Educause Security Discussion mailing list archives
Re: Training advice
From: David Lundy <dlundy () PACIFIC EDU>
Date: Mon, 18 Jun 2007 13:48:19 -0700
Teresa: Having been in a similar situation myself, I believe the most important thing is to start learning to think strategically. I, too, come from a background of server administration and have taught networking. But what I found is that security can be overwhelming, and techies (like me) tend to focus on the trees and not to forest. I think a good starting point for an educationally oriented broader overview is the Educause page: https://wiki.internet2.edu/confluence/display/secguide/Effective+IT+Secu rity+Practices+and+Solutions+Guide and start thinking of risk, and focusing efforts at protecting the systems according to their risk to the organization. The more limited your resources, the more you need to focus those limited resources on the greatest risk. That is particularly true as I have experienced in a one person shop. The CISSP exam covers broad domains of security. You should look at those domains to see if there are areas you to need to focus on whether or not you are interested in the cert. A good site for information on CISSP topics and review is http://www.cccure.org/. Also, the SANS courses have been already recommended and are excellent. The education hosted sessions come at a substantial discount. But SANS needs a small number of volunteers to assist with their training. This brings a major discount as well if accepted as a volunteer. These tend to be technically focused and should be chosen once you determine what is most at risk and what will help you mitigate that risk. My experience in a one person shop is there is little time for forensics. Making sure that good policies are developed and user training is in place is important. The more good policies you have concerning server hardening, business impact analysis of new applications, desktop security, and the like, the less time you will need to spend on them and the more you can spend on other areas of security. My recommendation is start thinking of how to development an overall security plan and deemphasize specific technical training until you have that plan. Do you have procedures for handing DMCA notices? Do you have PCI Icredit card) security issues? There are any number of issues and they can't really be tackled until you have a plan. One of the things that helped me was getting involved with the local chapter of ISSA. The support I got from people who shared my concerns even if they did not understand the educational culture, was great. There is a chapter in Bentonville I understand. You may be able to build relationships with security people at colleges and universities in Little Rock. I have been an acting IT security officer for a couple of years. We just hired an IT security officer and I am getting a chance to be more techie again. I did not get the full position because I was not able to focus sufficiently on the strategic issues while doing the technical side. Fortunately he is a great boss and is taking much of the planning, regulatory and policy burden from me which is allowing me to develop server standards and to pursue tools like tripwire, snort, nessus, log analysis and a look at SIEM, possibilities which time hasn't allowed. I am getting back to being a techie. But if your situation is like mine was in a one person shop, you may have to do some non-techie planning to make your techie hours effective. There are those of us who have "been there, done that". That is what this list is for. Good luck! Dave ------------------------------------------------ David Lundy Assistant IT Security Officer University of the Pacific Stockton, CA 95211 Email: dlundy () pacific edu Voice: 209-946-3951 Fax: 209-946-2898 ________________________________ From: Vanderbilt, Teresa [mailto:tvanderb () OZARKS EDU] Sent: Monday, June 18, 2007 12:02 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Training advice I recently stepped into the title of Security Manager. We're a small school and this is a new position for us. I'd only maintained the servers, switches and firewalls before. I have no one to mentor me and very little budget for training. I can spend approximately $3-5K on formal training this year. I was thinking of a good online class so all the money goes toward training rather than hotels and travel. Until now, everything I've learned has been mostly on my own; although I recently attended Pentration Testing Training. What other training, both formal and informal, would benefit me and my school the most? I've been thinking of CCNA and I would like to learn how to use Snort since it's free. Will CCNA be beneficial or should I buy a good beginners book on Snort. Am I way off the mark for what I need to study? I need to get up to speed quickly and can't afford to guess at what I need. Please help. Thanks in advance, Teresa Vanderbilt University of the Ozarks
Current thread:
- Training advice Vanderbilt, Teresa (Jun 18)
- <Possible follow-ups>
- Re: Training advice Ken Connelly (Jun 18)
- Re: Training advice John Piercy (Jun 18)
- Re: Training advice Vanderbilt, Teresa (Jun 18)
- Re: Training advice Brad Judy (Jun 18)
- Re: Training advice Vanderbilt, Teresa (Jun 18)
- Re: Training advice Jim Dillon (Jun 18)
- Re: Training advice Sarah Stevens (Jun 18)
- Re: Training advice Vanderbilt, Teresa (Jun 18)
- Re: Training advice David Lundy (Jun 18)
- Re: Training advice Pat Wilson (Jun 18)
- Re: Training advice Paul Keser (Jun 18)
- Re: Training advice Vanderbilt, Teresa (Jun 18)
- Re: Training advice Bob Ono (Jun 21)
- Re: Training advice Paul Keser (Jun 21)
- Re: Training advice David Lundy (Jun 21)
- Re: Training advice Theresa Semmens (Jun 21)
- Re: Training advice Bob Ono (Jun 21)
- Re: Training advice Paul Keser (Jun 21)
- Re: Training advice Jarrod Millman (Jun 22)