Bay 12 Games Forum

Please login or register.

Login with username, password and session length
Advanced search  

Author Topic: Education for Job in Computer Security  (Read 882 times)

ScriptWolf

  • Bay Watcher
  • You can't spell slaughter without laughter!
    • View Profile
Education for Job in Computer Security
« on: November 24, 2010, 05:22:38 am »

hey at the minute i am in college doing a ICT focused A level, and my overall goal is to then go to uni and do Ethical Hacking and digital security. because my main goal is to become a Hacker in a suit and do it as a job and get paid for testing computer systems ( i this the phrase is penitration tester).

and well after i have taken my undergraduate would it be worth doing a masters in Computer Security? would it all still fit in and help towards my main job goal?.. and i really want to focus all my Education Into Computer Security.

Also does anyone know of any other sort of qualifications i can get for that sort of job i wanted? i Know Theres the CEH but any others?.

and Well just any help in general about where to go and what to do.
please and thank you for any help :)

I also live in the United Kingdom so anything About American schooling is not very helpful
« Last Edit: November 24, 2010, 01:25:59 pm by ScriptWolf »
Logged
He must be running 3.5 abacuses of RAM

Pillow_Killer

  • Bay Watcher
    • View Profile
Re: Education for Job in Computer Security
« Reply #1 on: November 24, 2010, 07:28:20 am »

UK? Dude, this is some really sad typing there. Have you had F on your english in school, or somethng? How did you even get into college.
Logged
Quote from: x2yzh9
every man faps to every person he knows/likes. I've done that for about 2 girls that I've liked really, and it's because they have big boobs. 'Nuff said amirite?

ScriptWolf

  • Bay Watcher
  • You can't spell slaughter without laughter!
    • View Profile
Re: Education for Job in Computer Security
« Reply #2 on: November 24, 2010, 08:40:57 am »

UK? Dude, this is some really sad typing there. Have you had F on your english in school, or somethng? How did you even get into college.

Your're such a dick, why even reply if you have nothing better to say than slag me off about my punctuation. Why even bother commenting?.

In reply to that i take it you got a F as well seeing as though SOMETHING is spelt with a I.
« Last Edit: November 24, 2010, 09:30:20 am by ScriptWolf »
Logged
He must be running 3.5 abacuses of RAM

Pillow_Killer

  • Bay Watcher
    • View Profile
Re: Education for Job in Computer Security
« Reply #3 on: November 24, 2010, 08:59:24 am »

UK? Dude, this is some really sad typing there. Have you had F on your english in school, or somethng? How did you even get into college.

You're such a dick, why even reply if you have nothing better to say than slag me off about my punctuation. Why even bother commenting?.

In reply to that, I take it you got a F as well, then seeing as though SOMETHING is spelt with a I.
Funny that, I'm not a native speaker.
I left one out, see if you can catch it.
In reply to that, check this out. Now, I dont know about UK, but they are recognized here.
-edit-
Also, there's always GHCQ, which, while probably not broadly recognized internationally, should hold... rather major presence in UK.
« Last Edit: November 24, 2010, 09:02:03 am by Pillow_Killer »
Logged
Quote from: x2yzh9
every man faps to every person he knows/likes. I've done that for about 2 girls that I've liked really, and it's because they have big boobs. 'Nuff said amirite?

ScriptWolf

  • Bay Watcher
  • You can't spell slaughter without laughter!
    • View Profile
Re: Education for Job in Computer Security
« Reply #4 on: November 24, 2010, 09:25:12 am »

Ok. In reply I’m sorry it’s just annoying when you really taking the piss out of me, when I had done nothing wrong except a few punctuation errors I try to fix them all and no need to point it out so harshly :( and I take on board what everyone else has said about my typing and I try to improve. Positive criticism would have been nice :/.

Sorry for insulting you just don’t like it when people make such harsh comments, you wouldn’t like it would you?

And thank you for the information :).
Logged
He must be running 3.5 abacuses of RAM

Muz

  • Bay Watcher
    • View Profile
Re: Education for Job in Computer Security
« Reply #5 on: November 24, 2010, 11:19:09 am »

Heh, I do a bit of security as a living. After a while, you realize it really isn't about the technicalities and finding flaws in the security. There's flaws, sure, but those always get patched up as soon as someone finds them.

