Perdon aqui esta sin faltas ortograficas
Is Education Important?
Is a formal education important? This question gets asked ah the time of INFOSEC professionals. The answer will depend on who you ask. Some of the best INFOSEC professionals out there have never seen the inside of a college classroom. These people will tell you that education isn’t important. However, seeking the sane question of someone with a Masters of Science in Information Security will bring a completely different answer. So who should you believe? No single factor education, experience, reputation, or anything else, is going to get you the job you are looking for. Rather, a combination of all of these factors is going to be required. Let’s look at each of these.
This is probably the hardest to get. That’s why you bought this book in the first place so you can get a job in INFOSEC and get some experience. The problem with experience is the same in INFOSEC as it is in any other field. Every employer wants it, but few employers want to be the one to help you get it if you don’t already have it. Remember though, you are a hacker. You have been finding ways around things most of your life. It’s time to apply those principles to your job hunt. Remember, formal experience is not the only type of experience employers look at. Volunteer experience also looks great on a resume, and almost every type of organization in your area uses some form of information technology schools, churches, Girl or Boy Scout groups you name it. They are all great places to volunteer your time and talents. Contact the school board and let them know that you are pursuing a career in Information Security and that you would like to volunteer your services at a local high school. Since this puts you around kids, which tends to make some people nervous, you will have better luck if you know someone on the board or at a specific school who can recommend you (hey. . . that goes back to that networking thing we talked about). Churches on the other hand are usually much more receptive to any type of volunteer help they can get. Be creative; find an organization in your area that will let you practice your trade while building real world experience. Don’t be discouraged if the first few places you try don’t show much interest. Keep plugging away. You have a valuable skill, and there is someone out there who will let you use it.
Your reputation is gold. Well, you hope it’s gold anyway. If you have a good reputation in the user group community or in the community where you live, it will carry you a long way. If a prospective employer searches for your name on Google (yes, they actually do this) and finds three or four presentations at a local hacker group, and several well written, informative posts on INFOSEC message boards or mailing lists (more on those later), they are likely to be impressed. This both increases your chances of getting an interview and increases their opinion of you before you even set foot in the door. If, on the other hand, they search for your name and find a string of poorly written, abusive posts, several pictures your college roommate took of you passed out with your pants around your ankles, and a bunch of questions posted to message boards that could have been answered with a cursory Google search…well, odds are you aren’t going to be called in for an interview. These are all factors in your reputation.
Sell Your Skillz.
Keep Your Nose Clean
Most of us have heard stories of attackers that get arrested for compromising a network, get a couple of years in jail, and then come out to six figure salaries and instant fame. Does this mean the best way to improve your odds of getting that dream job is to get arrested? Absolutely not. If there is one mistake you can make that will, in all likelihood, sink your chances of securing a job in the INFOSEC field, it is the mistake of getting arrested for committing a computer crime. For every Kevin Mitnick or Kevin Poulsen that has turned jail time into a promising INFOSEC career, there are ten Brian Salcedos or Adam Botbyls (Google them). Committing computer crimes, and more specifically, getting arrested and/or convicted for committing computer crimes is a surefire way to end your INFOSEC career before it begins.
Prospective employers will run a background check on you. Few reputable employers will consider you if you have a criminal record, and working for the government is out of the question. You can possibly open your own business, but who will want to hire you?
Curiosity is a huge part of the hacker mentality. This curiosity is what drives the skills that you have. Set up a network at home and come up with a hundred different ways to compromise your systems. Once you cross the line, though, and access computer resources that you are not authorized on, it is just a short time until your fledgling INFOSEC career comes to a screeching halt.
That brings us back to education. Is formal education necessary? Maybe not. Is it a definite way to increase the likelihood that you will be able to break into the INFOSEC field? It sure is. You’ve probably heard people talking about not needing a college degree because college has nothing to teach them. Maybe. Maybe not. The fact is, a college degree does more than demonstrate what you have learned. It demonstrates to a prospective employer that you have the ability to stick to a task and see it through for an extended period of time. Most bachelor’s degrees take at least four years to complete. Many projects that you will work on in the INFOSEC field are long term. Just having the degree tells a prospective employer that he can count on you to stay the course.
Setting aside the benefit of demonstrated tenacity for a minute, look at your decision to obtain a degree a different way. Think of it from a purely selfish standpoint. Many INFOSEC jobs, in fact, many IT jobs in general, require a college degree. Without obtaining a degree you may not make it past the Human Resource (HR) resume screeners to even get an interview HP. people don’t usually have an understanding of the specific job duties they are recruiting for. They have a list of requirements’ they look for. A college degree is often one of these requirements. When these people look at your resume and see no experience and no degree, well…you get the picture.
Tomado de Syngress, Infosec Career Hacking Sell Your Skillz Not Your Soul (2005)
Un exelentisimo libro
Que tal? me hubiera gustado tener este libro antes de meter la pata!!!
Si existe algun error ortografico me avisan! buena lectura les recomiendo