Since there's a bunch of cats going down the security path, here are some skills that has been extremely valuable in helping me get high paying contracts:
Information Security
Active Directory Administration and Security - AD is the main LDAP provider for most organizations so you're going to have learn how to administer AD and secure it.
- Understand AD group scope and how they're used
- Understand the Active Directory schema and how to modify it
- Understand AD CS and how to configure and troubles LDAPS
- Know how to create/manage AD objects
- A strong understanding of group policy
Public Key Infrastructure - Encryption and PKI are fundamental concepts in info sec and you should have a strong understanding of how it works:
- Understanding the various types of encryption algorithms
- Understanding Certificate Authorities, their role, and how they work
- Understanding key management
- Understanding Certificate Templates and how they're used (Active Directory)
- Know how to deploy certificates to users/computers
- Understand auto-enrollment, certificate renewals and expiration
Security Standards - security standards and governance are what gives security teams the legal backing and provides industry best practices in securing environments
- NIST 800-53 - the most common info sec standard. Familiarize yourself with it.
- ISO27001 - another security standard
- PCI DSS - the industry standard for companies that accept credit card transactions (Visa, MC, Discover, AMEX)
- HIPAA - the government privacy standard for the healthcare industry. There are HIPAA security rules the provide guidance for securing ePHI.
- FISMA - standard mandated by the federal government. A lot of federal jobs have a requirement for having the CISSP which is the standard.
Network Security
Firewalls/VPNs- Firewalls segment and analyze network traffic and allow data in and out the network based on rules and policies. VPN's provide security communication over a public network (the internet for example)
- Cisco ASA - firewall/VPN appliance by Cisco. The CCNA Security, CCNP Security, and CCIE Security exams covers configuring, installing and troubleshooting these devices
- Checkpoint - firewall/VPN appliance manufacturer. The CCSA and CCSE exams cover checkpoint appliances
IPS/IDS - these devices monitor network traffic for network based attacks. There's a bunch of different vendors that create IPS/IDS software. Find one that has a free trial/software and start familiarizing yourself with it.
DLP - these appliances monitors network traffic to ensure that confidential data isn't setup on the network (social security numbers, company secrets, HIPAA data, credit card data, etc). There's a bunch of DLP vendors (I'm most familiar with Symantec).
Vulnerabilities and Exploits - vulnerabilities are weaknesses in software/configuration.
- WSUS - main tool used to patch Windows devices in a corporate environment
- SCCM - Microsoft product for pushing out patches and configuration changes
- Exploit-DB - site with known exploits
- CVE Search - site that lists known vulnerabilities
- Kali Linux - Linux distro created for the PEN testing community. It has a ton of pre installed network intrusion tools
- Metasploit - Exploit framework used to find and exploit known vulnerabilities
- Nessus - Vulnerability scanner used to find vulnerabilities on hosts/subnets
Certifications
Security+ - Cert offerred by CompTIA. Good if you have less than 5 years of experience
CISSP - One of the most request info sec certs. Requires 5 years of experience to be eligible. This is the cert you
MUST have.
OSCP - All about pen testing. One of the best courses I've taken.
CEH - Highly requested cert for anyone wanting to be involved with pen testing
CISA/CISM - highly requested certis from ISACA. Mostly for folks in the auditing/management side.
If I get some time this weekend, I'll post some links on how to setup a lab to do some pen testing at home. IMO it's easier to understand security concepts and principles once you've successfully compromised a system.
fortune.com
