Breaking into Security

This blogging thing is harder than it seems - the what to write, the time to write. I came across another interesting blog post from Krebs on Security,  who interviewed Thomas Ptackek, founder of Matasano Security, on how to get into the field of computer security. As this is precisely my intent, I gave it a quick read through and thought to post a to-do for myself.

  1. Learn how to program. Plugging away with Ruby. Get dabbling in Python and C.

  2. Set up a home lab for experimenting_. Done._

  3. Install an old version of Wordpress on a VM.

  4. Use WebScarab or Burp Suite on your ancient Wordpress site.

  5. The best jobs in the field are in application security.

  6. Position yourself near custom software development or get a role in QA.

  7. Find opportunities to practice in your job.

This is exciting and encouraging! And because I'm already started on a couple of these things, I'm well on my way. Thanks Brian Krebs and Thomas Ptacek!

By the way, the careers page of Matasano security is awesome as far as what to expect when interviewing for a pen testing job.