Thanks to one and all for the MANY e-mails I have received on this matter. I have taken my time and reviewed each and every response and thought it would be worth summarizing my conclusions. Many people suggested virtually identical routes which suggests some very sound advice. Here are the main suggestions (direct quotations where appropriate): 1. apply for anything that is vaguely relevant to pay the bills in the interim 2. MSc in Information Security - London (Royal Hollaway ) 3. install configure and PRACTICE on hardware/software at home i.e. cheap self training 4. play an active role in the GPL/security community and lend advice/support/expertise 5. try and find your own vulnerabilities to build recognition of your name 6. As far as I can tell there is no truly recognized "Institute of Security". "There is a fledgling "Institute for Information Security" which can be found at www.instis.org " 7. CISSP 8. "Obtain a position at a security conscious smaller company that wants IT administrator assistance but that person to also do some security work. This will beef up your resume in security experience" 9. "try writing something...an article, a tutorial, a how to. The process of doing the research and writing down the concepts will teach you what you are writing about" 10. The Sans Institute - GIAC programs 11. Obtain Cisco certification from CCNA to CISSP 12. Checkpoint exams All the above points are very sound advice and could be used by any new security candidate to broaden their horizons. Unfortunately not all of the points are practical in my own personal situation. I am already into a network design career and taking time out to do another Masters is financially not possible for me. Since I have talked to you all last I have started to restructure my "self education scheme from the typically unorganized, learn random information at random times, to a much more formalized one. A superb repository for this study is the Sans institute. I have also sat and passed my CCNA with a suitably impressive mark (a good place to start for anyone I would suggest). Following this I will sit my PIX qualifications and then my CCNP. Concurrently I will study the Sans institute with a view to starting the qualification ladder there as well. It looks as if it will be surprisingly easy to find a job within a small organization that is interested in security. In the few discussions I have had with employers since my first post I have found that pretty much any position within an IT based division will jump at the chance of adding security experienced personnel. It also surprised me how easy it was to find out what security hardware/software and persona ell they have in place. [Lets add this to the Social engineering handbook. Apply for a job and just ask outright at the interview. I got diagrams and weaknesses pointed out as well! Lol] A direct question. I cannot find any samples of the online Sans training with the accompanying MP3 anywhere. Is it possible for someone to send or point me in the direction of something that will give me an idea of what this documentation is actually like. Are there such things as past papers for these qualifications? Again thanks to everyone for the overwhelming response. It is good to know the community is alive, strong and as supportive as it is. Regards, Mark ______________________________ Subject: Advice on entering the security field (training, qualifications etc..) I am based in Scotland and extremely interested in entering the security sector. I have the usual background in IT and unsurprisingly I have been reading all the texts, playing with all the tools and reading all the mailing lists etc.. for the past 4 years. My question is, how do I formalize my self-taught education with qualifications/accreditation that is meaningful to a potential employer. Specifically, assuming that I am funding it myself, what qualifications should I sit? Is there such a thing as a "Institute of Security.." that I can join? I have been actively looking for a position recently but the combination of the down turn in the market and every job looking for a different accreditation I have been unsuccessful. Any advice would be appreciated. Mark
This archive was generated by hypermail 2b30 : Fri Feb 22 2002 - 13:15:40 PST