Security Competencies

I've been working in the security and tech worlds for over 25 years. Over the years, several people have asked me what are the key things you would want to learn and be proficient at in order to do this job. I will give you the answer I was given by my first boss, at my first real security job: you need to understand the fundamentals.

He told me that in order to break or protect something you need to first understand how it works, and what the technology behind it is. The first four months in my job were spent reading. He gave me books on TCP/IP, DNS, operating systems, databases, firewalls, software design, ASM and C. He said: until you read and understand all this, I can’t teach you how to break stuff.

Yes, learning the basics of stuff.

Please don't take this too seriously, but understand the overall focus. Young "engineers" today tend to not care, or at least not care enough about the fundamentals and the basics of how things work. They just want to "write code and express themselves". Well, ok… But...

So, here are the key competencies you should have:

As you can see there is a lot here, but this list is not all inclusive. There is more, much more. Start here. It'll build a solid foundation. If you focus on the fundamentals, you will be able to learn better later, and switch work within the tech world as you find yourself attracted to other parts of it.

© 2009-2024 Modern Adversary. No tracking or visit logs.