In a bit of a dilemma, currently working at my first real IT job (used to do some part time stuff while at college, not the American college but British college), working quite a bit with general troubleshooting, networking and currently doing some software development as well…getting To the point: my end goal career wise is to be in IT security but I have no idea where to get started.<\/p>\n
Advertisement
Currently I have my A+ certification, hoping to do my Network+ and CCNA later this year, would like to take the Security+ and the OSCP and ultimately the CISSP (any suggestions on what to do will be much appreciated), so I’ve tried to narrow down what certifications to do.<\/p>\n
My real issue with security is where to get started? Most answers tend to be “Get a copy of BackTrack, set up a lab and get started…<\/em>” And this is where most of the problems start, I’m a big believer in that you can’t learn everything from a book so some hands on experience is good, so sat down with the lab all fired up, where do I start? Security involves a knowing a little about a lot but it seems overwhelming with all the different areas… I would like to do some penetration testing but it seems I need to have a good knowledge of web development to carry out/protect from different injection types, deep OS knowledge to exploit weaknesses, good understanding of networking to analyse the traffic and gather information from it and social engineering skills…no Idea where to start… The security forums for some of the big pen-testing distros can tend to be pretty gnarly for us new to security so I hope some fellow Spiceheads can shed some light onto this subject, am I over thinking? What is the best and simplest way to tackle security and get started?<\/p>\n
For the TL;DR lot, what’s the easiest way to get started with security/pen-testing with labs?<\/p>\n
Thank you for all your help<\/p>","upvoteCount":8,"answerCount":6,"datePublished":"2014-01-14T20:14:10.000Z","author":{"@type":"Person","name":"billybob5786","url":"https://community.spiceworks.com/u/billybob5786"},"acceptedAnswer":{"@type":"Answer","text":"
FIrst, I would study for the Security+. That will give you a foundation that can apply to various other aspects.<\/p>\n
Jimmy T. is right, blogs, news feeds, and forums. Just be a little particular about which forums.<\/p>\n
You might also start looking into whether or not there are any groups in your area which can be a good way to network. Groups like ISC2 or ISACA.<\/p>","upvoteCount":3,"datePublished":"2014-01-15T13:39:12.000Z","url":"https://community.spiceworks.com/t/getting-started-in-security/268795/3","author":{"@type":"Person","name":"Bud-G","url":"https://community.spiceworks.com/u/Bud-G"}},"suggestedAnswer":[{"@type":"Answer","text":"
Hello fellow Spiceheads!<\/p>\n
In a bit of a dilemma, currently working at my first real IT job (used to do some part time stuff while at college, not the American college but British college), working quite a bit with general troubleshooting, networking and currently doing some software development as well…getting To the point: my end goal career wise is to be in IT security but I have no idea where to get started.<\/p>\n
Currently I have my A+ certification, hoping to do my Network+ and CCNA later this year, would like to take the Security+ and the OSCP and ultimately the CISSP (any suggestions on what to do will be much appreciated), so I’ve tried to narrow down what certifications to do.<\/p>\n
My real issue with security is where to get started? Most answers tend to be “Get a copy of BackTrack, set up a lab and get started…<\/em>” And this is where most of the problems start, I’m a big believer in that you can’t learn everything from a book so some hands on experience is good, so sat down with the lab all fired up, where do I start? Security involves a knowing a little about a lot but it seems overwhelming with all the different areas… I would like to do some penetration testing but it seems I need to have a good knowledge of web development to carry out/protect from different injection types, deep OS knowledge to exploit weaknesses, good understanding of networking to analyse the traffic and gather information from it and social engineering skills…no Idea where to start… The security forums for some of the big pen-testing distros can tend to be pretty gnarly for us new to security so I hope some fellow Spiceheads can shed some light onto this subject, am I over thinking? What is the best and simplest way to tackle security and get started?<\/p>\n
For the TL;DR lot, what’s the easiest way to get started with security/pen-testing with labs?<\/p>\n
Thank you for all your help<\/p>","upvoteCount":8,"datePublished":"2014-01-14T20:14:10.000Z","url":"https://community.spiceworks.com/t/getting-started-in-security/268795/1","author":{"@type":"Person","name":"billybob5786","url":"https://community.spiceworks.com/u/billybob5786"}},{"@type":"Answer","text":"
While not directly beneficial, start following big Security blogs and news feeds. Such as Krebs on Security and Naked Security.<\/p>","upvoteCount":1,"datePublished":"2014-01-14T20:28:22.000Z","url":"https://community.spiceworks.com/t/getting-started-in-security/268795/2","author":{"@type":"Person","name":"jimmy-t","url":"https://community.spiceworks.com/u/jimmy-t"}},{"@type":"Answer","text":"