Anyway, security isn't really as glamorous as you think. A technical security professional will probably end up similar to a security guard. You get treated about the same. People don't see what you're doing when you do it right, but will when you do it wrong. You won't get spotted for raises. You won't even get a lot of priority - security is a balance between convenience and safety, and people will always value the convenience more unless you can convince them otherwise.

I would suggest working on your communication skills a heck lot more if you want a job in security though. It's really not about the technical bits, the communication part is far more important to a security professional than to many other technical professionals. The weakest point in any security is often people and you really have to work with and convince people if you want to get anywhere (in both attacking and defending).

Also, hacking is more of a result of people valuing their convenience too much more than their safety. Look at your password for this forum.. you probably use the same one for others. Convenience. Just the same reason steganography works or the reason that people use "crackable" systems like DES and WEP. Everything in security is well-documented, and the "someone is smarter than you and figured it out" applies here. That is, a lot of good companies don't hire people to test their security, because they know their flaws and they just don't really care about them, in reality.
Logged
Disclaimer: Any sarcasm in my posts will not be mentioned as that would ruin the purpose. It is assumed that the reader is intelligent enough to tell the difference between what is sarcasm and what is not.

Starver

  • Bay Watcher
    • View Profile
Re: Education for Job in Computer Security
« Reply #6 on: November 24, 2010, 12:24:46 pm »

I held off saying anything at first, to see if anyone had anything more useful than my own experience.  (Also because I would also have been tempted to mention the typing.  I reckoned you were being informal on these boards, but you must do better in job applications/etc, if it's not actually the deliberate sloppiness I had assumed...)

I've just been supervising (well, sort of) a couple of guys who are here to get experience with computers.  One of them "hasn't really got any qualifications, but thought, about three months ago, that I'd like to get into computing...", to only slightly paraphrase what he actually told me.  Wrong approach.  I can't actually see him going too far.  So the fact that you're thinking about the long-term is good, but don't just do it because you just recently took interest in the idea of Penetration Testing.  In fact, I think that's a rather narrow target.  (Says I, who has such a broad target across the whole IT industry that I often (although not in Job Interviews!) state that I'm a "Jack of all trades, Master of none"...  Consider that the opposite of your problem.)

You almost certainly cannot jump straight into penetration testing, or computer security in general.  Well, there is possibly the approach of becoming a black-hat hacker/cracker, by your own efforts (not just downloading script-kiddie tools of the "helps-U-hack" variety, but actually listening and learning to 'those' kind of people), getting a reputation then finding some legitimate place that'd want to take you on as a Poacher Turned Gamekeeper type.  But there are a number of problems with that, starting with the fact that I'm not too keen on the idea of encouraging that practice and certainly including that a number of Security/AV/etc companies publicly state that they won't reward those kind of people.  Still, there are those who have Come In From The Cold, publicly or otherwise.

A more legitimate way would be to go first into a general entry-level IT role.  Check the job adverts for what employers like, for that.  Qualifications for MCSE, Cisco, A+/N+/S+, etc, would be useful, and would also get you prepped for the Security side of things even if they're not entirely security-targeted themselves.  (Knowing the principles of TCP/IP Protocols will help if you ever end up checking network activity, or even trawling through something like a set of captured wireless traffic logs, etc, etc...)

You probably won't get the opportunity to head straight for network security.  And "I'd like to try to break systems" doesn't sound like the kind of thing I'd put a positive note on if I was anywhere near a job interview panel...  (YMMV.)  But if you show aptitude, the opportunities may arise.  Plus you may find you have aptitudes in another area.  e.g. developing in-house Intranet applications, Disaster Recovery planning or just being the best darn front-line support person that there's ever been[1].

Also (and this is something I've neglected) you get yourself a decent income (and/or contacts) to support your 'messing about' in your chosen speciality.  Getting yourself actual routers and machines for your own private sandbox.  You might even be able to take old equipment off of your employers hands (with permission, of course) to get your practice.  Cheaper than getting new stuff, more reliable than getting them 2nd-hand off of a random eBay seller.  (Your social life/familial relationships may suffer if you go about this with too much exuberance, so always keep perspective, and don't get too far ahead of yourself, or you end up with a lot of junk hanging around and all you get to be is a pack-rat...  I should know... :) )

Keep an eye on your goal, but be flexible.  (Not as flexible as I've been, though as really should have specialised more over my career so far, and not flitted around as much as I have...)

