Any IT Security professionals out there?

[SecPro]

Originally posted by: Zugzwang152
Security is one of the hottest fields in IT at the moment, with only growth predicted in the future... Surely there's others out there who practice security if not have it in their job title... So, I'm calling you all out. Let's make this forum something before it disappears into nothingness!

I guess you could call me an IT Security professional or maybe just a security professional. 20 years in the .mil, 7 of the last 10 as a Sysadm, network admin, ISSO. Last three not working full time in IT but I went to college and got a BS in MIS and an MS in Operations Management. Hired out of the .mil in 2004 by a major defense contractor as the Manager-IT Security, promoted to Sr. Manager last August and promoted to Director-Security last week when my boss suddenly resigned. I'm now in charge of all the Security for the entire division. I am a CISSP.

 

[Zugzwang152]

Originally posted by: SecPro

Originally posted by: Zugzwang152
Security is one of the hottest fields in IT at the moment, with only growth predicted in the future... Surely there's others out there who practice security if not have it in their job title... So, I'm calling you all out. Let's make this forum something before it disappears into nothingness!

I guess you could call me an IT Security professional or maybe just a security professional. 20 years in the .mil, 7 of the last 10 as a Sysadm, network admin, ISSO. Last three not working full time in IT but I went to college and got a BS in MIS and an MS in Operations Management. Hired out of the .mil in 2004 by a major defense contractor as the Manager-IT Security, promoted to Sr. Manager last August and promoted to Director-Security last week when my boss suddenly resigned. I'm now in charge of all the Security for the entire division. I am a CISSP.

Very impressive! Kudos for coming out of the clockwork to join us!

I would love to pick your brain as far as how you're tackling some of the major problems I have on my plate.

If you're able to devulge, how big is your security staff vs. IT department size vs. company size?

 

[SecPro]

Originally posted by: Zugzwang152

Originally posted by: SecPro

Originally posted by: Zugzwang152
Security is one of the hottest fields in IT at the moment, with only growth predicted in the future... Surely there's others out there who practice security if not have it in their job title... So, I'm calling you all out. Let's make this forum something before it disappears into nothingness!

I guess you could call me an IT Security professional or maybe just a security professional. 20 years in the .mil, 7 of the last 10 as a Sysadm, network admin, ISSO. Last three not working full time in IT but I went to college and got a BS in MIS and an MS in Operations Management. Hired out of the .mil in 2004 by a major defense contractor as the Manager-IT Security, promoted to Sr. Manager last August and promoted to Director-Security last week when my boss suddenly resigned. I'm now in charge of all the Security for the entire division. I am a CISSP.

Very impressive! Kudos for coming out of the clockwork to join us!

I would love to pick your brain as far as how you're tackling some of the major problems I have on my plate.

If you're able to devulge, how big is your security staff vs. IT department size vs. company size?

I'll try to walk you through it. It's a bit convoluted.

We are are a 2 billion dollar division of a 24 bn dollar corp. Our div. is about 2300 people, 8 sites, seven states.

There are three distinct groups pertinent to this discussion. Company IT, Company Security, and Outsourced IT.

Company IT consists mainly of IT Management (Desktop, Infrastructure, Run $ Maintain, Projects) with a couple of Oracle Admins thrown in.

Company IT consists of both physical and IT security. 2 IT Security people, 12 physical security people, 70 person contract guard force all report to me, Director-Security, and I report to the VP-HR. The IT security people do not report to IT, they report to me.

Outsourced IT does all the desktop, mainframe, mid range, server, networking, etc support.

 

[Oakenfold]

Originally posted by: Reel
Our company had various groups distinct from the Tax and Audit practices under the heading of Advisory. Occasionally, we would work with the external audit folks in some capacity. One of my projects was hand in hand with their technical controls people (first one I listed). Occasionally, they would simply email questions and I would provide technical details.

Typically though, much of our work was a result of the internal audit group or healthcare group bringing us in to perform the work for them. Personally, my projects were rarely direct consulting projects however I know they did exist and some of my coworkers did them. Our sellers typically found it easier to come in by getting it paid under the internal audit budget which sadly tends to have more money than IT/security.

