- Posts: 6
- Thank you received: 0
what means to be a security consultant?
20 years 6 months ago #3973
by c0lin
what means to be a security consultant? was created by c0lin
first of all i have to tell you that i like you guys because you are quite aproachable.
when i saw your team i saw that sahirh is a "security consultant for penetration testing, intrusion analysis, incident handling and cyber-forensic" and i was wondering: what is guy doing?
how is to be a security consultant?
so, can somebody explain me: 1.what this means? and 2. what do i have to do to gain such a position?
when i saw your team i saw that sahirh is a "security consultant for penetration testing, intrusion analysis, incident handling and cyber-forensic" and i was wondering: what is guy doing?
how is to be a security consultant?
so, can somebody explain me: 1.what this means? and 2. what do i have to do to gain such a position?
20 years 6 months ago #3976
by sahirh
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Replied by sahirh on topic Re: what means to be a security consultant?
C0lin, basically a security consultant is someone who specialises in securing computer systems -- thats a very basic description.
Since more and more critical information is stored on computers, you need people who specialise in information security. The reason its a specialisation is because security is constantly evolving and the approach you take to systems is different from that of a programmer, or a network designer.
As far as what I do goes.. penetration-testing is an activity where you pay security specialists to attempt to break into your systems so that you can discover what vulnerabilities exist, and fix them.
This is sometimes called 'ethical-hacking' a really annoying buzzword. Penetration testing is great fun.. it involves a lot of creative thinking and can be very challenging.
Intrusion analysis involves figuring out how an attack was orchestrated. Say for example your website was hacked... an intrusion analyst will try to recreate what happened from the available logs et
Incident handling is slightly similar to intrusion analysis.. when you have an incident.. say you get hacked, etc an incident handler is a person who is trained to respond correctly to that incident... keeping the integrity of the evidence, and restoring the systems to a normal state as soon as possible.
Cyber-forensics is like normal police forensics, but on computers.. its a highly specialised field (one which I'm still learning a lot about). You work with law enforcement.. the courts etc. and have to be able to find things in computer systems where there is seemingly nothing to find
Being a security consultant is fun -- if you're passionate about technology and security. It can also be quite painful as people view you as someone who restricts access and just causes inconvenience. Its a field thats really coming up these days..
If you want to get into security, you should first make sure your networking skills are down pat. Then you need to learn a programming language -- something that lets you talk right to the operating system.. like C. After that you have to learn all the differnt aspects of security. Types of attacks, common vulnerabilities etc.
Practical experience is the best teacher. Most people learn on other peoples networks (if you know what I mean).. but its far better if you setup your own lab, since you dont want to end up going to jail while trying to make a career
Read our article called an introduction to security. Its under the
Articles >> Network Security Whitepapers menu at the top of the page.
Let me know if you want more info.
Cheers,
Since more and more critical information is stored on computers, you need people who specialise in information security. The reason its a specialisation is because security is constantly evolving and the approach you take to systems is different from that of a programmer, or a network designer.
As far as what I do goes.. penetration-testing is an activity where you pay security specialists to attempt to break into your systems so that you can discover what vulnerabilities exist, and fix them.
This is sometimes called 'ethical-hacking' a really annoying buzzword. Penetration testing is great fun.. it involves a lot of creative thinking and can be very challenging.
Intrusion analysis involves figuring out how an attack was orchestrated. Say for example your website was hacked... an intrusion analyst will try to recreate what happened from the available logs et
Incident handling is slightly similar to intrusion analysis.. when you have an incident.. say you get hacked, etc an incident handler is a person who is trained to respond correctly to that incident... keeping the integrity of the evidence, and restoring the systems to a normal state as soon as possible.
Cyber-forensics is like normal police forensics, but on computers.. its a highly specialised field (one which I'm still learning a lot about). You work with law enforcement.. the courts etc. and have to be able to find things in computer systems where there is seemingly nothing to find
Being a security consultant is fun -- if you're passionate about technology and security. It can also be quite painful as people view you as someone who restricts access and just causes inconvenience. Its a field thats really coming up these days..
If you want to get into security, you should first make sure your networking skills are down pat. Then you need to learn a programming language -- something that lets you talk right to the operating system.. like C. After that you have to learn all the differnt aspects of security. Types of attacks, common vulnerabilities etc.
Practical experience is the best teacher. Most people learn on other peoples networks (if you know what I mean).. but its far better if you setup your own lab, since you dont want to end up going to jail while trying to make a career
Read our article called an introduction to security. Its under the
Articles >> Network Security Whitepapers menu at the top of the page.
Let me know if you want more info.
Cheers,
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
- h_ythakkar
- Offline
- New Member
Less
More
- Posts: 3
- Thank you received: 0
20 years 6 months ago #4022
by h_ythakkar
Replied by h_ythakkar on topic Hi sahirh
Hi,
I am 21yrs old, and i am interested in learning abt networks. It would be really helpful if you could suggest some books for basic networking concepts and also on subjects like information/internet/network security. also it would be helpful if you let me know if there are any degree courses that i could take.
Thanks
HITESH
I am 21yrs old, and i am interested in learning abt networks. It would be really helpful if you could suggest some books for basic networking concepts and also on subjects like information/internet/network security. also it would be helpful if you let me know if there are any degree courses that i could take.
Thanks
HITESH
20 years 6 months ago #4027
by sahirh
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Replied by sahirh on topic Re: what means to be a security consultant?
At the risk of sounding pompous, this is really the best site on the internet to learn about networking. It starts right from scratch. You wont need a book. However if you do want a book get Tom Lammle's CCNA Study Guide, it works well as a networking essentials book.
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Time to create page: 0.120 seconds