For this fourth installment of
advice columns aimed at people who are interested in learning more about security as a craft or profession, I reached out to
Richard Bejtlich, a prominent
security blogger who last year moved from a job as director of incident response at
General Electric to chief security officer at security forensics firm
Mandiant.
Bejtlich responded with a practical how-to for a security novice looking to try on both attacker and defender hats. Without further ado…
Bejtlich: Providing advice on “getting started in digital security” is similar to providing advice on “getting started in medicine.” If you ask a neurosurgeon he or she may propose some sort of experiment with dead frog legs and batteries. If you ask a dermatologist you might get advice on protection from the sun whenever you go outside. Asking a “security person” will likewise result in many different responses, depending on the individual’s background and tastes.