Monday, November 24, 2008

Enhancing Your Skillz...

I remember one of the questions I was asked in my first security job interview was "Why do you want to work in information security?" My response: because it changes on a daily basis and you have to stay on your toes. (This was also my response for "why don't you like security?")

Since then, I have always been searching for ways in which I could increase the security skills I have. Training courses, reading blogs/articles/books and networking are a great way to increase your security skills but I have always thought that there is more to security than knowing how to read a TCP packet, how a buffer overflow works or how to perform a SQL Injection attack.

If you work in Information Security you also have to have great analytical skills. You need to be able to "think outside the box", attack problems from a point of view or look at a log file and discern a pattern which someone else might not see. IMO, you can't learn these skills from reading an article or taking a training course.

However, I have found that playing games is an excellent way to increase your security analytical skills. How? A lot of games focus on strategy or pattern discernment and can help train your mind for these tasks. The following are games that I've personally played and found helpful in these areas.

Note: While I am a geek and love video games, I have specifically excluded these types of games from the following list. There are a number of reasons, but mostly because when it comes down to it, most video games are about reflexes not strategy (there are, of course, exceptions).

Set - Set is a card game where 12 cards are laid out on the table and you have to be the first person to find a set of three cards. A set consists of three cards that are either all alike or all different in each attribute (quantity, shape, shading and color). Sound easy? Not really. Set teaches your mind to attempt to focus on a number of different areas at once and discern a pattern. Great addictive game. Play it online too.

MindTrap - I love logic puzzles. To me, they are the ultimate in causing myself to "think outside the box" since most solutions aren't the obvious ones and require some thinking. Mindtrap takes logic puzzles and puts them into game form.

Puzzles for Hackers - Not a game per say, this book contains lots of puzzles designed for hackers and security professionals. It features encryption puzzles, reverse engineering and logic puzzles. I highly recommend it.

Hacker - OK, this probably isn't the best example for games in these categories...but I think this is a must have for all info sec professionals, given the history behind it.

Granted, these are only a small number of the games with potential to help us security folk. My point to all of this is that you don't just need to read a book or take a class to train yourself for your job...there are alternatives out there. And fun ones at that.

Anyone have any good games they want to share?

No comments: