General discussion


Any suggestions on starting in the security field?

By qb4006 ·
Any suggestions for a Network admin experienced with setting up LANs with servers and workstations that wants to
move to IT security, configuring firewalls etc. What would a good 1st step be to learn how to setup firewalls such as Cisco PIX etc.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

New to security

by Mike Mullins In reply to Any suggestions on starti ...

If you have a background in admin work, I would suggest an initial course of study that would allow you to:

Develop and design Access Control Lists (ACL).
Analyze the trade-offs between performance and security.
Learn how to translate policy requirements into a technical security solution/plan.
Design firewalls using router packet filtering and stateful inspection devices.
Use protocol analyzer, port scanners to identify hacker attacks.
Study system logs and audit files for security events.
Use certificates and public-key cryptography to encrypt information.
Repair holes reported by vulnerability detection techniques.

This course of study runs through a collection of available courses, but with a few exceptions it has one central theme.

Translate policy into security! All the knowledge in the world won't make you valuable unless you can take a business requirement and build a security policy that meets the needs of your employer.

Certification paths I recommend are:
T.I.C.S.A. Certified Security Associate

Don't get hung up on credentials, but look at the areas they focus on. You have a foundation at the client side, now change directions and start thinking about security from a network layer perspective. Beyond mass-mail worms and destructive viruses, the rest of security centers around TCP/IP. By understanding how to control the network, you understand where security begins.

My thoughts - good luck,

Mike Mullins
Security Solutions

Collapse -


by qb4006 In reply to New to security

Thanks for the advice.

Collapse -

Cisco courses

by mlayton In reply to Any suggestions on starti ...

...are always good. You can also look into when the next SANS conference is coming to your area. Depending on what platform you are experienced in, you can look at Windows/Unix security, or even the GSEC certification to give you an overall base in security. You also may want to explore the more in-depth hands-on courses they offer, such as VPNs & Firewalls. Even if you don't go for the certification, the courses are a good way to immerse yourself in vendor-neutral (realtively speaking) informational sessions.

Related Discussions

Related Forums