On Mon, Nov 05, 2001 at 03:49:56PM -0500, Adam Fields wrote: > > So, I ask the following question - "what does it take to be a security > professional?". What should I learn in order to be able to confidently > offer security services to my clients? I'm looking for journals, > readings, certifications, broad topics... the works.
The obvious but serious and important question which is related, "what does it take to be a computer professional?" To which, I think the best place may be to start by a) act like a professional, b) consider joining a professional organization like ACM, IEEE, BCS, etc to help you with a. So what professional groups, certifications, degrees are worth- while for the new security / cryptography professional? I don't have a very good answer for that, and I don't think anyone else has a complete answer either. Professional organizations to be aware of include ISC2 (CISSP certification), SANS (GIAC certs), ISACA, ACM, IEEE, IACR, and others I haven't heard of. The first 3 also (primarily?) offer certification as well. There are many different discplines with computer security: from information system auditing to network intrustion detection to cryptography that most people can only master a small domain and be aware of the other areas. I think that looking at the CISSP certification might be a useful starting point, it also has a value relating to employment and contract work; IT Security Managers and Contractors are decent paid positions. It also provides a wide view of the field so that you can start to realise the range of issues and areas, which you may choose to presue further in greater depth. I think there is also a security engineer role which isn't typically called such, but is also a cross-displinary role which involves the more technical side of software, system, and network developments. I think Ross Anderson's book Security Engineering is the closest thing to a guide for this sort of role. The "periodical" for such a role would be Peter G Neumann's RISKS digest. Understanding what goes wrong is good. As well as understanding the balance of risks and rewards, something security types often overlook. An understanding of risk management, insurance, and statistics would do no professional any harm. For academic courses, check Avi Rubin and Bruce Schneier's lists http://avirubin.com/courses.html http://www.counterpane.com/courses.html Me, I'm still trying to figure this out myself, so far it does not appear to be a great time to shift careers or take a lot of risks. So I would be interested in other suggestions myself. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
