5 answers
5 answers
Updated
Ashutosh’s Answer
Like Tom said, more than technology, it's about standards. Best to go over industry standard ways to check software security like OWASP.
Also, I have seen the most important security incidents coming in via web, as it's directly open to the public use. That's why I find it useful to know about one of the web technologies that includes browser side rendering such as HTML, Javascript, React or Angular and also server side processing of web components like Java has JSP/Servlets or ASP .NET. Knowing one of these technologies will help understand what web developers can do. It will help a great deal in becoming a software security expert.
Also, I have seen the most important security incidents coming in via web, as it's directly open to the public use. That's why I find it useful to know about one of the web technologies that includes browser side rendering such as HTML, Javascript, React or Angular and also server side processing of web components like Java has JSP/Servlets or ASP .NET. Knowing one of these technologies will help understand what web developers can do. It will help a great deal in becoming a software security expert.
Thank you for taking the time to help.
Samuel
Updated
Tom’s Answer
Samuel,
It is not specific software or languages that you should focus on, but more of standards, application architecture and development techniques in general. As an IT security specialist you need to recognize how things are done and where risks cen exist. If you are familiar with development techniques and overall logic, you can identify what areas are more likely to be attacked and exploited.
It is not specific software or languages that you should focus on, but more of standards, application architecture and development techniques in general. As an IT security specialist you need to recognize how things are done and where risks cen exist. If you are familiar with development techniques and overall logic, you can identify what areas are more likely to be attacked and exploited.
Thank you so much for the advice.
Samuel
Edmond Momartin ☁️
Public Cloud Security & Compliance AT&T | MBA InfoSec | OWASP-LA Board
74
Answers
Updated
Edmond’s Answer
IMO nothing specific, however you should be knowledgeable about operating systems, scripting, how software is written, how it is maintained, standards like OWASP Top 10 (https://owasp.org/www-project-top-ten/). If you lookup the description of the "information security engineer" online you'd get a good idea, but since the title covers a broad spectrum of requirements, you'll notice posted job descriptions vary broadly. So first step is to decide what's interesting to you.
If you're just starting to learn about these topics, it would be really important that you have a good grasp of the fundamentals. More important than programs/software you must understand how the Internet and its underlying networks actually work. A good source is https://www.grc.com/securitynow.htm (scroll down and start from 2005) and listen/read the podcasts.
If you haven't already, do internships. One great resource is the "Students & Recent Graduates Employment Opportunities" page in CISA's website https://www.cisa.gov/students-recent-graduates-employment-opportunities
If you're just starting to learn about these topics, it would be really important that you have a good grasp of the fundamentals. More important than programs/software you must understand how the Internet and its underlying networks actually work. A good source is https://www.grc.com/securitynow.htm (scroll down and start from 2005) and listen/read the podcasts.
If you haven't already, do internships. One great resource is the "Students & Recent Graduates Employment Opportunities" page in CISA's website https://www.cisa.gov/students-recent-graduates-employment-opportunities
Updated
Timothy’s Answer
Usually, a college education in Computer Science focuses on programming, but most cyber security jobs are mainly about network infrastructure. It's a great idea to look into courses in this area and maybe even add certifications like Network+ or Security+ to your skillset. Some technical schools or community colleges that offer certificates might be just as good, or even better, at getting you ready for this field, depending on the institution and local connections. If you can choose which programming languages you learn at your university, I'd suggest going for more scripting languages like Python.