Required Knowledge for a Career in Network Security

mtgarden asks: "I am trying to decide if I want to make a career shift into network security. I enjoy learning about cutting edge technologies and find security interesting. I am not especially good at programing but would potentially enjoy the analysis side of security. Where would I start studying to learn whether this field is a good fit for me?"

it's a very hard field...

[Malor]

As a system and network admin, security is something I think about quite a bit. As far as I can determine, truly good security people are the best of the best in the computer world. There is _nothing_ in computers as difficult.

As an admin/architect, you need a prodigious memory; you have to know all the software you're deploying, with all its various warts. You have to know your operating systems, and their interactions with your chosen hardware, both system and network. And you have to understand your network layout and be able to troubleshoot.

As a programmer, you need less knowledge and more raw brainpower. You still need to know how other people do things, but a great deal of the job is raw invention on the spot. Knowledge in the programming field tends to be narrow, specialized, and very deep.

As a security person, at least to be a GOOD one, you need all the skills of both fields, plus more besides. You have to be able to audit source code and find weaknesses; you have to be able to probe a network remotely and understand its layout and where its holes are likely to be. Defensively, you have to understand all the possible ramifications and interactions with combinations of software. Offensively, you have to be able to find the holes that nobody else has seen before.

Both programming and sysadminning can lead into security, but if you want to be GOOD, I'd strongly suggest trying to be both. You might want to program first; that's usually harder to break into, and it can be easier to get a job out of college. Admins tend to like experience as much or more than education, so once you have a good degree of programming skill, you can probably branch out and pick up what you need in terms of system administration. You don't necessarily need the day-to-day details, but you do need a very, very deep understanding of _exactly_ what the operating system and programs are _actually_ doing... not just the cruder models most of us tend to use.

It is a very interesting field, but it'll take everything you have and then some just to keep up.

Career chooses you.

[Spazmania]

As with most things involving deep technical expertise, you don't choose the career so much as the career chooses you. Here's how it goes for network security:

You work as a junior network administrator.
You get interested in the security aspects.
You find you have a knack for it and tend to spend any unassigned manhours scanning logs for connection attempts and looking up the ports to see what the originator was attempting.
Your boss notices that you have a knack for it and lets you spend more time working on it.
You start reading the available literature to gain more insight.
A job comes along where they're looking for a network security specialist instead of a general network admin. You apply and get the job.
With all of your work-hours spent on network security your rate of learning increases.
You run in to a few unusual situations and start to consult with experts on the 'net.
etc.
At some point you cross a line. Now you are one the experts and folks consult with you.

You'll notice there is no coursework listed anywhere in there. It wasn't an oversight. Coursework provides a decent overview for folks who don't have the knack. It lets them get by without being completely ignorant. Someone with the knack, someone who should consider network security as a career path, will get the same results by spending an evening with a book.