Sunday, February 18, 2007

So you wanna get into IT Security!

Still catching up on my blog reading. I came across an interesting article by Richart Betjlich over at the TaoSecurity Blog. The post is about suggestions to people with no experience who want to get into the security industry. I whole heartedly agree with Richards suggestions. Here they are summarized for your enjoyment...

  1. Represent yourself authentically.
  2. Stop using Microsoft Windows as your primary desktop.
  3. Attend meetings of local security group.
  4. Read books and subscribe to free magazines.
  5. Create a home lab.
  6. Familiarize yourself with open source security tools.
  7. Practice security wherever you are, and leverage that experience.
As one of the roughly 68,000 people laid off during the continuing implosion of Nortel I have lived through the laid-off experience, and have counselled a few people in this area. A couple of other items I would like to add.


In the Internet age self-publishing is easy. Put up your own web server at home and register a URL or domain with, or if that is too much work pages like will publish quality papers no questions asked.

I know... You all hate why would you do this?

Firstly, it gets your name out there. The ability to be Googled is not yet essential in this industry, but it sure doesn't hurt.
Secondly, it proves that you can write something coherent and readable and gives potential employers a source besides resume and interviews to measure your ability.
Third, it shows that you are serious! Everyone knows that most people intensely dislike writing. It will show that you have the ability to complete difficult tasks. The fact that you put the effort in will weigh in your favor.

Believe it or not this is not rocket science. I am not suggesting a 50 page treatise on detecting the PDF exploit using Snort. I am talking 5-10 pages on stuff you know. Write as you read... and learn. Consolidate learning from different sources into new views on a subject. Remember there are lots of people at the same level of knowledge as you and lots even lower who will be happy to read what you write to expand their knowledge.


Security organizations and conferences are always looking for people to help out. Volunteer for anything local to you. This is a great chance to meet people in the local security industry, and possibly even get the chance to learn some things.

Another place you can volunteer is community and open source projects. If you have coding skills volunteer for any of the open source security initiatives over at sourceforge or similar places. If you can't code, there are always community projects that are looking for a minimal amount of expertise and lots of enthusiasm to organize documentation, coordinate work etc. Or in a similar vein there are a number of consensus projects like the SANS Top 20 that are looking for opinions.

You are limited only by your imagination and your enthusiasm.


1 comment:

Anonymous said...

Great advice. I especially agree with the line in 'publishing' that says,

Remember they (your readers) are at the same learning level as you and lower and will be happy to read what you write to expand their knowledge.