I don’t know where I first heard this quote but I find it at the root of a lot of the security problems we have today. Basically, we have many newly minted information security professionals entering the market with so-called “cyber” degrees. Yeah, they can do the basics but when push comes to shove they lack important foundational skills required to be successful. One of the reasons is the big difference between conceptual academic theories and actual experience administrating the systems they are trying to secure or defend. The people who are going to excel in our field are those that cut their teeth going through the horrors of configuring and administrating a network and its hosts, servers, and devices.
So how do you get these experiences without leaving security for several years of general IT work? One option is to ask your current employer for some cross-training IT assignments. If that doesn’t work, setup your own mock “enterprise” network at home complete with AD, servers (e.g., email, web, telephony, etc.), workstations, and network devices. Free resources such as VMware ESXi and trial OSs and software from Microsoft can make this setup a fairly simple process. Additionally, many network device vendors offer trial router, switch, and firewall VMs you can readily import and practice on. Alternatively, you can start off with little upfront cost trying to create the same virtual infrastructure in the cloud.
Overall, you are never going to be as good as someone that lived and breathed general IT for several years but you’ll be a lot better at stopping the bad guys.
Today’s post pic is from Wikipedia.org. See ya!