BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
From creating bring your own device policies to managing the cloud and every message in between, there's a lot going on the world of Exchange administration. I can't think of anything more visible and critical to a messaging environment than security. I'm a bit biased about this point because security is all that I do, but you can't address anything in IT without discussing security.
Whether you want to sharpen existing skills for keeping Exchange secure or you're new to security, here are the best things you can do to stay ahead of the curve and secure a messaging platform.
1. Become more business savvy. You can be as skilled as any hacker or security researcher in the world, but if you can't apply that knowledge to protect your enterprise, you'll be forever relegated to the data center with a nice salary cap to boot. Information security is all about protecting the business. And there are plenty of resources to explore to help you improve how you manage Exchange.
2. Set goals and master your time. Time is the scarcest resource in IT. And when it comes to securing a messaging environment, things move even faster. Goal setting and management has been fine-tuned over the decades, and there's no reason you can't learn its basic concepts. You have to learn and apply time management concepts if you're going to stay on top of the latest security threats to Exchange and get things done in your work.
Once you establish your goals, you also need the self-discipline to see them through. This comes in the form of properly managing what you do with your time. Once you've had the time to study and practice these two subjects, you can easily take on any Exchange security issue. You'll also get more accomplished and can double, if not triple, your earning potential at the same time.
3. Learn from others. There are a lot of smart people in the information security field -- listen to what they have to say. YouTube is a great resource for this. For starters, search "information security" and "hacking." Another option is to take classes through a local continuing education program.
Consider getting certified. The Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and Certified Ethical Hacker (CEH) programs are three of the most visible and respected in the field. You might even consider getting a degree in information security.
Attend security-related conferences. When you do, you'll learn something not only in each and every session you attend but also every conference you attend. They each have their unique value and tend to change things up every year. Check out the RSA Conference and Hacker Halted. TechTarget puts on a number of security events that offer great ways to learn nuggets of wisdom that would otherwise take years to figure out.
4. Get your hands dirty. Learning the ropes with day-to-day Exchange security design, implementation and management tasks is the best way to get the experience you need. Ask if you can shadow someone who works to secure your messaging environment. Or, better yet, take on the responsibilities yourself. There are still too many organizations where bystander apathy controls security decisions.
Hands-on training in an Exchange lab environment is also invaluable. If something breaks in a lab environment, there are no consequences like there would be if it broke in production. Set up some virtual machines. Play around with Kali Linux and all the other freebies available at SourceForge. Try out demos or community editions of Exchange security products and vulnerability assessment tools where you can.
Here's something that many people in IT won't admit to or recommend: Fake it until you make it. The real key to getting ahead in Exchange security is to do a lot of little things over time. Don't be afraid to dabble in penetration testing, forensics, incident response, compliance and auditing. Find a specialty and take in as much as you can in that area.
Follow the often-disputed 10,000 hour rule and you can become a true security expert in just a few years. That worked for me, and there's no reason it can't work for you.
About the author:
Kevin Beaver has worked for himself for more than 11 years as an information security consultant, expert witness and professional speaker at Atlanta-based Principle Logic LLC. He specializes in performing independent security assessments revolving around information risk management and is the author and co-author of many books, including The Practical Guide to HIPAA Privacy and Security Compliance and Hacking for Dummies.