Required Knowledge for a Career in Network Security

mtgarden asks: "I am trying to decide if I want to make a career shift into network security. I enjoy learning about cutting edge technologies and find security interesting. I am not especially good at programing but would potentially enjoy the analysis side of security. Where would I start studying to learn whether this field is a good fit for me?"

Re:First things first

[G)-(ostly]

You clearly are a security professional, as you skipped all the actual initial steps, probably because you're so used to them :)

The FIRST thing to do is learn the mechanics of the system(s) you are protecting. There are a lot of "generic" classes of threats out there, some relevant to certain systems, some to all. Before you can begin trying to protect against them, however, you need to completely understand:

1. If/how they affect the systems you're protecting.
2. What about your system makes the threat especially dangerous or nominal.
3. What mechanisms your system has to wall off such threats, if any.

You can't truly secure a system you don't inside and out, no matter how much security "theory" you know, so the FIRST step is making sure you understand the technology at your disposal, even before you try to understand what threatens to compromise it.

Career chooses you.

[Spazmania]

As with most things involving deep technical expertise, you don't choose the career so much as the career chooses you. Here's how it goes for network security:

You work as a junior network administrator.
You get interested in the security aspects.
You find you have a knack for it and tend to spend any unassigned manhours scanning logs for connection attempts and looking up the ports to see what the originator was attempting.
Your boss notices that you have a knack for it and lets you spend more time working on it.
You start reading the available literature to gain more insight.
A job comes along where they're looking for a network security specialist instead of a general network admin. You apply and get the job.
With all of your work-hours spent on network security your rate of learning increases.
You run in to a few unusual situations and start to consult with experts on the 'net.
etc.
At some point you cross a line. Now you are one the experts and folks consult with you.

You'll notice there is no coursework listed anywhere in there. It wasn't an oversight. Coursework provides a decent overview for folks who don't have the knack. It lets them get by without being completely ignorant. Someone with the knack, someone who should consider network security as a career path, will get the same results by spending an evening with a book.