Question for information security professionals

I have been a software developer (mainly C++, Java, Perl and Oracle) for the
last eight years now and I am interested in taking my career down a
different but related technical path. Anyway to get straight to the point:
could anyone please tell me what discipline Information Security falls
under. I know very little about it at this point but would like to learn
more. Is it something that a developer like myself could transition into or
is it more of a network engineer or systems administration field? Or is it
perhaps a little of each?

Could anyone post some links or refer some books that could get me started?

I was looking at the CISSP program hoping that it would be a good start, and
also hoping that certification would aid me in making the career switch, but
it seems that this program is designed for someone that already has 3-4
years of professional information security experience under their belt. Are
there any other information security certification programs that a beginner
like myself could use as a guide to get started?

MT

Security+ cert is the first step. Security typically covers malicious code,
attacks like DoS, remote access, e-mail, web server security, directory and
file transfers, IM, wireless security, network topology security, intrusion
detection, encryption, physical security, computer forensics, and social
engineering. As you can see, lots of operating system and software security.

--

************************************************

g-w


"MT" <> wrote in message
news:8u%Pb.45276$...
> I have been a software developer (mainly C++, Java, Perl and Oracle) for
the
> last eight years now and I am interested in taking my career down a
> different but related technical path. Anyway to get straight to the point:
> could anyone please tell me what discipline Information Security falls
> under. I know very little about it at this point but would like to learn
> more. Is it something that a developer like myself could transition into
or
> is it more of a network engineer or systems administration field? Or is it
> perhaps a little of each?
>
> Could anyone post some links or refer some books that could get me
started?
>
> I was looking at the CISSP program hoping that it would be a good start,
and
> also hoping that certification would aid me in making the career switch,
but
> it seems that this program is designed for someone that already has 3-4
> years of professional information security experience under their belt.
Are
> there any other information security certification programs that a
beginner
> like myself could use as a guide to get started?
>
>
>

"MT" <> seems to think in
news:8u%Pb.45276$:

> I have been a software developer (mainly C++, Java, Perl and Oracle)
> for the last eight years now and I am interested in taking my career
> down a different but related technical path. Anyway to get straight to
> the point: could anyone please tell me what discipline Information
> Security falls under. I know very little about it at this point but
> would like to learn more. Is it something that a developer like myself
> could transition into or is it more of a network engineer or systems
> administration field? Or is it perhaps a little of each?
>
> Could anyone post some links or refer some books that could get me
> started?
>
> I was looking at the CISSP program hoping that it would be a good
> start, and also hoping that certification would aid me in making the
> career switch, but it seems that this program is designed for someone
> that already has 3-4 years of professional information security
> experience under their belt. Are there any other information security
> certification programs that a beginner like myself could use as a
> guide to get started?
>
>
>

You have more specific knowlege about programming and operating systems
than perhaps the average IT admin, but there is much to know about
networking and its security issues that you probably have no background in.

Have you looked into any of the myriad books on the subject?

These can give you a survey of the field.

I like Hacking Exposed by McClure et. al.

Look for a later edition. Information gets out of date quickly in this
field.

Also, you should know about SANS (www.sans.org) which will provide you with
an educational base, and a many sources of current info and practice.

It is a vast field. Start reading.

-- ipgrunt

Thank you, I think that the Security+ may be what I was originally searching
for when I located the CISSP program. I will lookinto it.

thank you!

"kulm_nd" <g-> wrote in message
newsb0Qb.33254$P% gy.com...
> Security+ cert is the first step. Security typically covers malicious
code,
> attacks like DoS, remote access, e-mail, web server security, directory
and
> file transfers, IM, wireless security, network topology security,
intrusion
> detection, encryption, physical security, computer forensics, and social
> engineering. As you can see, lots of operating system and software
security.
>
> --
>
> ************************************************
>
> g-w
>
>
> "MT" <> wrote in message
> news:8u%Pb.45276$...
> > I have been a software developer (mainly C++, Java, Perl and Oracle) for
> the
> > last eight years now and I am interested in taking my career down a
> > different but related technical path. Anyway to get straight to the
point:
> > could anyone please tell me what discipline Information Security falls
> > under. I know very little about it at this point but would like to learn
> > more. Is it something that a developer like myself could transition into
> or
> > is it more of a network engineer or systems administration field? Or is
it
> > perhaps a little of each?
> >
> > Could anyone post some links or refer some books that could get me
> started?
> >
> > I was looking at the CISSP program hoping that it would be a good start,
> and
> > also hoping that certification would aid me in making the career switch,
> but
> > it seems that this program is designed for someone that already has 3-4
> > years of professional information security experience under their belt.
> Are
> > there any other information security certification programs that a
> beginner
> > like myself could use as a guide to get started?
> >
> >
> >
>
>

Thanks ipgrunt,

I ordered a copy of Hacking Exposed and the Hacker Challenge today to get
some background info.
I will check out the link that you suggested as well.

thanks again!

"Grunt" <> wrote in message
news:Xns947986FA84C2Dgruntnowherecn@130.133.1.4...
> "MT" <> seems to think in
> news:8u%Pb.45276$:
>
> > I have been a software developer (mainly C++, Java, Perl and Oracle)
> > for the last eight years now and I am interested in taking my career
> > down a different but related technical path. Anyway to get straight to
> > the point: could anyone please tell me what discipline Information
> > Security falls under. I know very little about it at this point but
> > would like to learn more. Is it something that a developer like myself
> > could transition into or is it more of a network engineer or systems
> > administration field? Or is it perhaps a little of each?
> >
> > Could anyone post some links or refer some books that could get me
> > started?
> >
> > I was looking at the CISSP program hoping that it would be a good
> > start, and also hoping that certification would aid me in making the
> > career switch, but it seems that this program is designed for someone
> > that already has 3-4 years of professional information security
> > experience under their belt. Are there any other information security
> > certification programs that a beginner like myself could use as a
> > guide to get started?
> >
> >
> >
>
> You have more specific knowlege about programming and operating systems
> than perhaps the average IT admin, but there is much to know about
> networking and its security issues that you probably have no background
in.
>
> Have you looked into any of the myriad books on the subject?
>
> These can give you a survey of the field.
>
> I like Hacking Exposed by McClure et. al.
>
> Look for a later edition. Information gets out of date quickly in this
> field.
>
> Also, you should know about SANS (www.sans.org) which will provide you
with
> an educational base, and a many sources of current info and practice.
>
> It is a vast field. Start reading.
>
> -- ipgrunt