No announcement yet.

Developing my tech side

  • Filter
  • Time
  • Show
Clear All
new posts

  • Developing my tech side

    Like I said in my introduction, I’m a security officer at a small(ish) software company. We develop software, and offer it as a managed service. I’m responsible for our ISMS (ISO 27001/27002).

    Although I have been using computers for years, and rate my understanding of IT-subjects as above average, I don’t have any hands on experience working with things like servers, networks, databases and web applications. Nor have I had formal training in these matters.

    I feel I need a deeper understanding of these subjects for me to function better in my role. To be better able to understand and interpret threats and risks. To understand how vulnerabilities are abused, and how much they pose a threat to our infrastructure. This would help me to better explain and discuss these risks with management and operations. It would also help me talk to IT-admins and developers on a level that would enable me understand their arguments and point of view.

    I think I would benefit from learning more about subjects like networking, servers, operating systems (Windows, Linux), scripting, web services and (ethical) hacking. Ideally learning would be a mix of theory and practice (both at home and in online labs), through self-paced self-study.

    So I’m looking for advice about the subjects I should develop first, and on the best ways and resources to do that. Hope you can help me out with this.

  • #2
    OWASP publishes some information and tools that would be a good place to start. Start with the the "OWASP Top 10" list that they publish each year and then step through researching and understanding each area in the top 10. You don't have to be an expert, but after the first pass, simply having a solid understanding what each item is, how an attacker would take advantage of it, and the impact that it could have, will bring you a big step closer to knowing what questions to start asking. Then, you can do more directed study in the areas that seem most interesting to you.

    Twitter: @AccidentalCISO