How to be a security Professional " part 1 " You just graduated from high school. You've spent the summer in residence on your parents' couch. You don't write particularly well, and you balk at supervision. What are you going to do? You check out the classifieds. You could be a car salesman at Pohanka Chevrolet. You could try to qualify as a construction superintendent, overseeing large commercial projects for a drywall contractor. Then there's the vacancy for a "vet kennel attendant". No wonder you're not picking up that phone. Those jobs involve a lot of things you don't want to deal with: uppity customers, manual labor, dog shit. You need something more suited to your disposition. We have just the fit for you: The Computer security industry. For years Government officials have been preaching about computer security initiatives. Theyve created an entire industry and they are still lacking adequet support for their networks. Theyve pitched the computer security field as a noble calling, a chance to learn the inner secrets of the dark underside of computers and make the world a safer place from hackers. In official computer security certification documentation its notes that the Computer security field is always looking for people with integrity discipline and drive, It takes people who are true problems solvers, people who want to make a difference in the computers of others. DONT LET THE HYPE FOOL YOU: it takes neither integrity, discipline, nor drive to work in the computer security industry. ITs a job that will connect all your favorite passtimes, Sitting around, eating, pretending your in touch with the deep dark underworld of the net, bullying people, writing incomplete sentances, looking at cool computer type stuff, reading random mailing list posts, posting to random mailing lists. After years of research and development It has become apparent that computer security is the easiest job currently out there. Here in the the ISS official guide to BEING A REAL COMPUTER SECURITY PROFESSIONAL, we tell you how you can have it all. Now you might be thinking, man gee, dont i need to know all this hard computer stuff to be a security professional. NO!, not at all, look at the dozens and dozens of mindless idiots ISS and the computer security industry have propelled into the workforce. Do you honestly think bronc-buster knows more then you do? Because of our, and other industry lobbying groups having already have spread the word, noone knows what computer security is, and why they should really be afraid, they just know that there supposed to be. Armed with this knoweledge you can get away with not knowing anything at all in the workplace. Just make up an answer, scare your boss we didint know what we were talking about just 2 years ago and now look, what we say has become true, because thats what we told everybody. Try it out it really works. Being a computer security professional means you can never really get fired, because when they start laying off people, they will have to keep you on board out of fear of disgruntled workers ' you can thank chris for that one ;) ' Stress-Free Work enviroment: Its a well known fact that if your on the internet, your going to get broken into, this point has been reiterated so many times everyone knows it, chances are your boss has heard it too, Your not really hired to protect the network your just hired to watch it in case something happens. Of course there are SOME security people who actually try an secure their networks but remeber the key phrase " IF ITS CONNECTED ITS GOING TO GET BROKEN INTO ". How do you tell when something happens? Simple, wait for someone to complain. Chances are an administrator or something will find something wrong and report it to you, in that instance simply use the second magic phrase " chances are we better do a clean install " thats all it takes. Your not hired to run the machines or the firewalls after all. Your simply there to assist, offer advice like try rebooting, and maybe we should add filters in conversations with the network admins. Once in a while of course, youll come across something overt, in that instance simply ignore it, it will go away on its own. Little hacks, little problems, big hacks, big problems, no hacks, no problems. Aiming for the last one is best :) Finding your cliq is an essential part of the security professionals job, after all nothing contributes to stress more than having nothing to keep yourself occupied with. Lucky for you there are thousands of people just like you in the computer security industry, and communicating with one another is one of the primary ways to stay busy. IRC On irc you will find an abudance of people within the computer security field, It is a place you can go to pick up the lingo, in case you are ever grilled by someone who knows what they are talking about. Dont worry if you cant speak to anyone at first, just wait a while and look at what other people say and copy them. Soon youll be chatting away like there's no tomorow. Mailing lists: Mailing lists offer you an opportunity not found on irc, the chance to look intelligent. You can even list youf being a member of mailing lists on your resume. "Worked as part of the full-disclosure project" Looks really nice. Occasionally people will paste technical information on the list. Dont worry about it too much most of it is fabricated/bullshit, simply chat away and make derofitory references to the people that break into the networks that your trying to secure. Simply talk about how dumb those "kids" were and you cant lose. Security Focus: Security Focus is a website which archives several newsgroups including the popular bugtraq. You can pass your days reading articles here. It also lists the latest software development problems. And this is the core of its use too you, We in the computer security have propogated the myth that software development problems are the root of all the security issues that plague computers today. Each of these problems is an excuse for any situation you may run into. Simply attach the blame on any computer security intrusions which occur on the manufacturer and tell the admin " maybe we should check to see if we have all the patches installed for (insert box name) . And there you have it, all you need to get started. There are still some things you need to know of course. Part II of our special guide will cover the tools of the trade, and how to spread fear to maintain your job status. Till then