General discussion


Security Solutions: Basic training

By discussion ·
In this week's Security Solutions TechMails column, Mike Mullins discusses a basic training plan for a new security administrator. Have you developed a training plan for your security administrators? Does it include training on the operating systemsthat function on your network? What do you think of using certifications for training your rookie security admin?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Security training is well but...

by panshin In reply to Security Solutions: Basic ...

Any security training is well but the human factor of the any company is more important.

For example, i'm working in a some company. If i have a window 98(or other OS)notebook with the nic and modem cards and i have solved to break the security of the company network. I do that.
So peoples are working in the company are more dangerous then external attack.

Collapse -

see a role change of the sec admin

by i.mail In reply to Security Solutions: Basic ...

I travel and visit many IT enviroments, many operational with skelton crews and under budget. As useal security administrators are focusing on daily active and proactive issues. But now the time has come to add the "extended security" hat, meaning that security administrators will also need to ensure that each IT area or specialized groups work more cooperativly to ensure stable security and proactive defenses. Documentation and communication is the key here, implementation is always another issue. :-)

Collapse -

Security Admins vs Account Techs

by thelordskid In reply to Security Solutions: Basic ...

In my organization, the network security function (network and system admins) is managed separately from the information security policy (information security office) and the user accounts management (security operations) functions.

I work for the latter and have become quite bored with my job role. In discussions with my manager, it has become clear that no defined path into the other areas exists, and no internal opportunities for training are available. Although the position requires a bachelor's degree, several non-degreed contractors with little or no previous experience in this line of work have been employed doing the same job for more than a year.

Rumors have it that management is now considering revising our job role from analyst to technician, putting us in a lower pay range (but not altering our pay rates), in effect reducing our potential for future earnings.

To top that off, an identity management solution, scheduled for implementation in 2004, is expected to cutour overall workload in half. Management's response to us thus far has been limited to vague assurances that no layoffs are anticipated.

Can anyone give me some advice as to what my best course of action may be? I am earning over $25 an hour at the job and am reluctant to work for less without some assurance of future reward. However, I cannot help but think that I am wasting my time and talents in a dead-end job.


Collapse -

security admin: basic training

by smithda In reply to Security Solutions: Basic ...

The concept is an excellent one, however - security admin should be directed to cover security concerns, such as logs (how to read them), identifying modifications to applications, providing non-repudiation and authentication, information on how to verify the status/condition of your computer enclave. Security is more than good passwords, it is the basis for integrity of the data and that of your users. Locks only keep honest individuals out, therefore one must know what exist to insure you still have what you started with. ds

Collapse -

Security Solutions: Advanced training

by discussion In reply to Security Solutions: Basic ...

Continuing the security admin training, this week, Mike Mullins discusses an advanced training plan. Have you incorporated the Defense in Depth training approach for your security admins? Does it include training on routing and switching? Does your security admin develop policy for your network?

Collapse -

A few points...

by ___._ In reply to Security Solutions: Advan ...

Would it not take months to do all this training, mean time your network is being left unsecure as the admin is busy learning. As You say, they can't be let loose until the understand everything!


As new security tools or devices are added to your network, be sure to train your admin on their function and purpose.

Surely the Admin would have some input / decision making into what "new security tools" you were adding to the network in the first place?

Collapse -

Training New Security Admins

by Mike Mullins In reply to A few points...

This was a two part series on training new admins, of course you can't leave your job for a couple of months and do this training, but you could do it in the evening or over a couple of months.

As for new tools and devices training. Many times weeither:
1. Download a demo
2. See something at a trade show
3. Read about and make a decision based on need and reputation of the vendor
4. Pick the "best of breed."

However, that doesn't mean that we're fully trained and experts on that system or device. That's what we're really shooting for. An expert(s) on the security architecture of MY company.

Mike Mullins

Collapse -

Policy training

by dhardesty In reply to Security Solutions: Basic ...

Finally someone broaches the subject of the total security policy. I have read so many articles by so called Security Admins. They tend to beat to death the need to be able to create the invulnerable firewall, be aware of every virus as soon as itis released, and counter or patch every buffer oriented hole in every OS out there. Yes these are extremely important goals but just as important is the complete security philosophy. A large part of the CISSP concerns standard security practices...such as the physical location and access to you network. I can't count the number of times I watched a company spend several thousand dollars on hardware and software to implement security protection on a server room with no lock or half of the company including janitorial staff have access to!

Related Discussions

Related Forums