I actually don't have that many miles and that was a motivating factor in moving on. I have a sensitive body and travel wreaked havoc on my body. I'd spend the first night unable to sleep in the strange bed and I'd spend the week sick to my stomach from eating out all the time. If I hadn't left, I would be working on a CISP project for a major cable company which would have been travel nearly 3 months straight (minus weekends of course).

I have to say that I'm glad I work under the IA umbrella of audit, those externals are working 24/7, living in hotels and eating out all the time like you've stated. Our CAE always points out to us how lucky we are, sometimes I think I'd like to visit different cities every week but I have to pinch myself. :shocked:

I can't even begin to imagine your fate as a security guru working with the big 4, I've met some guys that co-source partner (security firms) that provides services that you have performed and let me tell ya those guys are practically all over the world.

Originally posted by: SecPro

Originally posted by: Zugzwang152
Security is one of the hottest fields in IT at the moment, with only growth predicted in the future... Surely there's others out there who practice security if not have it in their job title... So, I'm calling you all out. Let's make this forum something before it disappears into nothingness!

I guess you could call me an IT Security professional or maybe just a security professional. 20 years in the .mil, 7 of the last 10 as a Sysadm, network admin, ISSO. Last three not working full time in IT but I went to college and got a BS in MIS and an MS in Operations Management. Hired out of the .mil in 2004 by a major defense contractor as the Manager-IT Security, promoted to Sr. Manager last August and promoted to Director-Security last week when my boss suddenly resigned. I'm now in charge of all the Security for the entire division. I am a CISSP.

Welcome to Anandtech and the security forums!
Very impressive resume that you have there. Hope everything goes well with the transition, bosses suddenly resigning doesn't sound very positive for the replacement.

Originally posted by: SecPro
I'll try to walk you through it. It's a bit convoluted.

We are are a 2 billion dollar division of a 24 bn dollar corp. Our div. is about 2300 people, 8 sites, seven states.

There are three distinct groups pertinent to this discussion. Company IT, Company Security, and Outsourced IT.

Company IT consists mainly of IT Management (Desktop, Infrastructure, Run $ Maintain, Projects) with a couple of Oracle Admins thrown in.

Company IT consists of both physical and IT security. 2 IT Security people, 12 physical security people, 70 person contract guard force all report to me, Director-Security, and I report to the VP-HR. The IT security people do not report to IT, they report to me.

Outsourced IT does all the desktop, mainframe, mid range, server, networking, etc support.

I have to ask, do you have any best practices that you can share?
Also what's your biggest challenge right now?

 

[Zugzwang152]

Originally posted by: SecPro

Originally posted by: Zugzwang152

Originally posted by: SecPro

Originally posted by: Zugzwang152
Security is one of the hottest fields in IT at the moment, with only growth predicted in the future... Surely there's others out there who practice security if not have it in their job title... So, I'm calling you all out. Let's make this forum something before it disappears into nothingness!

I guess you could call me an IT Security professional or maybe just a security professional. 20 years in the .mil, 7 of the last 10 as a Sysadm, network admin, ISSO. Last three not working full time in IT but I went to college and got a BS in MIS and an MS in Operations Management. Hired out of the .mil in 2004 by a major defense contractor as the Manager-IT Security, promoted to Sr. Manager last August and promoted to Director-Security last week when my boss suddenly resigned. I'm now in charge of all the Security for the entire division. I am a CISSP.

Very impressive! Kudos for coming out of the clockwork to join us!

I would love to pick your brain as far as how you're tackling some of the major problems I have on my plate.

If you're able to devulge, how big is your security staff vs. IT department size vs. company size?

I'll try to walk you through it. It's a bit convoluted.

We are are a 2 billion dollar division of a 24 bn dollar corp. Our div. is about 2300 people, 8 sites, seven states.

There are three distinct groups pertinent to this discussion. Company IT, Company Security, and Outsourced IT.

Company IT consists mainly of IT Management (Desktop, Infrastructure, Run $ Maintain, Projects) with a couple of Oracle Admins thrown in.

