Dr. Erdal Ozkaya
Search
  • Home
  • About Me
  • Home
  • About Me
  • Home
  • Cybersecurity, How to ...?
  • So You Want to Be a Security Expert

So You Want to Be a Security Expert

Erdal2021-09-30T18:23:26-04:00

So You Want to Be a Security Expert Repost from Bruce Schneier Blog

I regularly receive e-mail from people who want advice on how to learn more about computer security, either as a course of study in college or as an IT person considering it as a career choice.

First,

know that there are many subspecialties in computer security. You can be an expert in keeping systems from being hacked, or in creating unhackable software. You can be an expert in finding security problems in software, or in networks. You can be an expert in viruses, or policies, or cryptography. There are many, many opportunities for many different skill sets. You don’t have to be a coder to be a security expert.

In general, though, I have three pieces of advice to anyone who wants to learn computer security.

  • Study. Studying can take many forms. It can be classwork, either at universities or at training conferences like EC Council and OffensiveSecurity. (These are good self-starter resources.) It can be reading; there are a lot of excellent books out there — and blogs — that teach different aspects of computer security out there. Don’t limit yourself to computer science, either. You can learn a lot by studying other areas of security, and soft sciences like economics, psychology, and sociology.
  • Do. Computer security is fundamentally a practitioner’s art, and that requires practice. This means using what you’ve learned to configure security systems, design new security systems, and — yes — break existing security systems. This is why many courses have strong hands-on components; you won’t learn much without it.
  • Show. It doesn’t matter what you know or what you can do if you can’t demonstrate it to someone who might want to hire you. This doesn’t just mean sounding good in an interview. It means sounding good on mailing lists and in blog comments. You can show your expertise by making podcasts and writing your own blog. You can teach seminars at your local user group meetings. You can write papers for conferences, or books.

I am a fan of security certifications, which can often demonstrate all of these things to a potential employer quickly and easily.

I’ve really said nothing here that isn’t also true for a gazillion other areas of study, but security also requires a particular mindset — one I consider this essential for success in this field. I’m not sure it can be taught, but it certainly can be encouraged. “This kind of thinking is not natural for most people. It’s not natural for engineers. Good engineering involves thinking about how things can be made to work; the security mindset involves thinking about how things can be made to fail. It involves thinking like an attacker, an adversary or a criminal.

You don’t have to exploit the vulnerabilities you find, but if you don’t see the world that way, you’ll never notice most security problems.” This is especially true if you want to design security systems and not just implement them. Remember Schneier’s Law: “Any person can invent a security system so clever that she or he can’t think of how to break it.” The only way your designs are going to be trusted is if you’ve made a name for yourself breaking other people’s designs.

One final word about cryptography. Modern cryptography is particularly hard to learn. In addition to everything above, it requires graduate-level knowledge in mathematics. And, as in computer security in general, your prowess is demonstrated by what you can break. The field has progressed a lot since I wrote this guide and self-study cryptanalysis course a dozen years ago, but they’re not bad places to start.

This essay originally appeared on “Krebs on Security,” the second in a series of answers to the question. This is the first. There will be more.

Top 6 Cybersecurity Books
Security Expert : Top 6 Cybersecurity Books

Comment (1)

  • Dysleksja Reply

    You cannot escape the responsibility of tomorrow by evading it today. -Abraham Lincoln

    29/07/2021 at 17:00

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *


Related Posts

CIO 50 Middle East Award Erdal ozkaya

CIO 50 Middle East Award

Technology Leader Award by CIO Online and IDC I am really honored to be selected in the TOP 50 Technology Leaders... read more
Charles Sturt University

Cybersecurity Symposium 2018 -Free to join

Cybersecurity Symposium 2018 -Free to join I am proud to announce that I will be speaking at Charles Sturt University 's... read more
EC-Council Global Instructor of the Year Award Erdal Ozkaya

CEH review (312-50)

CEH review As Instructor (CEI , check here) of the year for EC Council classes, many of my students are asking how... read more
Tycoon Success Erdal

Cybersecurity Threat Landscape – Current state as of 2022

Cybersecurity Threat Landscape I have some great news to share again, Tycoon Success Magazine has awarded me as Business Leaders to... read more
Network Security Administrator Erdal

Network Security Administrator (ENSA) Free Certification Week 4

Network Security Administrator (ENSA) Free Certification Week Lecture 4: Hardening Operating Systems Hardening Modems Hardening Networks Patch Management Log Analysis Network Vulnerability Assessment DEMO: How to secure your... read more
Security Exploit

New Windows 10 Security Exploit Can Read All Your Files – What You Need To Know

New Windows 10 Security Exploit A security researcher with a history of releasing zero-day exploits for the Windows operating system has... read more
GEC Security Symposium and CISO Awards Erdal

Cybersecurity Professional of the Year Award

Cybersecurity Professional of the Year One more proud moment in my career, today I was awarded as the Cyber Sentinel,... read more

34 Best Network Security Books of All Time –

34 Best Network Security Books of All Time Book Authority Award Based on Book Authority our “Cybersecurity Attack and Defense Strategies” Book... read more
Best Speaker at Microsoft Digital Evolution Forum

Best Speaker at Microsoft Digital Evolution Forum 17

Best Speaker at Microsoft Digital Evolution Forum Thank you very much for the wonderful feedback Ukraine. The two session that I have... read more
Network Security Administrator Erdal

Network Security Administrator (ENSA) Free Certification Week 1

Network Security Administrator Lecture 1: - Welcome to Cyber Security Administration Why Security? Fundamentals of Computer Network Network Security DEMO: How hackers sneak into... read more

Categories

  • About Dr Erdal Ozkaya (298)
    • Awards (96)
    • Erdal in the news (118)
    • Feedback (90)
    • My Books (54)
    • Who is Dr Erdal Ozkaya ? (2)
  • Announcemets (302)
  • Artificial Intelligence AI (10)
  • Certification (52)
  • Cloud Computing (72)
  • Cybersecurity (322)
  • Cybersecurity Leadership (52)
  • Financial Sector (31)
  • Forensics (17)
  • Free Events (156)
  • General (133)
  • How to …? (63)
  • ISO 2700x (12)
  • News (38)
  • Reviews (77)
    • Book Reviews (33)
    • Free E-Books (13)
    • Hardware Review (9)
    • Security Review / Reports (10)
    • Software Review (8)
  • Video Tutorials (101)
  • What is new? (27)
  • Windows (30)

Recent Comments

  • Erdal on Free EDR Certification Training
  • SANDEEP SHRIVASTAV on Free EDR Certification Training
  • Alicia Harlow on Core isolation Memory Integrity not available – (Get it fixed)
  • Alicia Harlow on Core isolation Memory Integrity not available – (Get it fixed)
  • Erdal on Siber Güvenlik Saldiri ve Savunma Stratejileri – NEW B00K

Archives

Dr. Erdal Ozkaya © Copyright 2023. All Rights Reserved.