tag:blogger.com,1999:blog-4088979.post116413897930823908..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: No Shortcuts to Security KnowledgeRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger11125tag:blogger.com,1999:blog-4088979.post-1164593909114435022006-11-26T21:18:00.000-05:002006-11-26T21:18:00.000-05:00Aside from the level of tech needed to be a profes...Aside from the level of tech needed to be a professional security gal/guy, anyone considering such a career should also think long and hard if they are willing to deal with the real life consequences of such a career.<BR/><BR/>If you fly solo as a consultant, you better be able to sell your services and also live thru the months when there are just no contracts. <BR/><BR/>If you decide to go corporate, beware of two major areas of career risk: 1) whichever department you end up in (network team, risk management, etc) an unwritten part of your job description is you are going to be hated and you may be signing up to be the fall guy. The politics around infosec/netsec in any large organization get ugly real fast. 2) be prepared to be redundant. lots of companies are folding opsec into network teams and network teams are VERY vulnerable to outsourcing.<BR/><BR/>Of course YMMV, but this is my decade plus worth of observations.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1164475504149016242006-11-25T12:25:00.000-05:002006-11-25T12:25:00.000-05:00The attitude irritates me. "Teach me everything I ...The attitude irritates me. "Teach me everything I need to know." Some people! Start by taking an ethics course!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1164253431705726792006-11-22T22:43:00.000-05:002006-11-22T22:43:00.000-05:00Anonymous,I likeProfessional Web Application Penet...Anonymous,<BR/><BR/>I like<BR/><BR/>Professional Web Application Penetration Testing<BR/>Hacking Exposed, 5th Ed<BR/><BR/>Outside of those two I'm not sure!Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1164233014456124102006-11-22T17:03:00.000-05:002006-11-22T17:03:00.000-05:00This comment has been removed by a blog administrator.social media agencieshttps://www.blogger.com/profile/15094462602027202966noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1164224679691990872006-11-22T14:44:00.000-05:002006-11-22T14:44:00.000-05:00Richard i appreciate your book reviews can you hel...Richard i appreciate your book reviews can you help me about what are the 3 best penetration testing books availabe on the market today?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1164193554684625962006-11-22T06:05:00.000-05:002006-11-22T06:05:00.000-05:00I'm late comer when comes to computing, I started ...I'm late comer when comes to computing, I started learning it when I were 22, instead of headless I decided to concentrate on network security after one and half year of learning computing. I suffered a period where I can't understand those network intrusion/detection books/materials since they looks too technical to me and come to realize that foundation is very important. I start learning network protocols(RFC and steven's book), *nixes based system(luckily I got free training from college) and writing shell scripts when I need to ease my task. I do use security tools that are listed in insecure.org to learn how security tools work. I would say I'm lucky enough to meet awesome guys in #snort-gui to stimulate my moods of learning network security in more in depth way since I realize I'm not as good as them. But you should think that taking network security as career path can be tough unless you have passion in it and won't lost it some other days. It requires lots of reading and understanding, you will have to keep yourself update and love what you are doing. Your skills will evolve over time when you have more experiences in the industry. <BR/><BR/>It's never ending process, find me which network security expert that stop learning unless they decide not to involve in network security field anymore. <BR/><BR/>P/S: By the way I don't think Richard is cheaper than any college that offering you the security courses, his time is precious :P<BR/><BR/>CheersC.S.Leehttps://www.blogger.com/profile/10778262436985693992noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1164167283396938302006-11-21T22:48:00.000-05:002006-11-21T22:48:00.000-05:00no way my friend said that he knew everything abou...no way my friend said that he knew everything about security from reading SANS<BR/><BR/>(sorry i couldn't resist)Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1164145034979817602006-11-21T16:37:00.000-05:002006-11-21T16:37:00.000-05:00Hi Chris,Great references -- I haven't read "Mind"...Hi Chris,<BR/><BR/>Great references -- I haven't read "Mind" either.Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1164144144765714612006-11-21T16:22:00.000-05:002006-11-21T16:22:00.000-05:00Here's a link to an excellent article: "Teach Your...Here's a link to an excellent article: "Teach Yourself Programming in Ten Years" at http://www.norvig.com/21-days.html<BR/><BR/>I think the conclusions reached in this article are good, and apply equally well to computer security. And while no one can be a wizard in a few days, weeks, or months, the only way to start is at the beginning. <BR/><BR/>It also helps to read this blog, Marcus Ranum's stuff, and "Inside the Security Mind: Making the Tough Decisions" by Kevin Day. They represent some of the strategic thinking that many new security practitioners miss out on. (Just curious - have you read the Kevin Day book Richard? If so, what'd you think?)<BR/><BR/>- ChrisAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1164141138079188932006-11-21T15:32:00.000-05:002006-11-21T15:32:00.000-05:00Don't be so easily fooled by cockyness, marcin. If...Don't be so easily fooled by cockyness, marcin. If security professionals knew as much as they pretend, they wouldn't be necessary.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1164140740120370392006-11-21T15:25:00.000-05:002006-11-21T15:25:00.000-05:00I'm a student, who's 20 years old and sometimes fe...I'm a student, who's 20 years old and sometimes feel the same way. Everywhere I look I see (security)professionals who know so much in the world of IT among other things and wish I knew half as much as them. I take a step back though, come to grips with reality and tell myself... "I'm only 20, when I'm older and have been in the industry(and learning as much as I can) as long as these guys... hopefully I will possess that same level of knowledge."<BR/><BR/>Knowledge and wisdom come with experience, would anyone disagree with that?Anonymousnoreply@blogger.com