How to acquire knowledge in security and cryptography

How to acquire knowledge in security and cryptography

I have been a Unix system administrator for a number of years and am interested in system/network security and cryptography. Could you please give me some ideas on how to become a specialist like you in those areas, such as training, working experience, books I can read, etc.?

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

There are many different areas in system and network security to get involved in. For example, you could work on installing, configuring and managing security devices such as firewalls, VPNs and intrusion detection systems. You could design and set up secure networks. You could work on security policies for corporations.

I got into computer security by being a software developer, myself, and if you wanted to write software, there are many opportunities for software developers. Similarly, I started off in operating system security, but then got into cryptography.

There are a number of good sources on the Internet for information. There is this site, for example. Security Focus (www.securityfocus.com) is another. For more formal training, I recommend the Computer Security Institute (CSI) and the Information Systems Audit and Control Association (ISACA). The SANS Institute also offers a number of security-related courses that can help you get off the ground.

The main thing for you to do is to decide what sorts of things interest you. In all forms of information security, there are things that some people find endlessly fascinating, but others find mind-numbingly dull. Similarly, there are some industries that some people like and others don't. You may like banks, or small companies, or large ones. I feel finding out what you like is most important. If you find something interesting, you'll get good at it. If you wake up in the morning looking forward to work, you'll accomplish a lot. If you do work you like for a company you like, you'll get good at it, and that leads to being well-paid.

For more information on this topic, visit these other SearchSecurity.com resources:
Careers and Certification Tip: The vendor?neutral security certification landscape
Ask the Expert: Where to obtain a degree in cryptography
Ask the Expert: First certification for breaking into security


This was first published in November 2002