Skills for the Future

A lot of the emails sent to me ask a basic question: Just how does one break into computer security or what skills should you learn to get that first job security. Lately though, I have been receiving many more queries on how one can leverage an existing skill set to become an information-technology security analyst.

A great question and one that resonates at a personal level as well. The bulk of us who practice computer security generally share one common denominator - the fact that we did not just fail in our present jobs. We all came to this field from various other jobs in the computer industry. Back in the day for me, there was simply no place to take computer-security-centric curriculum. Of course, that's changing today, with more colleges and universities offering computer security courses now.

In the past, because of the lack of formal education being offered for computer security, it was then left up to the individual to gain the specific skills needed to be a security analyst. Today, that is less true and one can certainly aim to become a security analyst taking courses and getting certifications. However, working on migrating the current skills that you presently have, the most security analysts did before their formal curriculum, continue to be my preferred way. You might well be surprised at the many commonalities between say system administration skills and that of security analyst.

More news: Domain Default page

It stands for reason then that system administrators, hardware jockeys - the people who take care of routers, switches and other devices - and database administrators all have some core skills in common.

Yet it's the system The person who works for the company is the person who works for a large company or the government.

Knowledge of Microsoft Windows, Knowledge Of major protocols Network architecture concepts, Familiarity with firewalls, anti-virus solutions, and content filtering programs, One of the core skills of any system administrator is having an excellent knowledge of the operating systems in use on their networks. For many networks today, that would mean a mix of Microsoft Windows and either Linux or BSD, since it is my experience that most networks do not use the single operating system. This knowledge then neatly maps to computer security, because security analysts are no different in that they must also have an excellent understanding of various operating systems.

If you administer to Microsoft Windows network then you are well aware of NetBIOS and network shares. One would say they are the fundamental concept of Windows. It is also very well known security risk in so much as it is often left unprotected. For the savvy system administrator, then, it's common sense to use passwords to access network shares. This is one concrete example of the system administrator knowledge being easily ported to the world of security analyst.

Don Parker, GCIH GCIA, specializes in intrusion detection and incident handling. In addition to writing about network security he enjoys a role as guest speaker for various security conferences.

  • Adam Floyd