Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
SYS-CON.TV

2008 West
DIAMOND SPONSOR:
Data Direct
SOA, WOA and Cloud Computing: The New Frontier for Data Services
PLATINUM SPONSORS:
Red Hat
The Opening of Virtualization
GOLD SPONSORS:
Appsense
User Environment Management – The Third Layer of the Desktop
Cordys
Cloud Computing for Business Agility
EMC
CMIS: A Multi-Vendor Proposal for a Service-Based Content Management Interoperability Standard
Freedom OSS
Practical SOA” Max Yankelevich
Intel
Architecting an Enterprise Service Router (ESR) – A Cost-Effective Way to Scale SOA Across the Enterprise
Sensedia
Return on Assests: Bringing Visibility to your SOA Strategy
Symantec
Managing Hybrid Endpoint Environments
VMWare
Game-Changing Technology for Enterprise Clouds and Applications
Click For 2008 West
Event Webcasts

2008 West
PLATINUM SPONSORS:
Appcelerator
Get ‘Rich’ Quick: Rapid Prototyping for RIA with ZERO Server Code
Keynote Systems
Designing for and Managing Performance in the New Frontier of Rich Internet Applications
GOLD SPONSORS:
ICEsoft
How Can AJAX Improve Homeland Security?
Isomorphic
Beyond Widgets: What a RIA Platform Should Offer
Oracle
REAs: Rich Enterprise Applications
Click For 2008 Event Webcasts
So You Wanna Be a (Security) Superstar?

Written by Rick Deacon

Recently I've been faced with a very difficult type of question... and it isn't even technical. No, it's not the typical 'How do you find a buffer overflow?' or 'Can you write me code entirely in assembly... in 20 minutes?'... it's much more difficult to answer. It's answer, to many people, may be the 'key' they are looking for in this industry. The question is very often phrased as "So what did it take for you to get where you are?" or "How do I get into the security industry?" and even sometimes "How do I become a hacker?"

There are many different approaches to this subject, and I firmly believe there only a few ways to truly succeed in security or IT in general. A lot of people assume four years of school is going to land you your dream job, where you're a hacker in your own peaceful office behind a wall of 6 monitors watching packet captures fly by on one screen while simultaneously watching The Matrix on the other and texting your girlfriend(s) about which restaurant you're renting out tonight. That may work for some but that doesn't always happen. In fact, most of the time it doesn't. That same sort of mentality is what I see currently when people are picking their majors/careers, which mind you, is a decision which usually affects you the rest of your life. Many people tell me about how they know "a little" about computers but they're going to learn the rest of what they need no problem... that's what school is for, right? Wrong. From my experience, it takes a lot more than just four years of school to get ahead, especially in security. It takes a mindset that pushes and drives you to understand what's going on an intricate level. Taking a test and naming pieces of hardware off of a computer isn't going to get you very far. Certification courses and advanced networking courses are always going to help you learn and ARE necessary, but they're not going to teach you about the mental anguish you're going to endure when you to try apply the concepts, and for some reason unbeknownst to man, the darn thing just won't work. On that note... if you somehow think this won't ever happen to you, think again :). This applies even more so to information security because the knowledge that penetration testers, hackers, system administrators and developers have is far more than just what you learn in a book or from taking a quiz. It's a conglomeration of experimentation and research on your OWN time mixed with the drive to understand the inner workings of things that no normal human being should want to know. Falling into this sort of field very rarely happens and the security mindset and mentality isn't something that can always be taught.

The whole concept and topic of teaching and learning on this subject is a whole blog in and of itself... but essentially you can never stop learning in this field. If you're not "with it" on what's going around in your industry or community, you might as well forget it. You won't ever get anywhere having a mundane view of what's going on. The security industry is dynamic. Visit any Full Disclosure mailing list or website and see how much is updated on a daily basis... it's somewhat ridiculous.

In the defense of all certification and course instructors out there, there is always something to learn. Sometimes the best way to learn is behind a desk listening to someone, whether it be a teacher or just someone who knows something you don't.

So back on direct topic here... what should someone do when they want to be part of this industry? Always be learning, always be listening and always be aware. Be learning about what's new and out there and by that I don't mean just read an article. if it's a new application... setup a personal 'testing' network and try it out. If it's a new vulnerability, setup a virtual machine and go hack yourself. Be listening to what people of intelligence have to say when it comes to the manner. If they know more than you, don't try to act like a know it all. It won't get you anywhere. Be aware, most importantly. Be aware of what's going on in the industry. A great place to do this is Twitter. You'd be surprised what can be learned by following some influential and smart people on Twitter. (Like @hurricanelabs and @rickdeaconx for example. ;))

Obviously there is not going to be a magic silver bullet. It's always going to take work and no one is going to give you the answer to solve all questions. Do what you love, and if you don't love to do it... don't bother. Especially in IT.

Read the original blog entry...

About Hurricane Labs
Christina O’Neill has been working in the information security field for 3 years. She is a board member for the Northern Ohio InfraGard Members Alliance and a committee member for the Information Security Summit, a conference held once a year for information security and physical security professionals.

Latest AJAXWorld RIA Stories
Coca-Cola’s Google powered digital signage system lays the groundwork for a more valuable connection between Coke and its customers. Digital signs pair software with high-resolution displays so that a message can be changed instantly based on what the operator wants to communicat...
The question before companies today is not whether to become intelligent, it’s a question of how and how fast. The key is to adopt and deploy an intelligent application strategy while simultaneously preparing to scale that intelligence. In her session at 21st Cloud Expo, Sangeeta...
Bert Loomis was a visionary. This general session will highlight how Bert Loomis and people like him inspire us to build great things with small inventions. In their general session at 19th Cloud Expo, Harold Hannon, Architect at IBM Bluemix, and Michael O'Neill, Strategic Busin...
DX World EXPO, LLC, a Lighthouse Point, Florida-based startup trade show producer and the creator of "DXWorldEXPO® - Digital Transformation Conference & Expo" has announced its executive management team. The team is headed by Levent Selamoglu, who has been named CEO. "Now is the ...
Companies are harnessing data in ways we once associated with science fiction. Analysts have access to a plethora of visualization and reporting tools, but considering the vast amount of data businesses collect and limitations of CPUs, end users are forced to design their structu...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021


SYS-CON Featured Whitepapers
ADS BY GOOGLE