• Post Reply Bookmark Topic Watch Topic
  • New Topic

Careers in Java Security/Cryptography

 
Joshua White
Ranch Hand
Posts: 97
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have developed an interest in java security/cryptography and have been trying to find a way to get started. I have found however that java security for the most part is sacrificed because of a lack of development time for J2EE apps and quite frankly, lack of knowledge.
Does anyone specialize in Java security or have any suggestions on how to get started in this field?
 
VIKI AG
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Start reading the Java Security API- (JAAS)
Jaas is the latest in Security coupled with JCA.
U can download the API from java.sun.com. U'll also find it with J2SDKEE v1.4-(See developer connection)
VIKI AG
 
Daniel Somerfield
Author
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well, of course, I would suggest buying (or winning) our book.
What I would say about a career in Java Security and Cryptography is that it is a tough sell and really needs to accompany a broader topic area, particularly these days when application security has a tendency to fall by the wayside.
The first area that goes nicely with Java Security is Java development in general. I believe Java Security is a great accompying expertise for OO design and solid Java programming skills. For this, you need solid experience in Java development and, to my mind, good knowledge of design patterns and OO techniques.
The second area is security in general. If you can specialize in PKI, network security and Java security, you have the much of the knowledge and the tools for designing and implementing secure systems. For this, you would need to learn about SSL, firewalls and PKI design.
Best of luck.

Originally posted by Joshua White:
I have developed an interest in java security/cryptography and have been trying to find a way to get started. I have found however that java security for the most part is sacrificed because of a lack of development time for J2EE apps and quite frankly, lack of knowledge.
Does anyone specialize in Java security or have any suggestions on how to get started in this field?


------------------
Daniel Somerfield
Author of Professional Java Security
 
Mark Herschberg
Sheriff
Posts: 6037
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Joshua White:
I have developed an interest in java security/cryptography and have been trying to find a way to get started. I have found however that java security for the most part is sacrificed because of a lack of development time for J2EE apps and quite frankly, lack of knowledge.
Does anyone specialize in Java security or have any suggestions on how to get started in this field?

As someone who is a security expert, my advice is to practice, practice, practice. Read all you want, but understand that experienc is key. I generally feel this is true in most fields. In security, I feel it is required.
I'm willing to accept an OO programmer who isn't totally comfortable with design patterns or other OO topics. Security experts should feel at least comfrotable with most, if not all, aspects of security. That's not to say you need to be infalable. No one expects you to be a superhero and do everything yourself. But there's little or no subspecialization in security. (OK, technically, that's not completely true, but for the most part, you need to be comfortable with the many facets of security.) And the only way to get comfortable with security is to have done it.

I'd advise the following:
1) Buy Bruce Schneier's book "Applied Cryptography". It is *the* bible in the industry. I don't know a single cryptographer who doesn't have a copy.
2) Subscribe to security mailing lists like coderpunks.
3a) Find the security guy at your company and ask to look over his shoulder. This may not be possible if you don't have one.
3b) Find open source software and see what others have done. Ask why it was done that way. Better yet, beofre looking under the covers, make your own design and see how it differs.

--Mark
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!