The talk just before mine at Derbycon this year covered some ideas. I didn't watch the whole talk but it seemed pretty good.
http://www.irongeek.com/i.php?page=videos/derbycon4/t207-attack-paths-breaking-into-infosec-from-it-or-other-totally-different-fields-eve-adams-and-johnny-xmas From: [email protected] [mailto:[email protected]] On Behalf Of Heaton, Joseph@Wildlife Sent: Thursday, October 16, 2014 9:54 AM To: NT System Admin Issues Discussion list Subject: [NTSysADM] Security training There's a new position being created in my organization that is "supposed" to be an infosec type of position. My manager had told me to look into CISSP training/certification. I know that's the pinnacle, and beyond the normal day-to-day stuff of being a systems administrator, working with a Windows domain, etc, I don't have a lot of hands-on in the trenches type of experience with security like I think they look for at that level. But, I was thinking that the SSCP may be a good way to get my feet wet, and start working towards CISSP. Any thoughts/advice/tips on that idea? I've been working with networks since 1999, was CNE for Intranetware 4.11, and upgraded that to 5, but haven't touched Novell since. I was MCSE for NT4, and never upgraded certs after that. I've worked with Microsoft products from NT4 and up, we're currently upgrading our servers to 2012R2 now. I've been the one-man shop, doing networking, and servers, and I've been part of a team doing just servers. Anyway, I'm going to keep digging into requirements, etc, and looking for training materials, so if anyone has thoughts on that stuff as well, I'd be very appreciative. Thanks, Joe Heaton Enterprise Server Support Information Technology Operations Branch Data and Technology Division CA Department of Fish and Wildlife 1807 13th Street, Suite 201 Sacramento, CA 95811 Desk: (916) 323-1284
