Resources

How to become a security expert - by Rodney Thayer

See new Internet technologies being developed! Be there when cutting edge Web 2.0 innovators deploy never before seen web sites! Keep up with rapid advances in the field! Amaze your coworkers with your knowledge of incredibly useful security tools! Hang out with brilliant geeks working on exotic communications protocols!

How? Participate in an open source project.

Although, as I can personally attest, glamour eludes those of us working on open source projects – unless you want to count all that late-night pizza-eating drawing-on-napkins and checking under your arms to see who needs the shower kind of thing.

But, seriously folks. Open Source is everywhere, having become a component of the most important networking technologies around us. Some examples:

  • The Apache web server is used in about half the Web servers on the Internet today.
  • Another Apache project, Tomcat is a core technology used in many Java-based products from Sun, IBM, and other vendors.
  • The OpenSSL produces a library that implements the IETF (Internet Engineering Task Force) TLS protocol. TLS (Transport Layer Security) is better known by its old name, SSL. SSL is the encryption technology used to protect your credit card number when you buy books on Amazon.com.
  • OpenSSL is used by a significant portion of the merchant sites on the Internet today.

Open source projects make a great addition to classroom studies because you get to study real world uses of the latest network security technologies. You can just quietly "lurk", watching and learning. Or you can volunteer to help. These projects often have all sorts of work for volunteers, from updating web pages to working on documentation to testing new builds to actually writing code. In return for your slave labor, you can apply the skills and knowledge you get in your studies to learn how protocols and tools developed in the open source community are deployed.

A whole other means of learning

Open source projects are a fascinating artifact of the Internet age. These are not conventional software projects. They are communities of users and developers working together to build and deploy some of the critical technologies that make the 'net work.

Through these volunteer projects, you will have the opportunity to learn how others use open source tools to solve problems in their networks. As a student of network security, this means learning cutting edge network defenses using open source technologies.

Even if you just hang out on the mailing list you can get a lot out of it. Open source projects typically have a project home, a software distribution package, and some sort of communications mechanism like a mailing list or a Wiki (also run by volunteers). The more active projects have a community of users and developers all over the world who communicate through the Internet.

Working on open source projects means big picture kind of learning, you see what kind of problems other folks have and common mistakes they make, which can be valuable if you are trying to learn how to troubleshoot something. If you're doing security work and need to solve some sort of problem like log processing, you can ask around and learn what kinds of other open source tools are available.

Even if you only use the open source tools for prototyping solutions, they can still be very valuable learning tools. You can become an educated user of the technology and that can be useful no matter what vendor solutions you end up working with in the commercial world.

Participating in an open source project is a great way to give back to the community, too. And in so doing, have your name associated with the next big thing, starting with today’s modern Internet open source projects, like BIND, Mozilla, or Snort. You can't buy an education like that.

Thayer is senior research fellow at the Security Consortium, and member of the Shmoo Group, and IETF participant (TLS, IPSEC, OpenPGP, OpenSSH).