Company IT consists of both physical and IT security. 2 IT Security people, 12 physical security people, 70 person contract guard force all report to me, Director-Security, and I report to the VP-HR. The IT security people do not report to IT, they report to me.

Outsourced IT does all the desktop, mainframe, mid range, server, networking, etc support.

What job functions does physical security constitute as opposed to IT security? I assume that both are knowledge worker types and very different from your security guard force. If you count contractors and vendors, my company is about the same size in people (a little smaller), and sites, but only in one state.

I have to ask, do you have any best practices that you can share?

[

Best practices for what? It's probably something we could all share from our own experience.

 

[gsellis]

I am. But I am not a pen tester, ex-hacker, or white hat. The ex-OS guy that now is doing some identity management (being outsourced), MS CA PKI implementation (got to go test in a few), Cisco Security Agent client support and monitoring, and just inherited that Cisco ACS servers to support.

It is a growing field because to be a jack of all trades makes your brain itch.

 

[SecPro]

Thanks for the welcome

What job functions does physical security constitute as opposed to IT security? I assume that both are knowledge worker types and very different from your security guard force.

We are a DoD contractor and therefore have DoD cleared facilities,lots of people with clearances and lots of classified contracts. There is an amazing amount of regulation and administration that has to be done because of that. The National Industrial Security Program Operating Manual (NISPOM) is the governing doctrine for this. It is promulgated by the DoD and making sure we are operating IAW that manual is what my physical security staff does.

IT Security does what you'd probably expect. Approving firewall configs, routing tables, IDS signatures, elevated user privs., etc. Evaluating new hw/sw before it goes on the network. Monitoring AV, logs, NIDS/HIDS, etc. Running vulnerability scans. Lots and lots of work for two people. Oh and Sarbanes-Oxley crap.

Best Practices? Need to be specific.

 

[gsellis]

Originally posted by: SecPro
Thanks for the welcome

What job functions does physical security constitute as opposed to IT security? I assume that both are knowledge worker types and very different from your security guard force.

Best Practices? Need to be specific.

Using the same quote...

IT security has parts too. For example, there are strong physical security requirements around certificate authorities. Verisign is supposed to have a small 'force' with automatic weapons guarding its assets. Best practice for Root CAs can include safes, physical devices, guarded procedures, and that the servers are in pieces, OFF, and not connected to any network.

 

[Oakenfold]

Originally posted by: SecPro
Thanks for the welcome

What job functions does physical security constitute as opposed to IT security? I assume that both are knowledge worker types and very different from your security guard force.

We are a DoD contractor and therefore have DoD cleared facilities,lots of people with clearances and lots of classified contracts. There is an amazing amount of regulation and administration that has to be done because of that. The National Industrial Security Program Operating Manual (NISPOM) is the governing doctrine for this. It is promulgated by the DoD and making sure we are operating IAW that manual is what my physical security staff does.

IT Security does what you'd probably expect. Approving firewall configs, routing tables, IDS signatures, elevated user privs., etc. Evaluating new hw/sw before it goes on the network. Monitoring AV, logs, NIDS/HIDS, etc. Running vulnerability scans. Lots and lots of work for two people. Oh and
Sarbanes-Oxley crap.

Best Practices? Need to be specific.

What are your opinions on Sarbox? Aside from the obvious (that it's crap heh).
I work for an organization that currently does not have to comply with Sarbox, however that could change in the future, we all know the government likes to change rules...


I didn't realize that so many would be open to sharing best practices :thumbsup:.
I'd like to hear some best practices that really stick out in your mind and maybe you even implemented or suggested to the boys upstairs.

If you can't think of any offhand how about regarding how Senior IT Management has assurance that every day activities are actually completed, maybe along the lines of a control framework implementation.

By the way does anyone have ERM (Enterprise Risk Management) or Coso Frameworks implemented? This is a little OT and more geared towards the other one or two auditors here on AT but if you have implemented one do you feel it was worth it?

 

[SecPro]

What are your opinions on Sarbox? Aside from the obvious (that it's crap heh).

