Topic created on: November 3, 2006 13:31 CST by
remc 
.
Hello everyone,
I'm computer science student with a big interest in security research and thus registered to this forum. Currently I'm orientating myself in the field of security researching/consulting and have some questions that I would like to be answered by someone from the field. I hope you can help me out. Here are the questions:
-How does a common day at work looks like?
-How did you got interested in security research?
-How did you came in contact with your current employer.
-How did you learn to find security problems? Are you self taught or did you followed courses?
-How is the market for security researchers?
-I'm currently in my Bachelor phase and have to choose a Master soon, do you have any advise regarding a Master with respect to security research?
-What did you studied, and does it help you in your daily work?
-Do you have any other advise or tips to become a security researcher/consultant?
Many thanks,
Remco
Common Day:
Does not exist at least has never existed for me. My routine is more typical - arrive at work, catch up as quickly as humanly possible on the goings on in the world of security (ie, read this site and a few others.) Then, I start diving into work which generally lasts 8-9 hours. I go home, repeat the process.
Interest:
Well, that is a bit of a deep dark question, likely for a lot of us here. I would say copy protections fascinated me along with my unfortunate inability to appropriately be allowed to utilize certain systems and we shall leave it at that.
Current employer:
They found me. The community is a bit interesting, at least in the US. Once you work in it long enough, your name can become a bit of a business card in and of itself. A solid reputation is worth its' weight in gold.
Learning:
Self-taught which is to say I was motivated to learn by the information I found from others. Some of it comes naturally, I would say a vast majority of the best folks in the security field (and frankly computer science / math / science / and engineering in general) have an uncanny ability with regards to patterns and the quick recognition of patterns. Some folks can simply look at a data flow (say tcpdump) and notice something is amiss.
Market:
Like any other market - it depends on your geographical location, skillset, and ability to sell yourself appropriately. It is a niche market and as such is a close knit community, so it is not ripe with thousands of available positions.
Degree Seeking:
I would say something in the arena of pattern recognition, machine learning, and or graph theory would all be immediately applicable to security in some form or fashion.
My Degree:
I hold a bachelors in computer science (with an effective minor in mathematics as I am only a few classes short of a major - sadly time and money were just not there to allow me to complete it...) from a very well regarded and ultra-small university in the United States. As with a lot of folks, I need to move my posterior and get a Masters degree sooner rather than later for my own edification. I would say my studies help me a lot, but more often than not the handful of electrical engineering classes I managed to squeeze in help me more in my day-to-day routine than anything else, save mathematics.
Advice:
Sit back, read, learn. The absolute only way to learn this field is to stop immediately and realize there is an untold amount of information you will just never know. Accept that fact and then begin moving on with understanding all that crosses your path. (Of course, I take the stance this is applicable to all careers!) Read OpenRCE, read other forums, participate appropriately. Security research is very much a respect driven field and again, your reputation means everything. Above all, see if you enjoy the work, if you do not enjoy it, the hours of learning will be torture.
Hopefully this will help. Of course, this is my small view of the world as I have seen it over the years. There are a lot of other folks here with far more knowledge, years of experience than I and I for one am grateful for that fact as they provide me with an amazing resource to help further my knowledge of any given topic.
Aaron
|
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}