S
S
Shegan932015-09-12 23:53:10
System administration
Shegan93, 2015-09-12 23:53:10

How to go to security?

Hello.
The situation is this. In the summer he graduated from the specialty "Organization of technology and information protection" (Petersburg).
From the end of the fourth year he got a job as a software engineer, worked with cryptography. I quit in February for a number of reasons, and I just didn’t like programming. He defended his diploma, went on vacation with his family and started looking for a job.
Considering that they don’t want to take on a job without experience in the field of information security (and who will entrust a yesterday’s student with all the security of the company’s IT infrastructure?), I found a job as a specialist in the IT department.
Conventionally, information security can be divided into 3 categories (as I see it): pieces of paper, programming and administration. Administration lay closest to the soul (as a student, it was simply problematic to find a part-time job with a hell of a schedule).
As a matter of fact, a question to respected experts. How do you grow into a security guard? What can you advise to study (the current work allows you to spend several hours a day on self-education)?
I know information security laws, FSTEC regulations, principles of operation of cryptoalgorithms, several programming languages ​​at the middle level, Windows at the administrator level, skills in using Kali Linux, Wireshark, OllyDbg). Theoretical knowledge is in order (red diploma, I just studied, and it was interesting to do it), but the skills are not enough. I am very interested in the field of cryptography/steganography. And most importantly, everyone is interested in the experience, documented. After working for a month, I realized that most of what I know is either of little help in solving the issue (practice is needed) or, in principle, is useless.
I try to look at vacancies related to information security, but, basically, everything is in general terms, for example:
"Ensuring comprehensive information protection in a corporation. Documenting existing business
processes, monitoring, coordinating, risk analysis and searching for vulnerabilities in information systems
secrets
Work on the security of personal data
Regulation of access rights in information systems Management of access rights in various information systems
Writing normative documentation, regulation of business processes
Counteracting the leakage of the source code of information systems Building a system for protecting databases, contacts, information systems, sites
Organization and conduct of internal investigations of information security incidents.
Development of procedures and instructions on information security issues.
Ensuring the development and implementation of identification, authentication and audit mechanisms in existing information systems
Implementation of organizational and technical measures to ensure the security of business processes
Analysis of logs in the DLP system (information leakage protection system)
Participation in projects of the information security department
Risk analysis and security of corporate infrastructure
Development of recommendations to prevent damage and reduce possible financial risks and losses
Carrying out activities aimed at compliance with internal corporate procedures and rules
Consulting and training employees on information security issues "
And it is not clear how to go from administration to information security. Of course, I have antiviruses, there is a backup, a lock system (unfortunately, video surveillance and access control at the security, and the automatic telephone exchange at the engineers), but it seems to me that this is a little different.
They offered to go for an interview at the FSTEC, but wait 4 months for a security check and work for 15 thousand a month - excuse me. I still get no much more (23 on hand), but at least I work, and not just sit.
The dream is to get the position of Security Administrator or Security Officer. What needs to be done so that after working for a year in administration, I do not stay at the start in IS?

Answer the question

In order to leave comments, you need to log in

4 answer(s)
X
xmoonlight, 2015-09-13
@xmoonlight

After working for a month, I realized that most of what I know is either of little help in solving the issue (practice is needed) or, in principle, is useless.
Only by learning to find "holes" in the security system and "gaps" of information leakage in the business process, you can at least somehow protect the entire infrastructure.
And in order to learn this, you need to know how many network protocols work and be able to assess the risks of data disclosure with various algorithms and methods of encryption and hiding.
As they say, the most reliable door is exactly the one whose existence, apart from you, no one else knows.
To get such a vacancy, you can get certified for one of the products of complex protection.

M
mace-ftl, 2015-09-13
@mace-ftl

I'll add a little bit to your classification of information security
1) Information protection
2) Personnel control (ie - obtaining information). I would call it "getting a primary for SB"
Having a tower, you can, of course, do the first part - in the "western" offices this may be quite enough.

T
Timur, 2015-09-24
@faserschreiber

I support Alejandro
Look for an office with a strong information security service, first get a job in the IT department. Or where there is no information security service and convince the authorities that they need it (with you at the head;)))
And the FSTEC is a state organization with all the minuses (and, most likely, a state secret).
If you want to organize a protection system, then you are doing everything right - network administration is exactly what you need to know perfectly well. Plus legislation, not only in the field of information security, but also many legal issues.

A
Alejandro Esquire, 2015-09-13
@A1ejandro

Then you need to work this year in administration in the "right" place.
What do you think is the "right" place to solve your problem?

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question