TechRepublic|Forums|Malware

Malware

Question

  • Creator
    Topic
  • August 6, 2008 at 10:44 am #2153931

    Building towards my career

    Locked

    by marc.watters · about 14 years, 5 months ago

    I am interested in writing security software from both a defensive and offensive posture (i.e, firewall, antivirus, pen-testing tools, expoits, etc…). I am currently a student obtaining an Assoc. in Computer Networking Systems. I graduate in December and am wondering, what is the best step for me to take next? I am looking to get a bachelors in Information Assurance and then a masters in software engineering. What can I be doing now to help me prepare? I haven’t the slightest clue as to where I should start. What programming language should I learn? What specific areas should I be focusing on?

    Topic is locked This conversation is currently closed to new comments.
  • Creator
    Topic

All Answers

  • Author
    Replies
    • August 6, 2008 at 10:44 am #2932429

      Clarifications

      by marc.watters · about 14 years, 5 months ago

      In reply to Building towards my career

      Clarifications

    • August 6, 2008 at 11:17 am #2932408

      Think like the enemy.

      by the altruist · about 14 years, 5 months ago

      In reply to Building towards my career

      (Not sure why, but when I posted, it redirected to a post over 8 years old. huh?)

      As a former-aspiring-network-engineer, I’ve seen a few goodies that hackers of any hat color enjoy. Be familiar with these tools.
      Some good ones to start with are:

      nmap – network mapper and port discovery tool
      (start out with one with a GUI like Zenmap or nmapFE or you’ll be lost in the beginning).
      http://insecure.org

      WireShark – packet sniffer
      (Did you know that many IMs pass data in unencrypted HTML?)
      http://www.wireshark.org/

      Kismet – wireless packet sniffer/network analyzer
      http://www.kismetwireless.net/

      The list goes on, but this should be handy:
      http://nmap.org/images/wash-post-nsa.jpg (You might have to squint.)

      Another good reference:
      http://en.wikipedia.org/wiki/Penetration_test

      And finally, if you really want to get into it, check out the Black Hat conferences, and try lurking in some of the freakier IRC rooms (No, I don’t know them. I’m just a guy who put his Cisco certs on hold to keep a steady job.)

      Back to reality and white collar jobs:
      I encourage taking the CCNA, CISSP courses as the principles presented, while flavored for Cisco, are applicable in any environment.
      Security + from CompTIA is also a must.
      As far as programming, do as you like, but as an aside, NOD32 (renowned as one of the badassest AntiViruses out there) is written in pure Assembler. I recommend healthy doses of C and C++ (especially in the GNU arena) as they’re generally considered tighter and faster than most other languages (because most other languages either started out their lives as scripting languages for interpreters or take cross-compatibility to extents that speed and size-constraints are sacrificed).

      • August 7, 2008 at 6:40 am #2932463

        A good start….

        by marc.watters · about 14 years, 5 months ago

        In reply to Think like the enemy.

        Thanks for the input, it is well received and well considered. I am familiar with those tools, and thats the point, I want to be capable of creating, or negating, software with those capabilities. I’ve been told several times C or C++ is the way to go, so I’ll start there. I have the CCNA, so time to hit the books again and go after CISSP and Security+. Thanks again!

    • August 6, 2008 at 11:19 am #2932407

      When in the greater scheme of things …

      by older mycroft · about 14 years, 5 months ago

      In reply to Building towards my career

      Were you planning on starting work?

      Or can you not see that far ahead? 😉

      • August 7, 2008 at 6:27 am #2932470

        When in the greater now…

        by marc.watters · about 14 years, 5 months ago

        In reply to When in the greater scheme of things …

        Actually, I hold a full time job as a Desktop Engineer for a performance management consulting company (they’re UK based, so you might be familiar with them, PA Consulting). But while I enjoy what I do, its not where I want to be for the rest of my IT career. I’ve considered the consulting route, but that requires too much travel and too much interaction with people (I’m not a salesman by any means). I prefer to work undisturbed creating, not fixing broken systems that shouldn’t have been broke to begin with.

    • August 17, 2008 at 12:10 pm #2928352

      C or Java would be the best languages

      by jorenchak · about 14 years, 5 months ago

      In reply to Building towards my career

      Although currently most security tools are indeed written in C, there’s no certainty that this will continue to be the case in the future. Although it’s hard to predict the future, I foresee a growing number of security software programs being written in Java, if only for the reason that many large web applications today are written in Java and there is a need to increase the security of these web applications. I forsee a growing need for the types of security programs that you’ll find at http://www.owasp.org. Being proficient in either C or Java would be a good start.

  • Author
    Replies
Viewing 3 reply threads