting In > ---
Re: Getting In
Hi Mike, Just like you, I am a security enthusiast but I work with web app development. Since 1999 I study internet security but I'm not working with that yet. Here some links I colected that can help you: Addendum - other useful security related websites - Security News related Sites o http://www.Incidents.org o http://www.theregister.co.uk o http://www.silicon.com o http://www.security-protocols.com/index.php - New Vulnerabilities o http://bugtraq.inet-one.com/ o http://www.cert.org/nav/index_red.html o http://www.microsoft.com/security o http://www.ciac.org/ciac/bulletinsByType/bul_vendor_list.html - Advisories o http://www.cisco.com/warp/public/707/advisory.html o http://nsa2.www.conxion.com/ - Firewall information (seeing the wood from the trees) o http://www.robertgraham.com/pubs/firewall-seen.html o http://www.snort.org - Hacking o http://www.webstore.fr/webabonnes/tahiti/nt.htm o http://www.cavebear.com/CaveBear/Ethernet/vendor.html http://community.core-sdi.com/~gera/InsecureProgramming/ -(teach yourself the art of insecure programs exploitation)http://community.corest.com/~juliano/ http://www.security-solutions.net/tools.html http://www.ntsecurity.nu http://nsa2.www.conxion.com/win2k/download.htm http://www.microsoft.com/technet/security/tools/w2kprocl.asp http://www.yale.edu/its/security/Procedures/Securing/NT/w2k/ http://www.labmice.net/articles/securingwin2000.htm http://arstechnica.com/tweak/win2k/security/begin-1.html http://www.sans.org/infosecFAQ/win2000/win2000_list.htm http://www.sqlsecurity.com http://www.owasp.org/ http://www.spidynamics.com/ http://www.nextgenss.com/ http://razor.bindview.com http://www.ibt.ku.dk/jesper/NTtools/ http://www.ntsecurity.nu http://netsecurity.about.com/cs/hackertools/ http://www.sans.org/rr/ http://www.experts-exchange.com/Security/Win_Security/ http://neworder.box.sk http://www.experts-exchange.com - Very good forums http://www.appsecinc.com - Good SQL Server Security Papers, alerts, etc. http://www.niser.org.my/resources.html - Some Interesting papers Good luck! -Original Message- From: Mike West [mailto:[EMAIL PROTECTED] Sent: Saturday, August 09, 2003 4:29 AM To: [EMAIL PROTECTED] Subject: Getting In > > > Guys > > I know you have probably been asked this question many times but here goes. > > I am currently a security enthusiast and employed as a software developer > for a large Telco company however I would like to get into the security > field but I am finding it a very tight market to get into. > > How would be the best way to make a start in the Security field. As I have > found that most company's will not look at your CV unless you have had 2 > years proffesional experience/certification and you can't get a > certification until you have the experience etc. > > Thanks in advance > Mike > > > > -- - > -- -- > > > -- - > -- -- > > -- - > -- -- > > ---
RE: Getting In
This might be stating the obvious, but from my own perspective it comes down to a few things. (Also, I don't know all of the details of your situation, So take what you can from this and discard the rest. Perhaps you'll end up discarding all of it.;) Education - At the very least you should be educating yourself as much as possible so that when an opportunity does present itself, you will be prepared to seize it. The SANS InfoSec Reading Room http://www.sans.org/rr/ is a great place to start. Also, look into buying an SSCP (Systems Security Certified Practioner) book. It's also a good place to start when learning about security basics. Any security-related certifications you can acquire will certainly help. Additionally, a college degree can help as well, but is no longer a guarantee (not that it ever was, it just greases the skids a bit if you know what I mean.) Network - It's all in who you know or _get_ to know. I started with my current employer and worked in the WAN group for the first two years. After proving my value as an employee, I was allowed (at my request) to move into the Information Assurance group. I guess this could be distilled down to: get a job in the field (any job, anywhere in the field) and work hard to prove your worth. You have to really want it. Post-dotcom bust, things are very competitive all over. You have to kind of blaze your own trail so-to-speak and make it happen. Once you're in IT make every effort, however small it may seem at the time, to move closer to the InfoSec arena. I think it can safely be said that there is no recipe for getting into this area of IT. It's a mixture of persistence, determination, intelligence and some good old fashioned luck. Being in the proverbial right place at the right time. But then again, I guess there is the cold, hard reality that even all of that may not be enough. Best of Luck, Jason -Original Message- From: Duffy Hazelhurst [mailto:[EMAIL PROTECTED] Sent: Monday, August 11, 2003 8:08 PM To: Mike West; [EMAIL PROTECTED] Subject: RE: Getting In I can't wait to see the reply, I'd love to know the answer myself. Duffy -Original Message- From: Mike West [mailto:[EMAIL PROTECTED] Sent: Saturday, August 09, 2003 4:29 AM To: [EMAIL PROTECTED] Subject: Getting In Guys I know you have probably been asked this question many times but here goes. I am currently a security enthusiast and employed as a software developer for a large Telco company however I would like to get into the security field but I am finding it a very tight market to get into. How would be the best way to make a start in the Security field. As I have found that most company's will not look at your CV unless you have had 2 years proffesional experience/certification and you can't get a certification until you have the experience etc. Thanks in advance Mike --- --- ---
