As stated in my first post, I graduated from college with an Information Assurance degree in May 2011. I promptly got hired on full-time at the job I had been interning with. It's a good job, but a small company so I'm the only "security" person. This can be good, being thrown into the fire and learning on the go...however, it can also be bad. Sometimes I wish I was on a team of security professionals, or had a sort of mentor to pick their brain and learn from their experiences.
One difficult spot I've found myself in, is how to transfer all my knowledge from college into my job. As colleges do, I was made to be "well-rounded". This means I was given lots of theoretical knowledge on information security, and lots of history. However, there just isn't time to get into too much technical detail. This leaves me trying to play catch-up, and learn that on my own while attempting to also do it at work. I was not the kid that spend all his time on my computer honing my skills when I was in college, which may have put me behind to begin with. I was heavily involved in the music program, as well as worked 30 hours per week to be able to pay rent. I've never had the free time to hone my skills like I would like, until now, when I'm out of college.
With security, theres SOOO much information that I'm really just struggling at getting myself organized and where to start. There's tons of books, tons of online articles, tons of videos...theres almost too much information. I don't know whether I should try to go through and learn a little bit about everything, such as learn a little about web app security, sql injection, perimeter defense, firewalls, database security, linux security, windows security, forensics, programming...etc. Another approach is that I could focus on an area for awhile...so, I could learn and practice SQL injection for a month...then move on to the next topic. Lastly, I could go about it by the tools I use...for instance I could learn as much as I could about Metasploit...then move to the next tool.
Knowing how to organize my "professional studying" to truly improve my value and move up in my career has proven to be quite difficult. I spend so much time trying to decide what to do, that I never get anything done. I'll start reading a book, get through about 50 pages, then switch to something else thinking it will help more.
If anyone reads this and has any good ideas or experiences, please let me know. I'd love any feedback!
One thing I can personally relate this to is drumming. I've been playing drums most of my life. I had my "woodshedding" years, in high school and college, where I worked on technique so much that now its second nature and I can essentially perform whatever I can come up with. This is where I want to be with security...its just a bit more of an abstract art.
No comments:
Post a Comment