For this fourth installment of advice columns
aimed at people who are interested in learning more about security as a craft or profession, I reached out to Richard Bejtlich
, a prominent security blogger
who last year moved from a job as director of incident response at General Electric
to chief security officer at security forensics firm Mandiant
Bejtlich responded with a practical how-to for a security novice looking to try on both attacker and defender hats. Without further ado…
Providing advice on “getting started in digital security” is similar to providing advice on “getting started in medicine.” If you ask a neurosurgeon he or she may propose some sort of experiment with dead frog legs and batteries. If you ask a dermatologist you might get advice on protection from the sun whenever you go outside. Asking a “security person” will likewise result in many different responses, depending on the individual’s background and tastes.