Anyone interested in cryptography/cyber security?

Started by Hat And Beard, March 09, 2017, 11:17:14 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Hat And Beard

March 09, 2017, 11:17:14 AM
Hey everyone,
If you're interested in these topics, I suggest you start out by reading https://www.schneier.com/blog/archives/2012/07/how_to_become_a_1.html, and if you're into it but haven't read it, give it a whirl anyway.  ;)

Prayerful

#1
March 09, 2017, 12:53:08 PM
Very topical subject, even if a person has little intent of working in that area.
Padre Pio: Pray, hope, and don't worry. Worry is useless. God is merciful and will hear your prayer.

Mac_Benny

#2
March 28, 2017, 03:08:15 PM
This is certainly an underrated and overlooked area in the IT world. Solid career can be made going this route. The problem is the little publicity of the subject matter and the lack of clarity on where to get appropriate training (i.e. which Certs matter).

Bonaventure

#3
March 28, 2017, 03:53:08 PM
Are there a lot of jobs in this H&B?
"If any man will come after me, let him deny himself, and take up his cross, and follow me."

Hat And Beard

#4
March 28, 2017, 03:59:57 PM Last Edit: March 28, 2017, 04:02:31 PM by Hat And Beard
Quote from: Bonaventure on March 28, 2017, 03:53:08 PM
Are there a lot of jobs in this H&B?

There is a shortage of people that are good at it and businesses are slowly starting to figure out that they can't ignore it. That being said, I'm of the mindset that if job opportunities are what attracts you to the field in the first place, you're probably not going to be very good at it.

In order to be long term successful at it, I'd wager you have to an extensive knowledge of software engineering, operating systems, and computer networking(basically 4 years worth of study if starting ex nihilo).

ETA: Someone could probably be employed in the field for a while if they went through a community college certificate program, but I really think an IBM, Google, or Microsoft will automate this sort of job soon, or build a better platform that doesn't require this kind of hands on work.

Gardener

#5
March 28, 2017, 09:39:19 PM Last Edit: March 28, 2017, 09:42:34 PM by Gardener
Security has many aspects. It's an entire field (with many sub-fields) within an industry. Many things are already automated, but still require human input. Any company which would ever entrust its infrastructure, network, data, and ultimately its reputation to automated software without human input is retarded. The automation can stop certain things, but from what I've been told by guys doing it the automation more importantly alerts them to things they take action on stopping. They then go back through and look at how controls were bypassed, etc. and then harden the systems. It's simply a puzzle solving field. Probably 99% of actual Security work is not Hackerman-esque. It's simply combing through logs, etc.

At my location, the Security folks pull from all fields. There will be overlap, but there is no one-size fits all candidate for such work. A good friend of mine is a Security Architect. His background is varied, from Desktop Support to Linux kernel development to Networking. He works with people who have only a networking background or only a software development background, etc. No one is expected to be super good at any one thing. If they have a coding issue, they might kick it to the former software guy. A networking issue, to the networking guy. It's not an intro field by any means, but it shouldn't take more than a few years to break into with the right motivation.

Currently, I work Desktop Support while I finish a BS in Cyber Security (already have an AAS in Computer Networking). Next job will likely be Network Engineer before I finish the BS, as I'll knock out the CCNA next.

However, once I'm done with the CCNA, I'm doing CCNA Security. I'll do CEH on my own, apart from the degree path. I might skip Network jobs and go straight for a Cyber Security Analyst position.

One of the Security folks at my job was on the team I'm on now. She got CEH and applied for a Security position. She was accepted. Based on the times I've had to assist such folks remotely, a lot of what they do is simply procedural (such as put out by SANS Institute, designed by the Architects, etc.). My buddy's former boss was a social worker before he got into IT.

I'm weary of making things seem like unobtainable goals. There is a sort of mythos which surrounds Security, and it's not helpful for encouraging people to get into it. Just like every Saint was once a sinner, aside from Our Lady and St. John the Baptist (though, an Original Sinner for a short while), every Security engineer was once not a Security engineer -- a lot probably often feel like they really aren't, that they will be found out as a total non-hacker (ha!). The majority of folks probably fight with Imposter Syndrome a lot.

https://sroberts.github.io/2015/05/02/imposter-syndrome-in-dfir/

The majority of IT folks are not ninjas. They are folks with a foundation in some basics and the ability to problem solve. Some stay int eh Server world. Some stay networking. Some move toward Security. Some of those fields have ninjas at their job, but they will never be Security, cus they don't want to. Know what they all use the most? Google.

"If anyone does not wish to have Mary Immaculate for his Mother, he will not have Christ for his Brother." - St. Maximilian Kolbe

Bernadette

#6
March 29, 2017, 05:53:38 PM
QuoteAnyone interested in cryptography/cyber security?

Not yet, but give me enough time to get over being intimidated by the name, and I will be. Especially after I "see" it work.  ;D
My Lord and my God.

Hat And Beard

#7
March 29, 2017, 05:57:31 PM
Quote from: Bernadette on March 29, 2017, 05:53:38 PM
QuoteAnyone interested in cryptography/cyber security?

Not yet, but give me enough time to get over being intimidated by the name, and I will be. Especially after I "see" it work.  ;D

Print
Go Up Pages1
User actions