Home > Ask the Security Experts > Security Management Questions & Answers > Getting your career in infrastructure security started
Ask The Security Expert: Questions & Answers
EMAIL THIS

Getting your career in infrastructure security started

Mike Rothman EXPERT RESPONSE FROM: Mike Rothman

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 17 October 2007
I have six years of IT experience working with Microsoft servers. I am very interested in IT infrastructure security. Where should I start? I am a MCSA.

>
EXPERT RESPONSE
The foundation of knowledge that you have on Microsoft servers will be somewhat helpful as you start moving toward a security role. You do need a broader background in areas like network operations and desktop support. So you'll need to bone up on your networking skills and learn about defenses such as firewalls, VPNs and network intrusion prevention systems (NIPS).

You may already know a bit about these product categories via your work in the data center, but understanding the network attack vectors and, most importantly, the way to isolate and remediate exposures and attacks, is a bit different. There are really two ways to get this kind of understanding.

First, you can learn in the school of hard knocks. That means you basically ask for a transfer to your company's security team and start at the bottom. You'll likely be configuring firewalls and NIPS boxes, troubleshooting VPN issues, and maybe even looking over some log data to try to spot an attack and defend against it.

The other way is to go take some training courses. I suggest reading a lot (some of SearchSecurity.com's Security Schools can certainly help provide an understanding of the vernacular) and also look into formal training, like that offered by organizations such as SANS and Security University. These courses offer a good base in introductory topics, which will start your journey with the right foundation.

I also suggest specializing fairly early in your education. A base of knowledge is essential, but then focusing on something like data center or server security could be a good choice, given your background already. There are hot topics like virtualization security that will require specialized knowledge in the future, and you are well-positioned to serve that need.

Other areas of potential specialization could include SOA security or Web application security, depending on what those Microsoft servers you were managing are actually doing.

For more information:

  • Learn best practices for landing a role in the security management field.
  • In this tip, security practitioners reveal what you should know when pursuing an information security career.


    • Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


    RELATED CONTENT
    Security Management
    Is it against HIPAA regulations to permanently store sensitive information?
    Two-tier distributed systems vs. three-tier distributed systems
    How to prevent software piracy
    How do ISO 17799 and SAS 70 differ?
    Has FFIEC made any VoIP-specific mandates?
    What is the best way to administer exams to students via computer?
    Should computer exams be transmitted as PDF files or Word files?
    Is it against HIPAA regulations to display client names?
    Getting started on a career in penetration testing
    Are there security management products that can track compliance objectives?

    Information Security Jobs
    CISOs adapt as compliance requires strategic thinking
    CISOs Must Innovate to Enable Business
    RSA 2008: Financial industry security challenges
    The road from network administrator to information security professional
    Getting started on a career in penetration testing
    What Web security initiatives can be taken on a college campus?
    Security career retrospection
    Who is responsible for handling security program development in an IT infrastructure?
    Rethinking certifications
    Strategies for landing a security management position

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    CSO  (SearchSecurity.com)
    security clearance  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice

    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




    All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts