Background Image

Blog Post

Nov 28

Getting Started In Information Security


Some of the challenges of breaking into information security as a career involve finding the right resources. Fortunately it is becoming easier and with the right mentality you can avoid becoming a pseudo expert by learning the real fundamental skills to make the constant evolution in a challenging field.

 

Everyone Has Preferences

You could watch 1000 videos and become equally convinced at everyone's points and believe during each of those videos that what is being taught is absolutely the most important thing. Of course this simply isn't the case, but the video posted above makes great arguments for Labs, Malware Resources, PCAP Resources, and of course Testing.

Malware Resources

Whether you have a network of professionals sending you highly specific malware for testing, or are slumming it in the openly available lists, there are more than enough useful things to test. Unlike programming sandboxes, in testing against live machines, or against Virtual ones running locally, you're bound to stay captivated - just be sure to document everything and look through what you've noted to find possible solutions for mitigation. 

PCAP Resources

Much like with any other resource list, organization will be extremely useful later so get in the habit now. The goal is to be able to reference the tools and resources you need quickly enough to work in a production environment, not to sit around debating whether one tool is better than another. Likewise methodologies come under scrutiny for a whole host of reasons, and none of them account for the specific goals of the individual lab. 

Labs

It is what it sounds like. You really can't do much besides discuss the theories unless you test. But testing isn't simply attacking targets to see whether something works, it's performing dumps, and analyzing the captures, as well as evaluating what a tool or script, or bit of malware did: how it affected the target, why any inbuilt defenses didn't work, and what steps might be taken to mitigate the attack on successive tests. 

Testing

How many months of cruft have accumulated on your testing systems? Did you think to evaluate the lab itself to make sure you weren't using a dirty testing environment? How many of your tools relied on Python 2.7, how many used Python 3.5? Did you make note of the API's used for the connection environment if there were any? Would this set of conditions exist in the wild or were you on a bridged network adapter attacking a VM on the same machine? What role would schooling play in this process?

Schools 

Certifications are expensive, university mills are a thing, many so called experts are frauds, and passion is the difference. I can see a string of letters before a name and almost immediately tally up the years required to actually get qualified enough for those certs through schooling vs hands on work. Don't be daunted by the costs of certification courses many of them won't be required of you for years or even decades, a competent tester is worth their weight in gold and knows not to publish everything freely. Submit case studies and engage in peer reviews of findings to get the right connections and eventually you'll be exactly what thousands of employers really want.

Tools & Hats

Defensive White Hats Aren't Hackers? Well... actually the statistics would wreck that illusion completely, whether you consider yourself a Black Hat, a White Hat or anything from a growing list of odd color choices, the tools and the methods are pretty similar. Granted newcomers to Black Hat hacking have different goals, but they eventually discover the same things - if without some of the notes. As for folks who shun the Security Distributions in favor of whatever they prefer, standards are a thing. You won't have to love Kali or Parrot to recognize the need to do testing and reporting from a stable platform. For many that is what those distros are. For others they are perhaps less important. Don't be daunted by the need to adapt to such platforms to test and work effectively. Carpenters often may argue about hammers when they aren't busy working.

Getting Work

Even at the intern level you'll want to craft a resume that details some of your labs and discusses methodology and approach. Do about 5 pages of that and be prepared to describe the work, the challenges, and the discoveries with some enthusiasm. You'll be fine, but never turn it in as a USB key, as many exploits are delivered by this method. You don't need to have anything on Stack Overflow, or Github, in fact if the employer asks if you do say you intend to craft tools and list them on GitHub someday, but not until you find a good niche. Honestly is a great policy and professionalism requires no falsehood. People who have been involved in information security for 20 years don't bother trying to dazzle anyone, they show their work, and everyone learns.

Back   
 
Add Comment:
Please login or register to add your comment or get notified when a comment is added.
1 person will be notified when a comment is added.