I don't know how familiar everyone is with SOX so if i say something you already know forgive me. SOX was created after Enron, Tyco, et al with the purpose of ensuring publicly traded companise were reporting accurate numbers to the SEC. Section 404 of SOX governs the IT systems of the companies. No part of SOX is written with any specificity and therein lies the problem.

Because of this the audit firms were basically dictating the required controls to companies to be in compliance with SOX (remember auditors bill by the hour). They have gone way beyond the scope of ensuring financials are secure and outputting accurate data. Some examples: Do you have a smoke detector in the data center? Oh its battery operated. Whens the last time you changed the battery? Do you have a receipt? AND THIS WAS A CENTER THAT DIDN'T HOUSE ANY OF OUR FINANCIAL APPS!!!

This is the kind of crap that was being done. Companies are pusing back now, both at the audit firms and Congress.

I will say this though. I used the SOX auditors to my advantage. I was the first IT Sec person this company ever had and it was a mess. Whenver I wanted to get something done that the IT guys were balking at, I would simply point it out to the auditors, they would find it, put it in the report and it would have to get fixed.

I didn't realize that so many would be open to sharing best practices .

I don't see any problem with it. I'm not going to say "Here's how my border router is configured, it's at IP X, go check it out." Best practices, philosophy, approaches to problems I think would make for great discussions.

If you can't think of any offhand how about regarding how Senior IT Management has assurance that every day activities are actually completed, maybe along the lines of a control framework implementation.

By the way does anyone have ERM (Enterprise Risk Management) or Coso Frameworks implemented?

I think if you can pull it off, it's great. I think a lot of orgs start down a certain path and end up with a hybrid of a couple. This kinda leads into the first part of the quote about every day practices. I have had great dificulty getting repeatable processes written, implemented and followed, moreso the latter than the first two.

 

[Zugzwang152]

I don't see any problem with it. I'm not going to say "Here's how my border router is configured, it's at IP X, go check it out." Best practices, philosophy, approaches to problems I think would make for great discussions.

Agreed. Best practices are just that: best practices. Sometimes they don't make sense for your organization, but often times they do. Like SecPro says, we're not going to be sharing IP addresses or router configs.

One thing we're dealing with right now is creating a sort of best practice for our IT department to follow regarding the creation of service accounts.

We have apps that the admins will make a service account for every single job that runs, and we will have other admins who make one service account and use it in multiple places. We literally have thousands of these accounts running, and tracking all of them is a pain in the ass.

I've tried to convince them that this is an IT process and they should make their own damn guidelines, but apparently no one is going to do anything unless they see it's a security requirement. I've found only a few white papers, all from Microsoft, that touch on this issue. Has anyone read anything about service account structure?

 

[Oakenfold]

Originally posted by: SecPro

What are your opinions on Sarbox? Aside from the obvious (that it's crap heh).

I don't know how familiar everyone is with SOX so if i say something you already know forgive me. SOX was created after Enron, Tyco, et al with the purpose of ensuring publicly traded companise were reporting accurate numbers to the SEC. Section 404 of SOX governs the IT systems of the companies. No part of SOX is written with any specificity and therein lies the problem.

Because of this the audit firms were basically dictating the required controls to companies to be in compliance with SOX (remember auditors bill by the hour). They have gone way beyond the scope of ensuring financials are secure and outputting accurate data. Some examples: Do you have a smoke detector in the data center? Oh its battery operated. Whens the last time you changed the battery? Do you have a receipt? AND THIS WAS A CENTER THAT DIDN'T HOUSE ANY OF OUR FINANCIAL APPS!!!

This is the kind of crap that was being done. Companies are pusing back now, both at the audit firms and Congress.

Wow, that is pretty extreme, I agree with the basic concept of general controls but the judgement used to determine sufficient audit evidence is another and your example seems excessive, of course I have never done any SOX compliance work so it may be the norm to some, if that's the case I'm glad I'm not involved with it. Perhaps the auditors were not members of the IIA and did not have a standard for professional performance.

