Sorry I didnt know where else to post this...
This is a question for any security professionals who might frequent these pages...
how does one go about getting into area or whats the best way to go about it?
I work in IT and have always had an interest in IT security and would like to start working with it more only I dont have much experience.
I guess the best way to get started is to start working in it but for that you probably need experience...
Other than that I was planning on setting up a home network of different OS´s to learn about the different ways to secure and harden different OS´s.
I guess for the time being I could ask in my own company if its possible to get into more security oriented role too.
anyway any help or advice would be appreciated
Security can cover several areas. Do you want to protect perimeters using firewalls, etc.? Do you want to protect systems by locking down operating systems? Do you want to protect files by managing security to file systems like NTFS?
What you outlined in your posts sounds like a good start. If your current employer will let you get some experience, that will help you a lot.
As the other posters have mentioned there are a lot of fields that security covers.
Infrastructure (network hardware)
Network Monitoring/Protecting (hardware/software)
System Security (hard-drive encryption)
Operating System Hardening (AAA [Authentication, Authorization, Accounting])
Many many more...
Pretty much, you can implement security into any IT project including web-development, any application development, OS deployment/administration, Netw equipment deployment/administration.
Study for and pass the Security+ exam to give yourself a very broad aspect of what all is included in the security field. Afterwards, decide where your strengths are strongest. (ie: mine is in network infrastructure), and look for a way to implement security in that area at your current job. Use a couple of VMs and create a Virtual Network and practice/enhance your security knowledge.
Good luck, have fun, and remember be responsible. Security can be a double-edge sword. Be sure to keep everything ethical, especially if you want to be able to get into the security field. If your integrity is questionable good luck getting in!
In that case I would start at the very foundation. Learn the computer hardware/software. A great way for this is by going for your A+. Next, go for the Net+, Linux+, Sec+, and finally CEH (certified ethical hacker).
I encourage you to go after these certs just b/c they never expire and b/c employers like to see certs, especially if you want to head into the consulting industry. However, experience always pay more than any cert/degree that you may earn, therefore, just be sure that you understand what is required within the domains of each cert and experiment like crazy with your VMs.
Again good luck and have fun.
BTW: I followed your link and I downloaded all of the chapters to the Security Engineer book. Thanks for the reference.
dont thank me Minty thank the author for distributing his book for free!