Tag Archives: Bruce Schneier
What does it take to get started in information security? Can you teach yourself security?
This field requires you to understand how PCs, mobile devices, applications, servers, protocols, and networks operate. It helps to have a lot of curiosity and a good sense of where trouble lurks. And don’t forget Unix/Linux (more on that later).
I started as a PC support guy, became a server administrator, managed a network, and then became a security analyst. For me, it was a natural progression, but that’s the “old school” way of doing it. Security training was scarce, and there were few to no institutions offering training specific to that area. Also, the internet was still growing, and there were few security websites or blogs to learn from.
In Top 100 Network Security Tools and Easy Windows Scanner, I described a few Windows tools that every auditor or security analyst should know or know about. In this post, I highlight some of my other favorite Windows tools (both security and general utility software). ALL OF THEM ARE FREE.
12/26/14 Update: These are STILL my favorite programs. The only one I don’t use anymore is CutePDF Writer, which I replaced with the FREE Sumntra PDF
Foxit Reader (I no longer recommend FOXit). But if you only want a PDF printer, CutePDF is still a great solution.
I also added 2 new tools: PSPad and File Splitter (see my links at the bottom).
SC Magazine had a good article back in November (I am a bit behind in my reading and my blogging) about industry pioneers in IT security. Listed below are quotes by a select few of the people the mag profiled. If you find their quotes interesting, or you are not familiar with them, I suggest you check out the article and perhaps do some extra reading about some of them.
I thought cryptography was a technique that did not require your trusting other people…” – Whitfield Diffie
Bruce Schneier has 5 questions for assessing security and the trade-offs that are made during the assessment process.
- What assets are you trying to protect?
- What are the risks to these assets?
- How well does the security solution mitigate those risks?
- What other risks does the security solution cause?
- What trade-offs does the security solution require?