I will say this though. I used the SOX auditors to my advantage. I was the first IT Sec person this company ever had and it was a mess. Whenver I wanted to get something done that the IT guys were balking at, I would simply point it out to the auditors, they would find it, put it in the report and it would have to get fixed.

Kudos to you, it can certainly assist in getting things in the budget!

I don't see any problem with it. I'm not going to say "Here's how my border router is configured, it's at IP X, go check it out." Best practices, philosophy, approaches to problems I think would make for great discussions.

Let me clarify, best practices are indeed no problem to distribute, some people just don't have the spirit to pass knowledge along which is a true shame. [/quote]

I think if you can pull it off, it's great. I think a lot of orgs start down a certain path and end up with a hybrid of a couple. This kinda leads into the first part of the quote about every day practices. I have had great dificulty getting repeatable processes written, implemented and followed, moreso the latter than the first two.

My company currently does not have either at the moment but would jump at the opportunity to aid in the design. :thumbsup: I recently attended a seminar on COSO, it seemed like either ERM or the COSO framework is indeed a huge organizational change requiring considerable resources. Maybe one day we'll be able to sell it to the people in charge...

If you had to name the largest impeding factor in writing, implementing, and having the troops follow the new process what is it? I'm not necessarily looking for an answer on all three as I realize that could be a thread in itself. Just looking for the biggest thorn in your side.

Originally posted by: Zugzwang152
Agreed. Best practices are just that: best practices. Sometimes they don't make sense for your organization, but often times they do. Like SecPro says, we're not going to be sharing IP addresses or router configs.

Clarified my comment above, like I said I'm not sure why people don't like to share but some just don't...

One thing we're dealing with right now is creating a sort of best practice for our IT department to follow regarding the creation of service accounts.
We have apps that the admins will make a service account for every single job that runs, and we will have other admins who make one service account and use it in multiple places. We literally have thousands of these accounts running, and tracking all of them is a pain in the ass.

What's the procedure/policy on the review of the accounts and creation of them? That does sound like it could be a nightmare.

I've tried to convince them that this is an IT process and they should make their own damn guidelines, but apparently no one is going to do anything unless they see it's a security requirement. I've found only a few white papers, all from Microsoft, that touch on this issue. Has anyone read anything about service account structure?

Looks like you answered my question. Sounds like you may want to communicate that to your audit department, especially if there is no periodic review of accounts. I wish I could say that I was familiar with admin duties but I am not. Maybe SecPro can comment on this.

 

[SecPro]

Originally posted by: Zugzwang152

I don't see any problem with it. I'm not going to say "Here's how my border router is configured, it's at IP X, go check it out." Best practices, philosophy, approaches to problems I think would make for great discussions.

Agreed. Best practices are just that: best practices. Sometimes they don't make sense for your organization, but often times they do. Like SecPro says, we're not going to be sharing IP addresses or router configs.

One thing we're dealing with right now is creating a sort of best practice for our IT department to follow regarding the creation of service accounts.

We have apps that the admins will make a service account for every single job that runs, and we will have other admins who make one service account and use it in multiple places. We literally have thousands of these accounts running, and tracking all of them is a pain in the ass.

I've tried to convince them that this is an IT process and they should make their own damn guidelines, but apparently no one is going to do anything unless they see it's a security requirement. I've found only a few white papers, all from Microsoft, that touch on this issue. Has anyone read anything about service account structure?

Assuming you have acess control/identity management policies, why not handle service accounts iaw those policies? That's what we do here. It's not assigned to a single user, so it's a "generic" account and managed accordingly. If it needs ellevated rights, those are granted and tracked IAW existing procedures. The password doesn't expire, that's an exception to current policy and it is tracked accordingly. Etc., etc.

 

[Zugzwang152]

Originally posted by: SecPro

Originally posted by: Zugzwang152

I don't see any problem with it. I'm not going to say "Here's how my border router is configured, it's at IP X, go check it out." Best practices, philosophy, approaches to problems I think would make for great discussions.

Agreed. Best practices are just that: best practices. Sometimes they don't make sense for your organization, but often times they do. Like SecPro says, we're not going to be sharing IP addresses or router configs.

