lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 18 Jul 2007 17:03:09 -0400
From: Troy <tcregger@...nedyinfo.com>
To: Evan Pitstick <bikingnerd@...cast.net>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Help with education

I just read this thread... there's certainly some good advice there...
and the requisite goading by some of the more sardonic personalities on
the list... always a pleasure.

I'm no infosec guru by any means, but as a developer I have more than a
passing interest in the field. Which unfortunately is the exception
rather than the rule in this business.

I read this list every day, and others as  well and one thing I can say
for sure is that you're aiming for a fast moving target... but not an
impossible one to hit.

Dude said:
> If you want to be a good Security Consultant at the Technical level it
> is important that you have a smattering of everything: programming
> networking, administration, etc.. If you walk into a place and expect
> to start telling people what to do, you should at least have walked a
> mile in their shoes before doing so. This means learning Lotus,
> Exchange, Sendmail, Oracle, MySQL and MSSQL, Linux, BSD, Solaris,
> Windows, etc, ad infinitum.

That's probably the best advice I've seen in this thread. I've been a
developer/programmer for almost seven years now and have walked in most,
but _not all_ of those shoes, and it really doesn't ever end.

My one grain of advice... make sure you LOVE this work, and love it for
it's own sake, or because (like me) you find some intangible reward in
it that you can't really explain. Do not get into this business simply
for money, fame, or anything like that.

Infosec, development, networking, and their various levels of related
engineering are the type of jobs that follow you home at night. If you
sleep, this shit will follow you into your dreams. You are not choosing
a 9-5 leave it at the office when you go home career. Love it or leave
it else it will destroy you.

Choose wisely, and good luck!
Peace.

Evan Pitstick wrote:
> I did not intend to start some kind of flame war on the mailing list, 
> and I certainly don't intend to perpetuate it. However, I do want to 
> make it clear that I was looking for advice from professionals in the 
> field. I find questions like "the best of" something often is misleading 
> in simple google searches. Things like advertising and special interest 
> usually cloud the answers. Thanks to everyone who has sent me helpful 
> replies.
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

-- 
'''
0-0-
 ~
 `

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