Knowledge & Skills Needed To Be A Systems Security Professional
Computer security is fast becoming one of the top priorities in modern business. With data breaches, ransomware and all manner of viruses and other hazards seemingly being announced on an almost-daily basis, it seems little time can pass without the need for better security becoming a major topic of discussion.
Precisely how to get better at computer security, on the other hand, is more frequently a topic of either uninformed disagreement or outright ignorance. It’s not that computer security is particularly complicated, it’s that hardening systems and keeping them safe from attackers requires leadership and a lot of hard work.
If a person wanted to become a digital security expert, how might they go about it? An important subject, to be sure, because we need well-trained experts at every level. Here are some things to consider.
Enterprise Platforms and Languages
Computer security requires extensive knowledge of the systems upon which software is developed and deployed. This means anyone interested in truly understanding the “why” of computer security must become conversant with enterprise-class platforms and development, and spend a considerable portion of their time on the server side of the network.
A good place to start for most would be the Berkeley Software Distribution. BSD is a descendant of the original Bell Labs UNIX and has been a bellwether for PC security practices for many decades. As a UNIX derivative, BSD shares many of the familiar utilities, software and philosophies of Kernighan and Ritchie’s famous C programming language and the operating system written to run it.
Learning to code on platforms like UNIX presents far fewer obstacles than systems like OS X and Windows. Some of the best learning languages, like Python for scripting and Java for server-side commercial development, were originally invented on UNIX or UNIX-like platforms. Each language teaches a different concept. When the knowledge gained through mastery of these languages is applied to C and the basics of operating systems, new insights emerge. Those insights form the basis for learning the “why” of computer security.
Knowledge of best development practices, software and the concepts behind platforms like BSD, OS X, Android and Linux are vital to anyone seeking to build a viable foundation for future learning. UNIX is a lifelong vocation, as it and Linux represent essentially the entire history of microcomputer operating systems development from the early 1970s to date.
Almost all current security practices, whether they are casual in nature, like basic logins and account management for web sites, or mission critical like those at a financial institution or scientific lab, rely on encryption of some kind. The venerable secure sockets layer developed for the world wide web and its descendant Transport Layer Security both use sophisticated encryption architectures to make certain network connections are safe from being intercepted by third parties.
Basics like symmetric cryptography, public-key encryption and essential authentication practices are crucial areas of study for anyone seeking to secure data, network connections, server systems or hardware. The entire field of bioinformatics and the emerging science of blockchain technology are both entirely dependent on technical people who understand why cryptography works the way it does and how it can be used to advance our knowledge of best security practices for both personal and commercial computer systems and mobile devices.
Networks and Protocols
It would probably shock most people to learn there are likely many thousands of accomplished developers capable of writing advanced software who do not understand the basic network protocols of the Internet. They are certainly aware of how they work, but if asked to sit down and configure a basic firewall without instructions or a vastly simplified graphical interface, they would be at a loss.
It goes without saying that computer networks are a necessary field of knowledge for anyone interested in developing a career or academic course of study in computer security. If a system could be submerged in cement and dropped to the bottom of the ocean, it stands to reason that machine would be rather secure. In practice, however, nearly any useful computer must at some point connect to a network, and where there is a network connection, there is the danger, however slight, of a security hazard.
By taking advantage of opportunities like cissp online training, a future professional could acquire a combination of knowledge in the fields of cryptography and networking. This stands as one of the most powerful strategies in becoming a recognized expert. The reason? Such a person has the necessary knowledge and experience to synthesize the best practices of both technologies and to adapt that synthesis to fit a wide variety of use cases. Businesses will be clamoring for this kind of expertise in the future, and the person who learns it well can likely write their own destiny with the paycheck to match.
None of this should be taken to mean computer security is a simple subject. As advanced as our knowledge becomes, the ability to defeat even the best security measures is always within reach for the most dedicated attackers. Network security and encryption are fast moving targets, to be sure, which is why anyone dedicated to establishing themselves as a specialist in those fields must be prepared for a career of constant study.
The key to maintaining the safety of our information systems and our networks is in the continual progress of our knowledge and the development of new and innovative breakthroughs based on a strong foundation of technical fundamentals.