One thing we're dealing with right now is creating a sort of best practice for our IT department to follow regarding the creation of service accounts.

We have apps that the admins will make a service account for every single job that runs, and we will have other admins who make one service account and use it in multiple places. We literally have thousands of these accounts running, and tracking all of them is a pain in the ass.

I've tried to convince them that this is an IT process and they should make their own damn guidelines, but apparently no one is going to do anything unless they see it's a security requirement. I've found only a few white papers, all from Microsoft, that touch on this issue. Has anyone read anything about service account structure?

Assuming you have acess control/identity management policies, why not handle service accounts iaw those policies? That's what we do here. It's not assigned to a single user, so it's a "generic" account and managed accordingly. If it needs ellevated rights, those are granted and tracked IAW existing procedures. The password doesn't expire, that's an exception to current policy and it is tracked accordingly. Etc., etc.

We do this already. but there is no governing document or list of best practices that direct admins on how to provision new accounts. So sometimes someone may decide they want to create a hundred new service accounts at once.

 

[vital]

Hello. I'm currently in IT Auditing and I'd like to change to a job where I get paid big bucks for staring at IDS logs all day.. Any tips on how I can a job like that?

 

[Zugzwang152]

Originally posted by: vital
Hello. I'm currently in IT Auditing and I'd like to change to a job where I get paid big bucks for staring at IDS logs all day.. Any tips on how I can a job like that?

1. Got clearance?
2. Go into "consulting"


Or, do "penetration testing" and charge them $500/hour for running nmap and nessus at their DMZ.

Welcome to the Security forum. And by Security I mean the "what's the best free antivirus?" forum.

 

[vital]

Originally posted by: Zugzwang152

Originally posted by: vital
Hello. I'm currently in IT Auditing and I'd like to change to a job where I get paid big bucks for staring at IDS logs all day.. Any tips on how I can a job like that?

1. Got clearance?
2. Go into "consulting"


Or, do "penetration testing" and charge them $500/hour for running nmap and nessus at their DMZ.

Welcome to the Security forum. And by Security I mean the "what's the best free antivirus?" forum.

Ok I have some serious career questions that needs to be addressed by one of you IT Security Professionals. I really wanna get into IT Security and I currently hold a SANS/GIAC GCWN (Windows Security Administrator) certification. My employer is willing to provide me more training in a few months and I can either choose MCSE or more SANS training. I'm having a hard time deciding which one I should choose. I can choose MCSE:Security... but is it really that much of a difference on my resume if I have GCWN *AND* MCSE:Security? I'd prefer more of Security Analyst role than a Security Administrator role.

If I do choose another SANS course I was thinking of one of the hacking courses or IDS in depth courses so I can hopefully secure my dream job mentioned above. What do you all think?

 

[Oakenfold]

Originally posted by: vital
Hello. I'm currently in IT Auditing and I'd like to change to a job where I get paid big bucks for staring at IDS logs all day.. Any tips on how I can a job like that?

Welcome to the Security Forum!

Originally posted by: Zugzwang152
and by Security I mean the "what's the best free antivirus?" forum.

Sorry, couldn't resist Zug that's a great quote! :laugh:

Seriously though welcome Vital. Why exactly are you wanting to get out of IT Auditing? Can you maybe explain a little bit more about what you currently do, and what you don't like that you currently do?

 

[vital]

Originally posted by: Oakenfold

Originally posted by: vital
Hello. I'm currently in IT Auditing and I'd like to change to a job where I get paid big bucks for staring at IDS logs all day.. Any tips on how I can a job like that?

Welcome to the Security Forum!

Originally posted by: Zugzwang152
and by Security I mean the "what's the best free antivirus?" forum.

Sorry, couldn't resist Zug that's a great quote! :laugh:

Seriously though welcome Vital. Why exactly are you wanting to get out of IT Auditing? Can you maybe explain a little bit more about what you currently do, and what you don't like that you currently do?

