Home > IT Answers > Storage > Selecting an area within security to start
secmax
0 pts.
 Selecting an area within security to start
Disaster Recovery, Networking, Network security, Firewalls, Intrusion management, Incident response, Forensics, Wireless, Security, Identity & Access Management, Digital certificates, Biometrics, Career development, Security Program Management, Compliance, Risk management, Policies, Current threats, Viruses, worms, Hacking, Spyware, Trojans, Application security, Encryption, Database, Secure Coding, Platform Security, vulnerability management, patching, configuration, PEN testing, VPN, Certifications, Web security, Access control, Browsers, SSL/TLS, CRM, CISSP, MCSE, Exchange, CCNA, CCSA
Hi,
I'm studying for an MSc in Information Security from Royal Holloway University of London, I have a B.Engg. degree in computers and a PG Diploma in Networking and Communication as well as the CCSA and CCNA. I'm also studying for the CISSP.

Now, with all these qualifications, could you please tell me which would be the best position for me to apply for in order to get a start, and if I try that position what would my options be when I gain some experience.


Thank you!!
ASKED: Jun 24, 2007  4:06 PM GMT
UPDATED: June 25, 2008  5:23:10 PM GMT
RELATED QUESTIONS
bobkberg
1,010 pts.
Answer Wiki:
In a very real sense, it doesn't matter as much what position or area you start with as what you do with it.

Unless you have the misfortune to get employed by an egotistic micromanager, you'll always have some latitude in how you perform your duties. Here are some suggestions:

- Learn what security-related tasks, functions, areas exist within any organization. If your school has an "intern" or employer program, then ask to speak with representatives of those organizations. Interview THEM to learn how different organizations approach things.

- When you do get a first position, learn how your responsibilities relate to others. If appropriate, meet those people.

- As you learn the job, start looking for inconsistencies. Ask questions of "clarification". Do it that way so as not to step on sensitive toes. For example: "I don't understand why our user's passwords are kept on the bathroom tissue in the loo." I've used a ridiculous example, but the key is to to be seen as learning, not challenging. This is important when you are first starting out - because some people feel threatened by newcomers, because you will learn some things you would never have guessed at, and because (most importantly in my book) once you set yourself to the habit of ALWAYS learning about things in your environment, you will be better prepared to deal with new things.

I'm short on time now, but I hop this points you in the right direction.

Bob
Last Wiki Answer Submitted:  Jun 27, 2007  1:05 PM (GMT)  by  bobkberg   1,010 pts.
To see other answers submitted to the Answer Wiki View Answer History.
RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _



 

A good focus to get started with would be the area of Logical Controls. This area of security is common to almost all compliance and security functions in medium to large sized organizations.

What does “Logical Controls” mean? Start with considering how a new employee is given access to the company’s network and various applications. Is there a written Policy from management mandating that access will be given and approved a certain way? (If not, there needs to be one.)

Who is responsible for adding that user into the systems? Giving them a username and password? Who confirms what access that user should have? Who approves giving that new person access?

Now ask the same questions for changing a user’s access when they move to a new position. Are the old access rights removed, or are new access rights just added on? (That’s called “access creep”)

Finally, how are users removed from the systems when they leave the company? Who notifies whom that the user should be removed? Is it done quickly? What about applications?

Remember, if it’s not written down, it’s not a control.

Eigenstein
 75 pts.