I am a just-graduated computer scientist interested in security and I would also love to hear from some more experienced people. However, here's the advice I can give you, for college at least. Be ready for a wall of text:
Take systems, networks, and other low-level classes. This is all VERY relevant to security.
Get to know your security professors. If your school has any sort of CTF team, join it. If not, look for one in your area.
CCDC can be a good source of learning too, but take it with a grain of salt (it is more admin-type stuff and focuses on defense)
DON'T BE AFRAID TO ASK QUESTIONS. DON'T BE WORRIED ABOUT YOUR LACK OF EXPERIENCE. We all start somewhere. I had next to zero experience when I got involved with this stuff. Everyone was super-helpful and as a result I've learned a lot and I've gotten better at a lot of things
Don't be afraid to get your hands dirty too. The easiest way to legally break things is to set up your own systems to break. Damn vulnerable Linux or an old XP machine is a good place to start (since you mention metasploit I assume you know about Backtrack/Kali)
If you're interested in physical security too, just go for it:
Buy some lockpicks (if they are legal in your state) and buy some cheap padlocks.
Play around with other mechanisms and take any chance you can to (legally) practice. Forgot the combo to your luggage? Don't try to remember it. Hack it! (yes, this happened to me recently)
Most importantly, learn to get into a security mindset. That means thinking about security as much as you can. Examine new products, buildings, etc. Almost every time I go to the bank, I'm considering how I would rob it. My point is, just think about everything from a security standpoint. Be paranoid (to a healthy extent). And keep looking for answers, whether by learning, asking questions, or playing around with things.
Take opportunities to network whenever you can with security professionals. Go to DEFCON, etc.
Some great resources:
Exploit-Exercises - probably some of the best security exercises out there. Highly recommended by security professionals.
HackThisSite - also very good practice, but for web security
Matasano Crypto Challenges - excellent crypto practice
mens-rea25 karma
I am a just-graduated computer scientist interested in security and I would also love to hear from some more experienced people. However, here's the advice I can give you, for college at least. Be ready for a wall of text:
Don't be afraid to get your hands dirty too. The easiest way to legally break things is to set up your own systems to break. Damn vulnerable Linux or an old XP machine is a good place to start (since you mention metasploit I assume you know about Backtrack/Kali)
If you're interested in physical security too, just go for it:
Most importantly, learn to get into a security mindset. That means thinking about security as much as you can. Examine new products, buildings, etc. Almost every time I go to the bank, I'm considering how I would rob it. My point is, just think about everything from a security standpoint. Be paranoid (to a healthy extent). And keep looking for answers, whether by learning, asking questions, or playing around with things.
Take opportunities to network whenever you can with security professionals. Go to DEFCON, etc.
Some great resources:
I can guarantee you I've missed a TON of things, but this should be a good start I think. I hope at least some of it is helpful.
View HistoryShare Link