Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a general security question. Its not related to any OS but about the security field. I would like to know the following.
Whats it like? What is a typical day like?
How did you get your job?
What is the best way to get into the field?
I was told by the head of security of the University I worked for that the security guy has all the responsibility but none of the power. He made it sound like he could recommend a policy that the higher ups don't want to enforced. So it doesn't get enforced. If that is the case I think I will stick with being an admin. Any help you all can provide would be great.
Every company is somewhat different, but what you describe is generally the case. Security is almost like hardware to a system admin. It has costs associated for the company. Just as you have to get approval to purchase items that exceed some value, security practices need approval because they cost the company time and/or money. The security guy's job is not to assume risk on behalf of the company, but rather to identify issues and determine if correcting them is cost effective (like creating a proposal for a hardware upgrade). Where a correction isn't cost effective, a risk mitigation strategy needs to be developed.
In both cases (admin/security), a better knowledge of the business is very useful. The more you understand the realities of cost/benefit/risk to the organization, and the better you document the practices, procedures and issues, the more your executives will trust your recommendations. At some point, that trust can translate to responsibility - you get to make the decision, without approval. At that point, your documentation with clear and concise communication becomes more important. It covers you when things go bad (and they will).
So you are saying some type of business degree/experience would help me get in the field. I have a BS in Information Engineering. I was thinking of a MBA. I would like to do penetration testing but I think that is a rare job.
Whether an MBA is useful depends on your company and you as an individual. The issues that drive your business are not that hard to understand. Look beyond the scope of your job, and understand the jobs of those around you.
If your company allows it, rotate through as many positions as you can. Make sure you have up-front agreements on time frames; you don't want to be dead-ended in a role you don't want. Tier 1/2/3 support, project management, team leader - as many in your surrounding areas as feasible. The more exposure you have, the more you understand, the more you see. And more importantly, the more you are seen.
When you decide to rotate into security (or any other position), you will have the support, trust and respect of those in the surrounding areas. You will be able to make better decisions, because you will better understand the impacts of those decisions. You also become a very valuable employee.
It's not for everyone. Most people are happy with collecting their paycheck, and doing their thing. To me, work was 33-60% of my life; I aimed to make it as rewarding as possible.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.