Sure. I get paid to be hated by people in the company. All I do is SOX audits and it sucks. Some people I've never met and they'll give me this stupid attitude when I'm just doing my job. It's like the past auditors in the company who quit messed up the relationship with every department in my company. The only reason why I'm doing this is for the related security experience. I was not able to find entry level IT Security job out of college with no experience. My department is ok and my team members are pretty supportive, but that's all the good thing I have to say about my work.

So since you're studying for the CIA, I assume you work in Internal Audit as well?

 

[Zugzwang152]

Originally posted by: vital

Originally posted by: Zugzwang152

Originally posted by: vital
Hello. I'm currently in IT Auditing and I'd like to change to a job where I get paid big bucks for staring at IDS logs all day.. Any tips on how I can a job like that?

1. Got clearance?
2. Go into "consulting"


Or, do "penetration testing" and charge them $500/hour for running nmap and nessus at their DMZ.

Welcome to the Security forum. And by Security I mean the "what's the best free antivirus?" forum.

Ok I have some serious career questions that needs to be addressed by one of you IT Security Professionals. I really wanna get into IT Security and I currently hold a SANS/GIAC GCWN (Windows Security Administrator) certification. My employer is willing to provide me more training in a few months and I can either choose MCSE or more SANS training. I'm having a hard time deciding which one I should choose. I can choose MCSE:Security... but is it really that much of a difference on my resume if I have GCWN *AND* MCSE:Security? I'd prefer more of Security Analyst role than a Security Administrator role.

If I do choose another SANS course I was thinking of one of the hacking courses or IDS in depth courses so I can hopefully secure my dream job mentioned above. What do you all think?

SecPro is a security manager, so he may have the best perspective on what makes an attractive candidate.

I'm a big fan of SANS training, but I'm disappointed you decided to spend your week-long training on their Windows class. I can't speak to the course material since I haven't taken it, but MCSE is much more recognizable (and more marketable) right now. Right now, I'm interested in taking the GCIA and GCIH classes.

From my perspective (I'm just an analyst though), I'd want SANS training if you really want to learn some useful skills. However, if I was unemployed and looking for a job, I'd want Microsoft certifications for my resume first.

 

[Zugzwang152]

Originally posted by: Oakenfold

Originally posted by: Zugzwang152
and by Security I mean the "what's the best free antivirus?" forum.

Sorry, couldn't resist Zug that's a great quote! :laugh:

April 1, 2008: you should get this forum renamed to "what's the best free antivirus?" for a day

 

[Oakenfold]

Originally posted by: vital
Sure. I get paid to be hated by people in the company. All I do is SOX audits and it sucks. Some people I've never met and they'll give me this stupid attitude when I'm just doing my job. It's like the past auditors in the company who quit messed up the relationship with every department in my company. The only reason why I'm doing this is for the related security experience. I was not able to find entry level IT Security job out of college with no experience. My department is ok and my team members are pretty supportive, but that's all the good thing I have to say about my work.

So since you're studying for the CIA, I assume you work in Internal Audit as well?

You've pegged me right I'm currently a staff auditor for a non-profit financial institution (no SOX compliance). That sounds like you've got a pretty intense work enviornment. I can understand how you must be very frustrated!

Auditing is certainly a positive for a Security Analyst gig, or at least some of the requirements for various analyst positions I've looked at have indicated such. I'm sure Zug or Secpro can comment more on that as they have experience on the *other side*. At least that's what I'm hoping in the long run. :thumbsup:

Originally posted by: Zugzwang152
April 1, 2008: you should get this forum renamed to "what's the best free antivirus?" for a day

I'll see what I can do!

 

[SecPro]

Originally posted by: Zugzwang152

Originally posted by: vital

Originally posted by: Zugzwang152

Originally posted by: vital
Hello. I'm currently in IT Auditing and I'd like to change to a job where I get paid big bucks for staring at IDS logs all day.. Any tips on how I can a job like that?

1. Got clearance?
2. Go into "consulting"


Or, do "penetration testing" and charge them $500/hour for running nmap and nessus at their DMZ.

Welcome to the Security forum. And by Security I mean the "what's the best free antivirus?" forum.