RE: Getting In
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hum I had the same issue a year ago. I just had gotten laid off and decided to peruse my dream job of security. I had tons of non professional experience but nothing to show and employer. I went out and got my TICSA and took the LCA also. I then searched around for entry level positions in the security field. I even put a post on the security jobs mailing. I was completely honest. I was like green security professional looking for entry to intermediate position and blah, blah. I got many leads from the list. I suggest during your off time while looking to get in work on some certs and read up on what you can. If you want a quick way in go get the CISSP. That dam cert though definitely worthy of its praise is starting to become like a instant passport into the security industry, or at least in my neck of the woods it is. - -Original Message- From: Jay Woody [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 12, 2003 12:30 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Getting In Ask again on a different day guys. Many are out trying to fight the worm at the moment. You may get more replies in a week or so. JayW >>> "Duffy Hazelhurst" <[EMAIL PROTECTED]> 08/11/03 >>> 07:07PM >>> I can't wait to see the reply, I'd love to know the answer myself. Duffy - -Original Message- From: Mike West [mailto:[EMAIL PROTECTED] Sent: Saturday, August 09, 2003 4:29 AM To: [EMAIL PROTECTED] Subject: Getting In Guys I know you have probably been asked this question many times but here goes. I am currently a security enthusiast and employed as a software developer for a large Telco company however I would like to get into the security field but I am finding it a very tight market to get into. How would be the best way to make a start in the Security field. As I have found that most company's will not look at your CV unless you have had 2 years proffesional experience/certification and you can't get a certification until you have the experience etc. Thanks in advance Mike - -- - - - -- - -- - -- - - - -- - -- - -- - - - -- - -- -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBPzk7oHAnVb+gRdsVEQIHxgCePH6xXgxNPRjPKrwNKEZX2lhamREAoOff hCyS7FsRMepLBOL1fxCufR3Z =qUyy -END PGP SIGNATURE- ---
RE: Getting In
I can't wait to see the reply, I'd love to know the answer myself. Duffy -Original Message- From: Mike West [mailto:[EMAIL PROTECTED] Sent: Saturday, August 09, 2003 4:29 AM To: [EMAIL PROTECTED] Subject: Getting In Guys I know you have probably been asked this question many times but here goes. I am currently a security enthusiast and employed as a software developer for a large Telco company however I would like to get into the security field but I am finding it a very tight market to get into. How would be the best way to make a start in the Security field. As I have found that most company's will not look at your CV unless you have had 2 years proffesional experience/certification and you can't get a certification until you have the experience etc. Thanks in advance Mike --- --- ---
RE: Getting In
Ask again on a different day guys. Many are out trying to fight the worm at the moment. You may get more replies in a week or so. JayW >>> "Duffy Hazelhurst" <[EMAIL PROTECTED]> 08/11/03 07:07PM >>> I can't wait to see the reply, I'd love to know the answer myself. Duffy -Original Message- From: Mike West [mailto:[EMAIL PROTECTED] Sent: Saturday, August 09, 2003 4:29 AM To: [EMAIL PROTECTED] Subject: Getting In Guys I know you have probably been asked this question many times but here goes. I am currently a security enthusiast and employed as a software developer for a large Telco company however I would like to get into the security field but I am finding it a very tight market to get into. How would be the best way to make a start in the Security field. As I have found that most company's will not look at your CV unless you have had 2 years proffesional experience/certification and you can't get a certification until you have the experience etc. Thanks in advance Mike --- --- ---
RE: Getting In
