CyberSecurity Institute logo, security training page
CyberSecurity Institute logo, security training page
 
Home    |    Services    |    Client Listing   |   Student Listing   |   Certifications   |    Mailing List  
About Us   |   Documents   |    Customer Comments    |    Contact Us
Digital Forensic Certifications
  CSFA / CSICI
Training Courses
  Computer Forensics Core Competencies
5 Day
  Computer Forensics for Attorneys 1 Day
  Packet Analysis and Intrusion Detection 5 Day
  Computer Forensics Fundamentals 1 Day
  Windows Forensics Essentials 2 Day
Services
  Litigation Support / Expert Witness
  Businesses
  Individuals
Lists
  Mailing List
  Clients
Documents
  The "Tools Proven in Court" Question
  Getting Started In Information Security / Digital Forensics
  What Is Computer Forensics?

 

Created: September 4, 2002

Updated: November 6, 2008

Author: Steve Hailey

You'll hear me say it in the free seminars and talks I give in the Pacific Northwest. You'll hear me say it in my classes. Information security and computer forensics are the skills that will continue to be in demand.

In the 80's as a Computer Specialist for the Department of Defense, we used to joke at how locking up the server hard drives in a safe at the end of our shift was overkill. We used computers and printers that were surrounded by wire mesh so that eavesdropping on these devices was not possible. I remember thinking that the only type of data folks would need to take these extreme measures with would have to belong to the Government. My how things have changed.

Hiring in the Information Technology sector has slowed. Many of you with experience and certifications to boot are having a hard time finding employment. Hiring for information security however has not slowed. If you can wade through the myriad of security certifications out there and select one to go after that's actually worth it's weight, you'll be ahead of the pack, and everything else being equal - more employable.

How does one get started?

I'm taking for granted here that you are new to Information Technology and starting from ground zero. If that's not the case, simply disregard that which does not apply to you. Keep in mind that although we mention certifications throughout this article, college level certificate and degree programs can be just as beneficial. Look for certificate and degree programs however that offer courses of instruction that will help you obtain your certifications in addition to your certificate or degree.

First, you need a strong foundation in the essentials. If you are new to Information Technology, I recommend the A+ and Network+ training at a minimum. The Cisco CCNA class would be a big plus, as well as training in Linux and at least one of the Microsoft server products, such as Windows 2000. For these, I recommend the Linux+ training, and a course such as Implementing Microsoft Windows 2000 Professional and Server.

If you don't already have one, setup a network at home. I recommend that you have at least three computers, at a minimum and go with removable hard drives. While this sounds costly, you'll find some pretty good deals at used computer stores you have in your area. Be inventive. Put an ad in your local paper offering to dispose of old computers for free. You don't need the latest and greatest. Here in the Pacific Northwest, we can find used Pentium's at the Boeing surplus for $100.00 per system. You don't need loads of RAM for these home systems, but I suggest at least 1 GB per system as an absolute minimum.

Why three computers? You'll use one as a client, one as a server, and one as either an intrusion detection system or firewall. The removable hard drives will allow you to switch operating systems around with ease, and will also allow you to familiarize yourself with new operating system versions as they come out. Not very many production systems (the systems people use to do their day to day work) are dual boot systems, although they are convenient in a classroom/learning environment.

You'll want to practice everything you learn in class over and over at home. When you encounter errors and problems, make it a habit of searching for the error message or problem specifics within news groups, search engines, sites such as www.technet.com and www.linux.com. Good trouble-shooters (the kind that always appear to know everything) have the ability to find the information they need quickly.

When you become familiar with setting up systems and getting Windows/Linux to run properly at home, volunteer to setup and maintain networks somewhere. Contact your local United Way chapter or other charitable organization and volunteer as many hours a week as you can spare. You'll be helping out a good cause, and will be racking up hours of real work experience. Volunteer to help your instructor setup and troubleshoot the classroom network as well, if you are taking classes near your home. Please don't tell me you can't find a charity - in Washington state alone, this site should serve as a great starting point. The charities won't come to you - contact them and see what technology related work you can do for them.

I've been telling my students about gaining experience through volunteering now for around three years, and several students have received rave letters of recommendations from the charities they helped. This helped the students to land jobs.

Pass your tests

Take your certification tests before you proceed on with security training. I see too many students "put this off" and they never get around to it. With little or no experience, it will be impossible to get your foot in the door with an entry-level position if you do not have your certs. This is something you must do - make it a priority.

