|
|
|
|
|
|
by bobmagoo
2767 days ago
|
|
|
It's a great time to be in security, definitely a job seeker's market. I've been in security for ~8 years now and don't have any certs and don't see a whole lot of value in them unless your employer/clients require them (some consultant or government shops do). I place a much higher value on knowing your stuff and being able to earn the respect of other engineering teams when helping them understand more secure ways to build what they're trying to build. Some of the best security engineers I've known came from a network engineer or sysadmin background. So don't worry if you don't have a "masters in security". I'd spend some time thinking about the last large system you built. How would someone attack it? How would you detect those attacks? What would you do if they were successful? How could you have architected around those weaknesses? If doing that seems like fun, my team is hiring in Seattle, feel free to drop us a message at prodsec-recruiting@tableau.com |
|
|
A lot of equipment used by ISPs is barely protected at all, from what I've seen of other peoples' networks. There's a lot of things out there like temperature monitoring devices, UPSes, rectifiers, HVAC controls, security card readers/relay controls, generator monitoring control systems that run ancient shitty software, which the vendor will never patch. People spend a lot of time isolating these things in special management networks because the cost of replacing a big rectifier system at an older POP cannot be justified.
I would say that for somebody that wants to get into a dedicated security role, without having specifically studied netsec stuff in detail, the best background to have is a mixed balance of first/second-tier NOC, network engineering, and general Linux/BSD sysadmin knowledge.