Practical start in the IT field
Hi. I am an IT professional having CISA, CISSP certification. i have recently started working in the Information security field, can anybody suggest how to get started here.?One suggestion i received was that i should get my networking concepts very correct as they will be applied regardless of the domains of Information security field.
Software/Hardware used:
Software/Hardware used:
ASKED:
July 10, 2008 8:36 AM
UPDATED:
August 7, 2008 10:58 AM
Answer Wiki:
To be effective in a field you have to speak the language and communicate. Having the certifications is one thing but understanding the application of the information is another. You definitely need some exposure and skills in networking to be a good security expert. Learn the protocols (TCP, UDP, IP). Learn the applications (SMTP, SNMP, CIFS, SMB). This is where you will get some real world information and be able to understand the risks at the most basic level.
********************************************
Since you already have CISA certification, you may know well that information security in not all about networking it is much much beyond that. It talks about the security of any piece of information lying in the organization – be it in a PC, Server, pen-drive, portable disks, in a diary of an executive, in the brains of your manpower, lying with your business partners – vendors and customers, ex-employees…
Getting expert in this field asks for good amount of practice, experience, knowledge and understanding.
All Answer Wiki Contributors:
Rahul Shrivastava 
330 pts. ,
Jaideep Khanduja 8,200 pts. ,
Flame 14,895 pts. ,
Labnuke99 32,645 pts.
330 pts. ,
Jaideep Khanduja 8,200 pts. ,
Flame 14,895 pts. ,
Labnuke99 32,645 pts. To see all answers submitted to the Answer Wiki: View Answer History.
Right – networking concepts have to be very clear, but are you planning to be a network administrator or information security manager. Networking concepts form just one portion of Info. Security. The other portions are Paper, PCs, People, Contractors, Building, Cable, Data Centre, Servers, Users, Access Control, Procedures and Policies, Adherence to Standards…
There are several areas you need to focus on:
*finding your specialty
*knowing what (if any) certs, degrees, and experience to focus on
*personality traits to work on that get the attention of management
*understanding the technical AND business side of security
*understanding the legal side of security
…and
*networking…not TCP/IP, etc….but networking with peers in the industry. It’s all about who knows you.
<shameless plug>
I wrote an audio book on this very subject you can see more about at http://securityonwheels.com/audio.html.
</shameless plug>
Best of luck with everything!
Thanks for the update. Is working in a BPO a good option to get started in the information security field ?
How do you mean BPO in the context of security?
What I understand is you are planning to offer your services in the field of “Information Security”
Thanks Jaideep,
I have reading about networking. I hope this kick starts my career.
Regards.
Welcome Rahul, good luck and do get back for any other assistance, any time.
Hi Kevin,
I recently was approached by a BPO for a jbo opportunity. I was not sure but thought that it could be good learning if I decide to go for it.
BPO is ok but as a network administrator or Security Administrator only. Not in the general support staff.
Hi,
The position was for AM Information Security.