lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 20 Jan 2011 14:31:38 -0500
From: Valdis.Kletnieks@...edu
To: Emmanuel Apreko <eapreko@...il.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Path to IT Security

On Tue, 18 Jan 2011 16:10:48 GMT, Emmanuel Apreko said:
> After researching i found out that the most prestigious security certification
> is the CISSP and it seems like a very long journey to it since i have no
> experience in it at all but need to get my foot in.

Since the CISSP requires 4 or 5 years of practical experience, those positions
will (or at least should be) written for experienced people.  What you will
probably have to do is look for positions tagged "entry level".  Find one of
those positions, find a mentor, and start learning as much as you can on the
job.  I know a number of people who took a job as an entry-level sysadmin, and
made sure they were visible when positions opened up in the security office.
I've known web developers who appointed themselves the security auditor for web
development projects (checking for SQL injection, XSS, and all the other
well-known issues that are important to check for but nobody else will
volunteer to audit for), and then leveraged that into a full-blown security
role. You may want to look at taking a sysadmin job at a smaller company, or
maybe a small college, that doesn't even *have* a security office yet - and
*create* it.  Plenty of options out there, but most of them requires some
creative thinking to find.


Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