5

I am currently working as a Software/Web Developer with around eight years experience, however I have always had an interest in IT Security and am now hoping to move my career in this direction.

I was wondering what areas of IT Security might make for a natural progression from software/web development and what certifications might apply? Or if a 'natural progression' even matters if I find another area to be of greater interest. E.g. I find penetration testing really interesting but I'm not sure if my existing skills would be any use here.

Also, I'm wondering if its too late in the game to make a switch like this and maybe I should have done it earlier? (I'm in my early 30s) If I decide it is too late, it is still my intention to up-skill in this area because it will most likely help my software/web development anyway (its also interesting and something I want to do anyway!).

I'm quite excited about the idea of taking my knowledge of security to a greater level, learning new skills and gaining some certifications etc, but I want to try and set a clear direction for myself first so I don't just wander aimlessly.

Thanks in advance!

2 Answers2

3

Well.. if there is an area of IT security in which your skills would have any use that is pentesting. As software/web developer you know how a program/web works, so you should know which parameter, form, etc may be exploited. Also with programming experience you can go further and analyze the code from its source, not just trying the common attacks in websites.

All said was regarding to web pentesting. After learn about this (I recommend you The Web Application Hacker's Handbook -Finding and Exploiting Security Flaws and wargames), you should move into services vulnerabilities (here is where port scanners and frameworks like Metasploit get into the game).

Also with programming experience you could get into forensics.

Lately people trend to relate IT security with hacking and cyber war, and that's not true. I'm telling you this because I've read lately people who want to move into security because due to recent news they think this is like a "Hollywood Movie". If you are in this group of people, just keep programming, you won't success in security and you won't feel comfortable with your job.

About certifications, I think everyone should have the Security+ because it covers the basics about security. After... well when you have a Security+ you'll know how to approach your career.

The Illusive Man
  • 10,487
  • 16
  • 56
  • 88
3

Coming from a software developer background is certainly a strong asset to have when trying to get in to IT Security. It's a major asset for penetration testing as you can analyze code for weaknesses and if you have a good amount of training on how systems actual work, it should be very helpful for getting a good understanding of how cryptography works (practically, if not theoretically) as well as understanding the mechanisms beyond common attacks.

As far as certs to read up on, I'm personally a fan of CISSP. The last time I looked it was a little more in-depth than Security+ though it's been a while since I seriously compared them. Other good ways might be to focus on books about writing secure code and work out from there. I'd also recommend checking out sites like Hack This Site.Org where you can actually try out different attacks and see how they work. They include some programming and debugger oriented challenges as well that may be of interest as a developer.

AJ Henderson
  • 41,816
  • 5
  • 63
  • 110