I know this is a mailing list about CISSP studying and preparation but I
want everyone's opinion on how to get into the infosec field. A little
about myself first:

I am currently working in a 2 person IT dept for a small (70 users & 2
sites) manufacturing company. I have a degree in Computer Information
Systems and a couple of certifications to go along with my degree. I
started off as mainly the tech support person for the company but took over
a lot of the systems/network administration duties when a fellow employee
left the company. He setup about 4 Linux servers performing various
services from VPN (FreeS/WAN) to ipchains firewalls. Since he left, I have
taught myself Linux and how to administer those servers and setup a couple
of additional ones myself. I have taken a real interest in the security
side of network administration and decided that I would like to concentrate
a little more on that aspect of the administration while not abandoning my
other duties. I have dabbled with Snort, Nessus, Tcpdump, Windump, and many
other security/network related tools and I absolutely love it. I have to
mainly rely on Open Source tools since we are a small company with a small
IT budget. Since I have turned my interests towards security related
things, I have subscribed to some mailing lists and frequently visit
security related web sites. I have also read an Introduction to Network
Security book and am in the middle of Security Complete by Sybex and Hacking
Exposed-Windows 2000. I basically read any white paper I come across and I
just want to learn and be the best at what I do.

So, I want to know where a lot of you guys started at. Did you start where
I am and eventually catch a break and get an entry-level security related
job and work from there or do you have a security related degree and got a
job out of school? Also, what are some of the resources you guys use
besides the books and study guides you are reading? I would like to obtain
a certification like the CISSP, but I know it takes a lot of hard work and
knowledge to get it so I am setting a goal of about 2-3 years for it. I
don't think certifications are everything but one like the CISSP is very
reputable due to its requirement for experience. I have my A+ and MCSE
certs and wish I knew then, what I know now. I can't stand the fact that
some Tom, Dick, or Jane can pick up a couple of books or visit some
braindump websites and obtain the same thing I did although I busted my rear
for close to a year.

Anyway, any advice from you guys would be much appreciated and I wish you
all the best of luck in your studies.

Damon Brinkley

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.293 / Virus Database: 158 - Release Date: 10/29/2001

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]