Ok I have some serious career questions that needs to be addressed by one of you IT Security Professionals. I really wanna get into IT Security and I currently hold a SANS/GIAC GCWN (Windows Security Administrator) certification. My employer is willing to provide me more training in a few months and I can either choose MCSE or more SANS training. I'm having a hard time deciding which one I should choose. I can choose MCSE:Security... but is it really that much of a difference on my resume if I have GCWN *AND* MCSE:Security? I'd prefer more of Security Analyst role than a Security Administrator role.

If I do choose another SANS course I was thinking of one of the hacking courses or IDS in depth courses so I can hopefully secure my dream job mentioned above. What do you all think?

SecPro is a security manager, so he may have the best perspective on what makes an attractive candidate.

I'm a big fan of SANS training, but I'm disappointed you decided to spend your week-long training on their Windows class. I can't speak to the course material since I haven't taken it, but MCSE is much more recognizable (and more marketable) right now. Right now, I'm interested in taking the GCIA and GCIH classes.

From my perspective (I'm just an analyst though), I'd want SANS training if you really want to learn some useful skills. However, if I was unemployed and looking for a job, I'd want Microsoft certifications for my resume first.

Let's be clear, SecPro is a Director of Security not a security manager.

What I first look for when hiring IT security personnel is a pretty heavy networking background. You cannot intelligently analyze network traffic, IDS/IDP logs, etc without that background and you certainly can't tell anyone how to plug the holes you see.

I'm also a fan of SANS training. Mandiant also offers 1 or 2 relevant courses alhough their training is mostly about forensics an area where they are a world class org. Certs are useful to document a willingness to learn and a base level of knowledge. The corresponding experience is equally important. Certs granted by taking an unproctored exam are worthless.

There are no well paying jobs where you stare at IDS logs all day. There are some well paying jobs for security analysts. Systems used in Securty Operations Centers don't require someone to stare at them 24/7. What is required is someone who can analyze patterns, anomolies and other rises above the norm that can't be filtered or normalized.

The other thing to consider is what it is you really want to do. Just like auditing, no one wants to be an analyst all their life. Most management positions require a degree so if you don't have one of those . . .

 

[Zugzwang152]

Originally posted by: SecPro

Originally posted by: Zugzwang152

Originally posted by: vital

Originally posted by: Zugzwang152

Originally posted by: vital
Hello. I'm currently in IT Auditing and I'd like to change to a job where I get paid big bucks for staring at IDS logs all day.. Any tips on how I can a job like that?

1. Got clearance?
2. Go into "consulting"


Or, do "penetration testing" and charge them $500/hour for running nmap and nessus at their DMZ.

Welcome to the Security forum. And by Security I mean the "what's the best free antivirus?" forum.

Ok I have some serious career questions that needs to be addressed by one of you IT Security Professionals. I really wanna get into IT Security and I currently hold a SANS/GIAC GCWN (Windows Security Administrator) certification. My employer is willing to provide me more training in a few months and I can either choose MCSE or more SANS training. I'm having a hard time deciding which one I should choose. I can choose MCSE:Security... but is it really that much of a difference on my resume if I have GCWN *AND* MCSE:Security? I'd prefer more of Security Analyst role than a Security Administrator role.

If I do choose another SANS course I was thinking of one of the hacking courses or IDS in depth courses so I can hopefully secure my dream job mentioned above. What do you all think?

SecPro is a security manager, so he may have the best perspective on what makes an attractive candidate.

I'm a big fan of SANS training, but I'm disappointed you decided to spend your week-long training on their Windows class. I can't speak to the course material since I haven't taken it, but MCSE is much more recognizable (and more marketable) right now. Right now, I'm interested in taking the GCIA and GCIH classes.

From my perspective (I'm just an analyst though), I'd want SANS training if you really want to learn some useful skills. However, if I was unemployed and looking for a job, I'd want Microsoft certifications for my resume first.

Let's be clear, SecPro is a Director of Security not a security manager.

You're still security management The manager of managers is still a manager.

 

[imported_nerve]

Thanks for the great info guys!

I, too am trying to get into the Security field.

I currently have clearance..
I am trying to find a good college in my area to earn a degree.