Ask HN: How to get started in Computer Security?

2 points by krmboya ↗ HN
I've been in software development for a while now. News on HBGary, Anonymous, Wikileaks etc shows there's a lot going on in the Computer Security field. For those already in the field, are there some good online resources or books that you would recommend for one getting started, or particular skillsets one should have?

3 comments

[ 2.8 ms ] story [ 16.5 ms ] thread
I generally look for people that have a background in either systems administration or coding. Depending on what area of security interests you (there's a lot of difference between malware analysis and, say, compliance pen testing), different specialties may come in handy. For web application testers, it makes sense to have some experience with web programming.

Although this certainly doesn't ring true everywhere, at my company we use Linux and BSD almost exclusively for our tools. Although I would never reject a candidate based on their distro of choice, being intimately familiar with linux and command line tools is a must. You'd be surprised how many people are confused by even simple tasks in other operating systems.

The most important thing you can do, however, is show that you're passionate about the subject. Do security related projects, stay current on news in the field, publish your work if you can. Attend conferences like DEFCON if you can, and if not at least try to catch videos of some of the talks.

The field is growing and loves to find new, bright, interested talent. It's hard to separate people with a real, keen interest in security and a background to support it from the kids that try to bullshit their way through, though. Be honest about your skillset, your interest level and your background, and it will all fall into place.

Thanks guys, guess i better get to work