This page contains resources and information for people looking to enter the IT security field.
|How to build a successful information security career||https://danielmiessler.com/blog/build-successful-infosec-career/|
|ESET’s beginner’s guide||http://www.welivesecurity.com/2015/06/16/beginners-guide-starting-infosec/|
Information Security Specialties
Information security is a field made up of many specializations. Determining a focus area is quite helpful with entering the field. Here is a conference talk that describes “what we do”.
This page is the second part of a post referenced above, however this does a great job of describing various roles in information security:
Next is a link that describes many of the different roles in information security: http://cybersecuritychallenge.org.uk/careers/typical-roles/
Here are two conference talks by Eve Adams, a recruiter focused on information security roles:
Information Security Resumes
Here is a good post on what to include and how to tailor resumes:
Here’s a good video on job searching and resume writing:
It’s easy to be caught up in the technical aspects of information security, however technical skill is only part of what employers are looking for. They are also interested in hiring people who are assertive and are good communicators. Most of us in information security will end up working for a company, meaning that some understanding of business and how information security supports business operations can be a valuable skill prospective employers look for.
Below are some business resources recommended by the security community:
Security Conference Videos
Irongeek (Adrian Crenshaw) records and posts talks at many information security conferences over the past several years. Those talks are available here:
|Security Tube is a popular resource for learning various infosec tools and topics:||http://www.securitytube.net/|
|Cybrary has a number of free online security courses||https://www.cybrary.it/|
|Coursera Cybersecurity Certificate Specialty||https://www.coursera.org/specialization/cybersecurity/7?utm_medium=catalog|
|Safari Books Online
Note: This is not free, however it is a very economical way to get access to a HUGE library books.
Malware/Traffic Analysis Practice
|Sample PCaps to analyze||http://malware-traffic-analysis.net/|
Penetration Testing Practice
|Vulnerable applications and related practice downloads for penetration testing||http://wellr00t3d.com/practice.html|
|Web application exploits||https://google-gruyere.appspot.com/|
Certifications can be handy to get past the HR firewall in many organizations.
Local Security Meetups
Networking with others in the security industry, particularly those in your area, is a key to entering the field. These organizations have local meetups in many different locations
Competitions are a great way to network with people in the field, show off your skills and learn.
Most larger security conferences have capture the flag contests
|US Cyber Challenge:||http://www.uscyberchallenge.org/|
|National Collegiate Cyber Defense Challenge:||http://www.nccdc.org|
Large list of relevant links: http://www.r00tsec.com/2015/08/link-resource-for-learning-security.html
Five pieces of advice for those new to the infosec industry: http://www.cgisecurity.com/2012/09/five-pieces-of-advice-for-those-new-to-the-infosec-industry.html
A significant problem for newcomers to the information security industry is getting the first job with little or no experience.
Here is some information regarding overcoming the experience paradox: https://www.maliciouslink.com/dealing-with-the-experience-required-paradox-for-those-entering-information-security/
This post has a lot of great information becoming a penetration tester, but also has compiled a list of companies that regularly hire newcomers: https://www.corelan.be/index.php/2015/10/13/how-to-become-a-pentester/
Book: “The Network Security Test Lab“