In my case, it was a series of fortuitous accidents. I'm sure that's not what you want to hear, since it's not something you could replicate. (I was a software engineer for almost twenty years, for half a dozen different companies. One day, I arrived at work and was told "We've hired a new Director of Engineering, and he's bringing in his own team. We've decided to rename the old team 'Operations' and assign you the task of building a network to host our services instead of building them yourselves." Suddenly, I was a network engineer instead. The plan was to bring in a consultant for a few months to set up our initial network security, while searching for a permanent person. But this was 1997, with the Internet bubble still growing mightily, and affordable network security engineers were pretty thin on the ground. So I inherited what the consultant had set up, and ran with it. When that start-up decided to downsize, I had to decide if I was a software engineer who had spent a couple of interesting years in networking, or a network engineer specializing in security who had some background in software. I'd found something I loved, so I opted for the latter; two employers later, that's what I'm still doing.) David Gillett > -Original Message- > From: Duffy Hazelhurst [mailto:[EMAIL PROTECTED] > Sent: August 11, 2003 17:08 > To: Mike West; [EMAIL PROTECTED] > Subject: RE: Getting In > > > > I can't wait to see the reply, I'd love to know the answer myself. > > Duffy > > > > -Original Message- > From: Mike West [mailto:[EMAIL PROTECTED] > Sent: Saturday, August 09, 2003 4:29 AM > To: [EMAIL PROTECTED] > Subject: Getting In > > > Guys > > I know you have probably been asked this question many times > but here goes. > > I am currently a security enthusiast and employed as a > software developer > for a large Telco company however I would like to get into > the security > field but I am finding it a very tight market to get into. > > How would be the best way to make a start in the Security > field. As I have > found that most company's will not look at your CV unless you > have had 2 > years proffesional experience/certification and you can't get a > certification until you have the experience etc. > > Thanks in advance > Mike > > > > -- > - > -- > -- > > > -- > - > -- > -- > ---
RE: Getting In
> De : Michael LaSalvia [mailto:[EMAIL PROTECTED] > Envoye : 12 aout, 2003 15:10 > A : 'Jay Woody'; [EMAIL PROTECTED]; [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Objet : RE: Getting In > > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hum I had the same issue a year ago. I just had gotten laid off and > decided to peruse my dream job of security. I had tons of non > professional experience but nothing to show and employer. I went out > and got my TICSA and took the LCA also. I then searched around for > entry level positions in the security field. I even put a post on the > security jobs mailing. I was completely honest. I was like green > security professional looking for entry to intermediate position and > blah, blah. I got many leads from the list. I suggest during your off > time while looking to get in work on some certs and read up on what > you can. But what we all want to know is: Did you get a job in the field? :) -- Manuel Lanctot Inventory Tech Bayard Press ---
RE: Getting In
Hi, It's not the biggest cert but the Security+ might be a start. There is no experience requirement but demonstrates some basic knowledge. You could follow this up with the TICSA which requires two years of experience or 48 hours of classes. The GIAC courses also do not require experience. They require a written practical and an exam. Dave ---
RE: Getting In
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I feel it gave me an edge during interviews. I new more stuff and felt more comfortable answering questions. I don't think it gives me an edge like a CISSP would or like my Check Point Certs did, but as the industry starts realizing more certs as valuable other then the CISSP and the CCSP I think it will help. - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 12, 2003 11:31 PM To: [EMAIL PROTECTED] Subject: RE: Getting In Did TICSA gave you any jumpstart as other security certification e.g. CISSP or CheckPoints ? Regards, Leonard > -Original Message- > From: ext Michael LaSalvia [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 13, 2003 3:10 AM > To: 'Jay Woody'; [EMAIL PROTECTED]; > [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: RE: Getting In > - -- - - - -- - -- -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBPzqdN3AnVb+gRdsVEQL8KwCeJFeFTgn7MajY+WBCddK5RJRQw9cAoPwR KhR20WYHCEG+U0/xLSVC24dl =sDKS -END PGP SIGNATURE- ---
RE: Getting In
Your best bet is try gaining experience with your current company. Most Information Security departments are more willing to hire from within than from outside. Most Security Professionals have a varied background. Most of the ones I have met have a background in System Administration, some are Network professional and a few have been software developers. I will say the best ones have a little bit of experience in all areas of Information Technology. Scott Davis Instructor Network Perimeter Security www.infosectraining.org > -Original Message- > From: Mike West [mailto:[EMAIL PROTECTED] > Sent: Saturday, August 09, 2003 4:29 AM > To: [EMAIL PROTECTED] > Subject: Getting In > > > Guys > > I know you have probably been asked this question many times but here goes. > > I am currently a security enthusiast and employed as a software developer > for a large Telco company however I would like to get into the security > field but I am finding it a very tight market to get into. > > How would be the best way to make a start in the Security field. As I have > found that most company's will not look at your CV unless you have had 2 > years proffesional experience/certification and you can't get a > certification until you have the experience etc. > > Thanks in advance > Mike > > > > --- > > > > --- > > > ---