Two tips to help you become a super IT security expert-reposted from www.51job.com

-- Very enlighteningArticleYou can see on the Internet that you don't want to enjoy the good stuff exclusively. I hope it will help you. (statement: From www.51job.com)
Two tips to help you become a super IT security expert

I used to work with a very good friend and colleague in a team. At that time, our team was trying to win a major account. One day, our team asked the customer's senior management personnel all the problems they found during the briefing. Our team leader was the main speaker, my friends and I are also on duty to answer technical questions that the team lead may not be able to answer.

The early days of the meeting were filled with a hostile atmosphere, and the team lead seemed to have insufficient preparation for the other party's doubts. Therefore, he pushed a lot of questions to my friends, of course, because my friends can calmly cope with the problem. Soon, my friends received a lot of attention from the customer's senior management based on their excellent answers. In the next few hours, they began to ask various questions. By the end of this day, everyone is happy to see who is the real owner-except for our team lead.

This incident led me to think about why my colleague was so successful at the meeting that he naturally became a leader? The reason is that he has two key features not available to others: He is a strategic thinker and a problem solver. For IT security administrators or any IT workers, developing and displaying these two features can make you stand out in the same industry, which is invaluable to your career.

Editor's note: Is there a lot of friends who find that they can ask questions but lack a solution?

1. Strategic Thinking

One of the ways to become an excellent computer security expert is to make strategic thinking while fixing problems as usual. When you discover security problems (such as over-open firewalls, weak passwords, and an expired virus database definition), you must first solve the problemProgramThink about the root cause of this problem. Use all your findings to develop a strategic revision method. To fundamentally understand the cause, you will be welcomed by the management and technical personnel.

For example, you find that the password of the service account is too short and never changed. Obviously, you can set a longer password and set a time period for the password. However, good security experts will immediately realize that the vulnerability of passwords is caused by the vulnerability or inconsistency of current password policies. Solve the current problem first, and then try to help solve the strategic problem. In this case, we will talk more about tactics to solve the current problem, but our thinking should go beyond this. We all know how to prevent malicious attacks and malware, but when you face hundreds of computers, the problem becomes more and more difficult, so you should start with a policy.

Do not leave the password on the service account just now. What about the password of all other user accounts? If you find a problem on a Windows computer, how does one handle the password in the middle end and mainframe in Linux and UNIX? What are the passwords of other security devices, routers, and SNMP hosts?

In my career, I have been trying my best to think this way. So far, the effect has been good. I also saw other people doing this and they were given higher salaries. Sometimes it takes a small amount of research time to find the right strategy, but it is impressive for the senior management to consider both sides.

On the other hand, we often see that young security administrators can configure and troubleshoot well, but they cannot touch on corporate strategies to accomplish more important tasks. Their income is good, but it seems that they have always reached the upper limit and cannot go further.

2. Propose solutions

Whenever you ask a question, you always need to propose a possible solution. The life of senior management is generally like this: everyone around them is constantly talking about how things are messy. I have seen some consultants proudly tell executives how difficult they are to find their security questions. The answer is often "tell me how to do it, don't let me find a solution !"

What executives say is that complaints cannot solve the problem. To become an excellent computer security specialist, you must also propose solutions when you discover problems. This is also related to the first suggestion: Your solution should include tactical and strategic fixes. If you want to see the smile of the senior management, follow these two suggestions, then I bet you will see more smiles in your career.

This is my friend's situation. A few days after that briefing, the old team lead let my friends serve as supervisors. The company obtained a huge contract and he also got a big promotion. Everything is fine and cannot be better. Of course, it would be better if that person was me, it seems a bit out of question. (51cto.com)