Hi Douglas, I agree with Ryan, you are heading in the right direction for eventually getting a job in the field. Key word there is eventually, A lot of companies don't believe in security until they get hacked. I started becoming interested in computers and security in about 10th grade also. When I graduated at 18, I got lucky and got a tech support job with a telephone company that employed around 200 people. They had no security department. When we started getting more employees and customers rapidly, my company still didn't care about security, until they started having problems. Now I am 23 and we have about 800 employees, we are not only a telephone company, but an ISP and wireless seller. Even at this big we still only have one guy doing security 24x7. Last year is when I expressed interest in security to my boss and they are currently working on a position for the second security person in the company. Point I'm trying to make is, I had to be in the IT dept for 5 years before I even got a shot at security. Companies just don't care about it until something happens. My advice to you is, if a job comes up that you would be willing to do in a computer dept, at a company, apply for it, get your foot in the door. 90% of companies will transfer someone from one position to another before they go to the outside. Maybe some people would disagree with me, but this is only my opinion. Good luck and I hope everything works out.
Chris Lutz (GSEC) IT Operations Support D&E Communications [EMAIL PROTECTED] (717)738-8214 >>> Ryan Anderson <[EMAIL PROTECTED]> 01/07/02 11:21AM >>> I sounds like you're already heading in the right direction for eventually moving into this field. Unfortunately I don't know of any companies that would be willing to let a high school student poke around on their network in order to learn stuff, but if you have skills to offer them and are willing to work for free (or very very cheaply) you might find a company willing to take a chance on you in order to avoid having to pay a full-time admin/security person. My first advice as far as learning security goes is to put a server out on the net from your home. This is a great sink-or-swim way of learning, and it has pretty minimal risk since you're not going to kill your company's profits if your home server gets hacked. setup a server with a real ip address, load up linux, do your best to secure it, and then install some services, like a webserver and sendmail. Register a domain name and setup your box as a DNS server, things like that.. its not all that hard to secure a box on the net that doesn't do anything besides sit there, but it becomes increasingly difficult to have a secure box that actually serves a purpose. Good luck! -Ryan On Fri, 4 Jan 2002, Douglas Pichardo wrote: > Revered security professionals: > Hi, my name is Douglas Pichardo and I am 16 years old. I live in Virginia > Beach, Virginia (USA), and I am in the 10th grade. I have been a member of > this discussion list for several months, trying to learn all I can about the > world of security, which I have a strong interest in. This last summer, when > my interest popped up, I spent several hours almost every day reading > webpages about every security topic that I could read about and understand, > but at that time I was using Windows 98 and was unable to really get into and > play around with any of the information I learned, and decided to get an OS > that would allow me to - either Linux or Windows 2000, and Windows 2000 is > too expensive. For Christmas, I got SuSE Linux 7.3 Professional, <u>Hacking > Linux Exposed</u>, and <u>Linux System Administration</u>, as these all had > good reviews in various places and I did not like Mandrake 8.1 which I had > burned on CD and previously installed. > Well, to the point: I would like to try out security things like firewalls > and such and be exposed to the internet (I'm behind a Linksys Cable/DSL > router with NAT), but I don't feel anywhere near knowledgeable enough. What > I'm looking for is a internship of sorts, and I was wondering if either: (a) > by some chance some of you know companies in Virginia Beach, VA, that would > take me "under their wing", or (b) any of you know of any websites or > companies that might have information about local internship programs in the > security/administration field. I am looking for a learning opportunity - a > free one - where I could gain experience (the SANS and other conferences are > too much money and travel for me at age 16). I would greatly appreciate any > help that you would give me as an aspiring security professional. Thank you > in advance, and also thank you for reading all of this - I can get wordy :-) . > > Sincerely, > Douglas Pichardo > > P.S. I'm not some teenage wanna-be hacker; I truly only want to get into the > security field, not the "counter"-security field. And just in case the fact > that I'm writing this at 10:30 AM might contribute to the stereotype, I have > no school today; we have about 3 inches of snow and the whole area has shut > down as if it were 3 feet. > > P.P.S. Are there any other books on Linux administration or local/network > security that you recommend? >