Malware

Question

Gravatar
Locked

Building towards my career

By marc.watters ·
I am interested in writing security software from both a defensive and offensive posture (i.e, firewall, antivirus, pen-testing tools, expoits, etc...). I am currently a student obtaining an Assoc. in Computer Networking Systems. I graduate in December and am wondering, what is the best step for me to take next? I am looking to get a bachelors in Information Assurance and then a masters in software engineering. What can I be doing now to help me prepare? I haven't the slightest clue as to where I should start. What programming language should I learn? What specific areas should I be focusing on?

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
+ Follow this Discussion ·
| Thread display: Collapse - | Expand +

All Answers

gravatar
Collapse -

Think like the enemy.

by The Altruist In reply to Building towards my caree ...

(Not sure why, but when I posted, it redirected to a post over 8 years old. huh?)

As a former-aspiring-network-engineer, I've seen a few goodies that hackers of any hat color enjoy. Be familiar with these tools.
Some good ones to start with are:

nmap - network mapper and port discovery tool
(start out with one with a GUI like Zenmap or nmapFE or you'll be lost in the beginning).
http://insecure.org

WireShark - packet sniffer
(Did you know that many IMs pass data in unencrypted HTML?)
http://www.wireshark.org/

Kismet - wireless packet sniffer/network analyzer
http://www.kismetwireless.net/

The list goes on, but this should be handy:
http://nmap.org/images/wash-post-nsa.jpg (You might have to squint.)

Another good reference:
http://en.wikipedia.org/wiki/Penetration_test

And finally, if you really want to get into it, check out the Black Hat conferences, and try lurking in some of the freakier IRC rooms (No, I don't know them. I'm just a guy who put his Cisco certs on hold to keep a steady job.)

Back to reality and white collar jobs:
I encourage taking the CCNA, CISSP courses as the principles presented, while flavored for Cisco, are applicable in any environment.
Security + from CompTIA is also a must.
As far as programming, do as you like, but as an aside, NOD32 (renowned as one of the badassest AntiViruses out there) is written in pure Assembler. I recommend healthy doses of C and C++ (especially in the GNU arena) as they're generally considered tighter and faster than most other languages (because most other languages either started out their lives as scripting languages for interpreters or take cross-compatibility to extents that speed and size-constraints are sacrificed).

gravatar
Collapse -

A good start....

by marc.watters In reply to Think like the enemy.

Thanks for the input, it is well received and well considered. I am familiar with those tools, and thats the point, I want to be capable of creating, or negating, software with those capabilities. I've been told several times C or C++ is the way to go, so I'll start there. I have the CCNA, so time to hit the books again and go after CISSP and Security+. Thanks again!

gravatar
Collapse -

When in the greater scheme of things ...

by OldER Mycroft In reply to Building towards my caree ...

Were you planning on starting work?

Or can you not see that far ahead?

gravatar
Collapse -

When in the greater now...

by marc.watters In reply to When in the greater schem ...

Actually, I hold a full time job as a Desktop Engineer for a performance management consulting company (they're UK based, so you might be familiar with them, PA Consulting). But while I enjoy what I do, its not where I want to be for the rest of my IT career. I've considered the consulting route, but that requires too much travel and too much interaction with people (I'm not a salesman by any means). I prefer to work undisturbed creating, not fixing broken systems that shouldn't have been broke to begin with.

gravatar
Collapse -

C or Java would be the best languages

by JOrenchak In reply to Building towards my caree ...

Although currently most security tools are indeed written in C, there's no certainty that this will continue to be the case in the future. Although it's hard to predict the future, I foresee a growing number of security software programs being written in Java, if only for the reason that many large web applications today are written in Java and there is a need to increase the security of these web applications. I forsee a growing need for the types of security programs that you'll find at http://www.owasp.org. Being proficient in either C or Java would be a good start.

Back to Malware Forum
5 total posts (Page 1 of 1)  

Start or search

Related Forums