My journey into InfoSec has been long over these few years. Even though the degree was useful for theory and concepts. I have gotten my positions and internships from pure self-learning and support from the InfoSec community.
I didn’t really have the support and guidance from my uni tutors and had to learn beyond the classroom. Therefore, I am sharing resources that helped me land a role in Risk Assurance, Operations and in my current position as a Cyber Security Consultant.
Lets start from the basics…The cyber security/InfoSec Industry!
In 2017, Henry Jiang a Chief Information Security Officer also known as a CISO, mapped out the world of cyber security which captured the key areas of how they interconnect. Jiang describes the map as fitting under domains:
- Authorized Penetration Test (Red Team) which is a sub-domain under Risk Assessment.
- Then there is a sub-domain called Active Defense (Blue Team) which is under Security Operations.
- Then you have Purple Team that maximize the effectiveness of the Blue and Red teams. Let’s think of this team as the marriage counselor of both teams.
I once worked for a company that the CISO didn’t even know what Blue, Red or Purple Team was. He even patronized me and said to me “Is this real? or was it something that you read from a book?”..You must be thinking, WTF?
Anyway, this is what the magical world of cyber security looks like:
Most companies I know are not interested in you knowing pure theory, they want to know that you have practical skills as well. Having a computer science degree shows commitment but it is not essential to get a role into cyber security or networking. First of all, start from the bottom to get to the top. You can try some self-learning courses and move onto building your own home lab.
Self-learning:
- LinkedIn Learning: Formerly known as Lynda.com. You can sign up for a free month premium membership and check out Mike Myers CompTIA A+ and Network+ prep courses on LinkedIn. He wrote the books for the CompTIA certifications.
- Cybrary: You can sign up for free cyber security training, SOC training courses and when you become a member you can do other lab exercises.
- Udemy: You can sign up for Risk Management, CompTIA courses, CCNA prep courses.
- Cisco Academy: Cisco Academy has free networking, packet trace and cyber security courses available.
- Linux Academy: You can sign up to learn more about Linux, AWS, Google Cloud, DevOps and more. Especially if you are interested in Cloud Security. There are many courses to learn and get certified.
- Microsoft Virtual Training Days: You can sign up for a 1–2 day session on Microsoft products, from Azure, SC-900, M365.
Setting up your home lab:
Setting up a home lab will make the learning process more enjoyable. Especially in regards to the next section of self-learning that I recommend.
- First of all, set up your test lab. If you click here, this will take you to instructions on setting up your own testing environment. However, there are many videos on how to set this up on YouTube.
Penetration Testing:
Here are the resources that I have used to learn more about Penetration Testing:
- PentesterLab — This is developed and designed by Luis a Security Engineer from Fitbit. He has helped me a lot with his online web hacking courses. Easy to follow and he challenges you after awhile. Awesome thing is that you get a badge to add to your LinkedIn profile.
- Hackthebox — Penetration Testing Lab. You need to learn how to hack yourself into the environment in order to complete the CTFs to get points and badges.
- Tenable University — It is free to sign up and do the online courses to learn more about Nessus. You do need to pay if you want to become certified.
Free University Courses:
- Charles Sturt University — Free short course in Pen Testing, Incident and Response, Cyber Security and Networking, System Admin and Cloud. They also give you credit towards a Masters if you do 3 short courses and sign up to their Masters in Cyber Security/Information Technology. You get a certificate at the end of the course.
- The Open University — Free Introduction to Cyber Security, Digital Forensics, Information Security and more.
- Sans — Sans offer a free Fundamental to Cyber Security course.
- University of Maryland — They partnered up with Coursera to offer free Cyber Security training and you earn a certificate.
Community and Meetups:
- ISIG family — The NZ Information Security Interest Group is run by a group of people that share the same interest. Everything, security related.
- ISACA — If you are more of a purple team kind of person and you care about the information security risk, controls and compliance. This is the group for you.
- Hack and Learn — The group to Hack and Learn. They go over different types of vulnerabilities and hack the box challenges.
- ISC2 — If you are interested in CISSP and the business management side of security. This group is for you.
- Slack — InfoSecNZ Slack Channel which use to be run by SparkleOps but is now run by Nick.
- LinkedIn — Cyber Security Forum Initiative for Cyber Space Operations and Training.
- Discord — The Many Hats Club which is run by white, grey and black hatters.
Bug Bounty and CTFS:
The next section I had to erase and crop some of the screenshot because these are my pages. If you are interested in security research or just to learn, check it out:
- CTF-Time (Form a team and compete nationally)
I think the list can go on and on…….The world is your oyster and there are many areas that you can explore in cyber security. I have mentioned only a few learning resources but the rest is up to you.
Enjoy this journey!
Tash :)
