Hey Walter,

I didn't say that my cs degree will make me qualified right now, all I
am asking is what path should I take so that I can get there. I am
looking for a road map.

I don't believe your analogy to debugging is relevant. I like
debugging and I am pretty darn good at it. The reason for me wanting to
switch is the fact that I find computer security very fascinating and
more challanging. It's not that I am looking for an alternate root to
get rid of the frustrations that programming has caused me, in fact it
has been very good to me , never found myself without a job.

So I appreciate your input, however I refuse to believe that it is
impossible for me to make a start in this business, which is sort of
the message you are sending.

So if you have any input as of how to stir towards that path , I would
apprecite it if you could share it.

Regards,
Rob

Walter Roberson wrote:
> In article <1159570351.827554.315340@i42g2000cwa.googlegroups .com>,
> bob <r_stringer66@yahoo.com> wrote:
> >I have become very interested in obtaining a career in the computer
> >security business as a security auditor or security anlyst
>
> >So the question is how does one get started in this field quickly?
>
> > I would think that my computer experience , developing some security
> >releated software and degree in computer science doesnt' make too
> >impossible for me to get my foot through the door.
>
> I don't mean anything personal by this, but I wouldn't hire you
> as a security auditor or security analyst if those were your credentials.
>
> In the security business, your degree in computer science mostly just
> means that you've proven that you're able to pay attention to something
> over a period of years. There isn't much security related in a typical
> computer science degree. if you went in for a math or advanced logic
> theory subspecialty then you might be able to do theoretical security
> work (e.g., cryptography theory, security protocols, formal proofs).
>
> Beyond that... I'd be asking myself "Okay, he has a CS degree... so
> how many unless practices is he going to have to *unlearn* in order
> to be effective at security?"
>
> "Developing some security software"; if you weren't -already- in
> the security business when you developed the software, I'd be wondering
> where you've hidden the bottle of "snake oil". There is so much that
> can wrong in security, and there are so many people who think they've
> developed something fool-proof because they've gotten a concept stuck
> in their head and never even heard of particular kinds of practical
> or theoretical attacks.
>
>
> You're a programmer? Tell me, then, how do you feel about debugging?
> How do you feel about taking someone -else's- badly commented
> and buggy code and figuring out not only what it is -intended- to do,
> but also rewritting it so that it does it, even if that means
> weeks of mechanically adding checks on the return status of every
> library call, including every printf() ? If that kind of work
> frustrates you, you don't have what it takes to implement good
> security -- because good security requires the mindset that
> getting the details right is -important-, that the Land Sharks
> will claim to be a Pizza Delivery if that's what it takes to get
> them through the door.