Spread the word

At this point, get your resume out to contract and temporary agencies. These organizations are typically asked to fill the needs of companies that have periodic requirements for increased IT staff due to relocating parts of the company, and/or new operating system rollouts. These types of jobs are worth their weight in gold when it comes to gaining experience. If you've got the right stuff you might even be offered a full-time position.

Training

Now you are ready for some security training - but which classes should you take? Currently, I recommend the Security+ course to start with, then the Security Certified Program. Shy away from vendor specific training until you have the "big picture" when it comes to information security. The SANS courses are some of the best, but can be cost prohibitive, and are not offered everywhere. Please - don't take online or computer based training to earn your security credentials unless you are already a seasoned IT professional. As a prospective employer, I want to see proof of your training and experience. I can't take the chance with my data and security - sorry. The Security Certified Program is a well-rounded course of instruction that will give you enough information for a solid foothold in the world of Information Security. As well, many colleges are now offering certificate programs or degrees that use some of the certification course materials - this is a plus.

I also recommend the CIW Security course which is shorter than the Security Certified Program courses. If you cannot afford the SCP courses right away, take the CIW Foundations and the CIW Security Professional. You might be able to self-study for the CIW Foundations test as well, but you'll need this before you will be awarded the CIW Security Professional designation. In all cases, start out with the Comptia Security+ course first, or some type of "Introduction to Information Security" course.

If you are taking information security courses at a college, working towards a certificate or degree, make sure your training covers the ten security domains:

Access Control Systems & Methodology
Applications & Systems Development
Business Continuity Planning
Cryptography
Law, Investigation & Ethics
Operations Security
Physical Security
Security Architecture & Models
Security Management Practices
Telecommunications, Network & Internet Security

Yes folks - being an information security professional requires knowing a bit more than how to setup a firewall or virtual private network.

Keep in mind that eventually you'll want to shoot for the CISSP certification. Some folks will disagree with me on this one. Regardless, the CISSP certification is the Daddy of all information security certifications, and many information security jobs require it. My advice is to start preparing for it now instead of bucking it.

For your beginning computer forensics training, you'll obviously want to take that from us. Seriously, our program is good and so is the training offered by many other institutions as well. We strongly suggest that whatever training you take includes instruction on using manual forensic methods as well as automated. We want to stress that being able to recover and extract data from a computer system using sound forensic methods is but one part of computer forensics. Properly interpreting the data you recover or extract is the most important - we cannot overemphasize this point. We can show you how to recover and extract data in a matter of hours. If you cannot properly interpret what you have, you have no business representing your findings, and you certainly have no business advising a lawyer or member of law enforcement.

Shopping for your instructor

A good instructor is important for your success. With so many folks hanging out a shingle and offering security and computer forensics training, whom do you pick? My advice is to interview prospective instructors. Hey, you're paying good money for the instruction. Treat this as any other major purchase you would make such as a car or home.

If you are interested in computer forensics, you should look for an instructor that actually does work as a computer forensic examiner and/or expert technical witness. Sorry folks, merely picking up a book on the topic and running through a few exercises does not show mastery. At the very least, find an instructor that has been trained by someone that does do this type of work for real - not just in the classroom. My computer forensics students have the opportunity to work with me on real cases. This does a world of good for their resumes and confidence level.

Ask questions such as:

How many years of information technology experience do you have?

How many years of security and/or computer forensics experience do you have? Can you give me specific examples of when you worked in an information security or computer forensics capacity?

How many times have you instructed the classes I'm interested in?

Do you currently do any security and/or computer forensics work outside of teaching?

Are you a member of any security/computer forensics related organizations?

Which security specific certifications do you possess?

Can you provide me with any student references?

Will you be willing to answer questions from me after class is completed?

You get the point. Be your own judge. If an instructor does not want to answer these questions, or will not give you a straight answer, move on.

Don't be a sucker

Understand that we instructors are also salesmen/saleswomen. We make money when you take our classes. There are an unscrupulous few that will try to sell you classes that have little or no value in helping you to get your foot in the door or perhaps advance your existing career. Understand that you don't need every single certification available. A new certification and all of the hoopla that goes along with it might make you think you need it now to maintain the edge. Give it time, see what other people have to say about it, and ask people that have taken the training if it really helped them. Also, see how many employers start to ask for or require the certification..

Do your own research. Conduct searches on job listing type of Web sites (Monster.com) as well as the help wanted sections of newspapers that are online. Use keywords related to the training you are thinking about taking, such as:

computer security
computer forensics
networking
incident response

Take advice from those that have actually done, not just taught. If this doesn't make sense, see the section on interviewing your instructor. If someone tells you to take this this or that type of training because it can lead to employment, ask them to show you their information sources, or what they are basing their statements on.