I have no doubt that there are people who have had a more arrow-like trajectory into such a job, but the job market and opportunities for advancement are changing all the time.  (At one point, getting into Games Programming started by making BASIC programs, swapping the cassettes at fairs, and getting noticed as a games maker in your own right, these days you often need University education to get considered for modern-day positions in a programming team at one of the Big Name companies.  Although there are still a few, like Toady, who are probably getting kudos by their more-or-less individual effort, the known Top Guns of the current professions are as likely to be nameless to the average player as the 3rd Make-up Assistant of any mainstream film is to the average film-goer.)  My own experience, apart from being not exactly the most appropriate guideline, may not even bear much resemblence to the track you would have to set out upon.  More than two decades in, my list of qualifications actually look far less impressive than I would like, considering the experience I've accumulated in the industry.  For a long time I've thought that I really need to get that sorted.  And for that reason alone I might have disqualified myself from giving any advice, but as others don't seem to be forthcoming, you're welcome to the above advice.  If only to consider and reject it, pursuing someone else's method.


Though the big thing in the UK (and probably elsewhere, but I don't know for sure), is that a lot of skilled jobs have been/are being culled from the recent financial turbulence and current/imminent 'cost cutting' measures by the government, so you'll find that there are quite a few experienced people out there trying to grab even the jobs that the less experienced ones might be going after, so yet another reason not to be too picky about your particular point of entry into the career.  (It also means that I've seen bottom-level (i.e. script-driven, call-centre based) 1st-Line Support positions advertised with University degrees in "Computing or a similar subject" as a pre-requisite!!!)


Oh, and I've in the past checked out GCHQ as a possible employer[2], as an idle aside, and their prospective employee information pages made for interesting reading... :)


Ah... Muz, you posted while I was composing and editing.  You're right about the glamour.  (Although I was sort of known as "The King Of Anti-Virus" in a previous job, most of what I did was behind-the-scenes in the "if I hadn't done anything, then you would have known" sort of sense...)  And the administrative parts (e.g. making sure the latest rolling updates have gone out to all machines at your site/worldwide) might be personally gratifying, but are a lot like "solving the Y2K problem"...  Nobody (other than the guys in Berlin you had to interupt to get them to give you appropriate server access) notices that no planes are falling out of the sky, even after you pulled an all-nighter to counter Melissa/CodeRed/whatever...  And sometimes, when (metaphorical) planes do fall out of the sky, everyone looks at you wondering if you shouldn't have stopped it.  (As it happens, nothing particularly horrible happened to this particular firm that comes to mind for the ten years I was there, but even I don't know how much my efforts might have helped in that result...  They did have problems after I left, but nothing that I could have stopped happening, or due to my departure so not really relevant to this particular ramble.)

Also, Muz, before you sya anything, yes, I know my communication skills also need working on. :)


[1] And, what's more, like the job...  personally, that's something I'm reasonably fond of, as long as it's not the likes of "the general public" via a call-centre, as I like to know the people I'm helping out, when I'm doing a support role.  If nothing else, because I don't tend to rattle off quite so much when I'm not trying to second-guess every possible level of knowledge the guy at the other end of the phone has about his own problem...

[2] I could say "and if I told you I now worked for them, I'd have to kill you...", but there would be other people to do that for me, anyway... :)
Logged

ScriptWolf

  • Bay Watcher
  • You can't spell slaughter without laughter!
    • View Profile
Re: Education for Job in Computer Security
« Reply #7 on: November 24, 2010, 01:23:13 pm »

Thank you for you help :), and well my sloppiness was because i was on a forum and not doing anything serious :P.

and thanks for your views :) been helpful, and I'm not just total focused on security, but is the one i would like to mainly go into. I also take a interest in fixing computer and the hardware side of things, and i also like the idea of developing AI.

and I have started to build up a small closed network to play around with and test things with and try out different attacks and stuff. and code my own stuff, because i really do not want to end up a script kiddie.

But also wouldn't having a degree in this line of IT also help a lot?.

And sorry if my punctuation is bad and the shortness of my reply, its hard using a laptop with very few buttons still left on it :P

Edit:
Just a small addition. Once i have my small private network set up with more than one computer what sort of things should i be focusing on? Could i have a small nudge in a direction where i can learn the security and Hacking and defending by my self and then being able to test it out on my own network and lab computer.

