Bash

Breaking into security – Robin Wood

Computing, Guest Lectures, University, , , , , , , , , Leave a comment

Guest lectures at University are always interesting, they are a fantastic opportunity to get a different insight into a subject. As well as this guest lectures sometimes provide a great platform to meet likeminded students and lecturers who are generally just as interested in the subject area as you are.

Earlier this week, I attended a guest lecture about breaking into security, given by Robin Wood, a well known pen-tester. Here are my notes from the lecture.

It is important to have to good understanding of programming languages if you want to become a pen tester, having the ability to write a short script automating repetitive tasks is time saving and can mean you can focus on other aspects of the job! The most useful languages to learn include;

  • Python
  • Bash
  • Ruby
  • PHP
  • Powershell – Growing in popularity very quickly.

If you are new to the world of computing and want a place to learn how to program, I personally recommend Code Academy.

There is a lot of help available for rockies out there, people who have been in the industry are happy to help, but as a beginner you have to put a lot of effort in yourself also! The internet is full of useful resources for people to make use off, check out online mentors, podcasts, etc.

@infosecmentors – Provide rockies with mentors and are a good place to go if you are looking for somebody to help ‘coach’ you through some of the tedious bits of the learning process.

Exotic Liability – A series of podcasts available to download – useful!

Securitytube.net – A website with some great tutorials on all kinds of things from wi-fi security to iOS security.

Networking is very important, sign up to mailing lists, write (and update) your blog fairly regularly, get involved with open source projects and go to conferences – but don’t go to conferences just for the talks, go also for the networking aspects! Conferences are a fantastic place to meet the right kind of people, who could help you out in future searches for a job.

securityfocus.com – A good mailing list to sign up to!

Twitter – Also a powerful resource

Be able to network well, will help mean that you become known and this will almost certainly help with getting the right career. Remember being a good programmer/hacker is one thing, but you also need to have good/excellent soft skills such a communication and report writing.

Having good communications skills will help to communicate problems/solutions more effectively with management – Remember business CEO’s will sometimes have little concern/time for the ICT infrastructure in their company, so what you might think is an important issue for them to deal with might not necessarily be so in your managers eyes.

Good certifications to have if you want to get into security in ICT.

  • Sans/Giac – Very expensive, but great of you can afford it. Try getting your work to pay for this if you can
  • CISSP – Useful for getting past HR
  • CHECK registered – Required for getting government/military work.

 

I hope you find this helpful – Remember these are just some basic notes that I made during the lecture.

If you want to learn more it’s probably best to get in touch with Robin himself @digininja

Check out Robin’s website here.