Prices

Usually when it comes to training, you get what you pay for. You'll run into situations where the same class is offered for half the price somewhere else. I'll refer you back to interviewing your instructor. In most cases, you'll find the higher priced classes have more stringent experience requirements for the instructors, and that the instructors can therefore command a higher wage - thus the higher price. Also, physically checkout the training location. Are the classrooms well equipped? Will you be learning on modern equipment, or old equipment that was donated? You get the picture.

Also, look for schools that have "open lab" time were you could come in and get additional hands on. A school that offers a free retake of the entire course or a portion thereof is a big plus as well. Regardless of the instructor and your eagerness to learn, certification courses can be like trying to drink water out of a fire hose. You might need some additional exposure to feel comfortable with the subject matter.

Getting the most from your training

During your training, you'll want to repeat as many labs as you can at home with your network. If you need advice on setting this up, ask your instructor. You'll need to be dedicated to the task at hand. Review any additional materials your instructor recommends. Conduct searches yourself on the Web related to the material being covered in class. Become an expert at finding information this way. No one knows every piece of information related to security, but professionals know where the good sources of information are. You'll need to keep yourself updated on current security issues and exploits. It's going to take work. Ask your instructor about recommended Web sites to visit and newsletters to subscribe to.

Now what?

Pass your security certification tests and update your resume. Get your updated resume out to your local contract and temporary agencies. Ask your instructor if you can be a "free" assistant for the security and computer forensics classes you've already taken. If you've done well in class and have good people skills, this opportunity might be available to you.

Perform free vulnerability assessments for companies in your area. If you are unsure of particular points such as the forms to get your clients to sign, ask your instructor for help. Team up with other students and perform these vulnerability assessments as a group. Also, talk to your instructor for pointers on obtaining liability insurance before a vulnerability assessment is conducted.

Get to know people that actively work in the security industry. Volunteer your time to help them. Join local security related organizations and attend meetings.

If your instructor does computer forensics work, you might be able to assist them on actual cases. With permission from the retaining attorney or client, and your signature on a few forms, this should not be a problem.

Additional study material

Man, there are a lot of security books out there now. Some are really good, some are copy cat's of the last guy's/gal's book. Many deal with hacker exploits, and are "cool" but have little information pertaining to what is needed in order to protect your network. Ask your instructor for additional resources. He or She should have many additional resources for you. I depend on information that is largely free from various Web sites. Just a few of my favorites:

CERT
NIST
NSA
Information Security Magazine
SANS Reading Room
SecurityFocus

You can drive yourself crazy trying to keep up to date with all of the information on all of the security related sites out there. There is much redundancy between sites. Select a few that seem to cover most security issues and are updated frequently. Once again, ask your instructor about the sites he/she depends on to stay updated.

A prediction

Our government's work on Homeland Security - specifically Cyber Security is in its infancy. Many people are speculating on what the future will hold for both government assistance and expenditures in this area. Unfortunately, some companies will need to be hit hard by hackers or illicit activity taking place on their networks before they put any serious money towards security.

I foresee an ever-increasing need for qualified security and computer forensics professionals. I see no end in sight. Computer and networking skills no longer suffice by themselves. Even if your job is not security specific, companies want to know that you can protect their data. They want to know that you are thinking about security when you configure that server, workstation, or router.

Get your security training now and be ahead of the pack. We haven't seen the real "rush" for security professionals yet - that's a few years down the road. In today's economy and job market, I believe the key to getting noticed and landing that job is setting yourself apart from everyone else. Get training in information security and computer forensics - you won't be sorry.

In closing

What I've outlined here is a good start. Becoming a security professional or computer forensics practitioner takes hard work and dedication. I wish all of you the best as you gain the skills needed to launch your careers. Once again, set yourself apart from the pack. Security and computer forensics training will give you the skills that will get you noticed.

Feel free to contact me If I can be of assistance, or if you have specific questions.

Steve Hailey
Legal Stuff | Privacy Policy | Contact Us
Copyright © 1999-2005 SP Hailey Enterprises all rights reserved. Reproduction in whole or in part in any form or medium without the expressed written permission of SP Hailey Enterprises is prohibited. CyberSecurity Institute™, CyberSecurity Institute Certified Instructor (CSICI)™, CyberSecurity Forensic Analyst (CSFA)™, Computer Forensics Core Competencies™are trademarks used by SP Hailey Enterprises.