Because real valuable information about this subject is hard to come by.
« Last Edit: November 24, 2010, 01:29:20 pm by ScriptWolf »
Logged
He must be running 3.5 abacuses of RAM

Muz

  • Bay Watcher
    • View Profile
Re: Education for Job in Computer Security
« Reply #8 on: November 28, 2010, 05:31:46 am »

Eh, your communications skill is fine, I guess. You just need to handle people. Oersonally, I see a computer security expert about the same as a security guard, just with technical skills instead of physical. A computer hacker tends to be like a robber/thief/con artist - either they break in somewhere physical or walk in through the front doors and the security guy has to prepare for any attacks.


ScriptWolf... all the security used today is heavily documented. You can get say, most security concepts from wikipedia, or look directly for the RFC for it. There are people who try to break it, those people work for security companies (Symantec, McAfee) or a university. Unless you're really awesome, you won't get a job testing it.

Back in the 80s-90s, security was shit. SSL didn't exist, phones were hackable with tones, PGP was (almost literally) military grade stuff. A few experts with the right knowledge could hack all of it. These days it's all down on paper, the true hackers are professors and postgrads. I had applied for a research job trying to sneak data out of computers without being detected, didn't get the job, but it's academic.

You'll still have to do a bit of script kiddying. Nobody actually hacks from scratch, they just plug in a software that does it. There's not really much to being a good hacker, you just need to know the right tools and where they apply. Both skilled robbers and bad robbers use crowbars. Just that the skilled ones will know everything about how a safe works, how to break it, where the weak points lie, and when to crack it or when to just get the combination code from someone. You don't have to code your tools from scratch. They won't use a chisel to break it, they'll just find some specialized tool everyone else uses.

If you don't know where to start, yeah, I'd say a degree is perfect. Security involves a lot more math than other computer science applications. If you want to break or brute force the cryptography, you need to know how it works. If you want to find flaws in some key generating algorithm, you need to know how the algorithm runs and where they're open. The latest major hacking accomplishment was how someone managed to fake security certificates and that was all done with mathematical knowledge. If you want to figure how to break quantum cryptography (which is the latest these days), you'll have to know how quantum mechanics AND cryptography works, and neither are easy :P

But if you want a start, I suggest you at least figure out how symmetric keys and public-private keys work. Then go on to key generation. Those are the building blocks of every single network security tool.
Logged
Disclaimer: Any sarcasm in my posts will not be mentioned as that would ruin the purpose. It is assumed that the reader is intelligent enough to tell the difference between what is sarcasm and what is not.

Starver

  • Bay Watcher
    • View Profile
Re: Education for Job in Computer Security
« Reply #9 on: November 29, 2010, 06:16:04 am »

Sorry, seemed to miss prior thread update...  But I'll go along with what Muz says, anyway.

Terminology wise, I'm not sure if I quite use the term "script kiddie" the same as you.  I was really thinking more the deliberate application of the situation shown in <url=http://xkcd.com/416/>XKCD's Zealous Autoconfig</url> cartoon, and without any underlying user knowledge.

As a past practitioner of the art of shell scripting[1] I've also been labelled "script kiddie", although that's really from the opposite side of the application divide, and definitely not the recognised usage... :)  (Never mind that it's been a while since most people could have called me a "kiddie"!)

BTW, it's been a while since I dealt directly with PGP, that old 'munitions' thang[2]...  From what you said, it appears to have been 'broken'.  All goes to show how out of date one can get...


Yeah, in short, I endorse academia, added to(/in conjunction with) practical professional experience.  If you're so inclined and have a suitably attuned aptitude, the world's your lobster, right?


[1] I'm a tad out of practice for *nix, but I can still roll a mean batch file, on demand, aided and abetted by the relatively recent Command Extensions to the likes of the FOR command and tilde-expansions of variables under newer (2K+?) versions of Windows.   Although still nothing as powerful as sed, et al, still a lot easier than when I was getting DOS 6.x and its predecessors rolling around and doing complex maths through highly contrived parameter sets and CALL-chaining...

[2] Been there, done that, always meant to get the T-Shirt... They must be collectors items, these days...
Logged