This page contains resources and information for people looking to enter the IT security field.
Beginner’s Guides
| How to build a successful information security career | https://danielmiessler.com/blog/build-successful-infosec-career/ |
| ESET’s beginner’s guide | http://www.welivesecurity.com/2015/06/16/beginners-guide-starting-infosec/ |
| http://krebsonsecurity.com/category/how-to-break-into-security/ | |
| http://tisiphone.net/2015/10/12/starting-an-infosec-career-the-megamix-chapters-1-3/ |
Conference Talks
Information Security Specialties
Information security is a field made up of many specializations. Determining a focus area is quite helpful with entering the field. Here is a conference talk that describes “what we do”.
This page is the second part of a post referenced above, however this does a great job of describing various roles in information security:
http://tisiphone.net/2015/11/08/starting-an-infosec-career-the-megamix-chapters-4-5/
Next is a link that describes many of the different roles in information security: http://cybersecuritychallenge.org.uk/careers/typical-roles/
Here are two conference talks by Eve Adams, a recruiter focused on information security roles:
Information Security Resumes
Here is a good post on what to include and how to tailor resumes:
http://webbreacher.blogspot.com/2015/07/infosec-resumes-what-do-employers-care.html
Here’s a good video on job searching and resume writing:
General Advice
It’s easy to be caught up in the technical aspects of information security, however technical skill is only part of what employers are looking for. They are also interested in hiring people who are assertive and are good communicators. Most of us in information security will end up working for a company, meaning that some understanding of business and how information security supports business operations can be a valuable skill prospective employers look for.
Below are some business resources recommended by the security community:
Book: “How to Win Friends and Influence People”
Security Conference Videos
Irongeek (Adrian Crenshaw) records and posts talks at many information security conferences over the past several years. Those talks are available here:
Online Learning
| Security Tube is a popular resource for learning various infosec tools and topics: | http://www.securitytube.net/ |
| Cybrary has a number of free online security courses | https://www.cybrary.it/ |
| Coursera Cybersecurity Certificate Specialty | https://www.coursera.org/specialization/cybersecurity/7?utm_medium=catalog |
| Safari Books Online
Note: This is not free, however it is a very economical way to get access to a HUGE library books. |
https://www.safaribooksonline.com/ |
Malware/Traffic Analysis Practice
| Malware Analysis | https://zeltser.com/build-malware-analysis-toolkit/ |
| Sample PCaps to analyze | http://malware-traffic-analysis.net/ |
Penetration Testing Practice
| Vulnerable applications and related practice downloads for penetration testing | http://wellr00t3d.com/practice.html |
| Web application exploits | https://google-gruyere.appspot.com/ |
Certifications
Certifications can be handy to get past the HR firewall in many organizations.
Local Security Meetups
Networking with others in the security industry, particularly those in your area, is a key to entering the field. These organizations have local meetups in many different locations
| Security BSides: | http://www.securitybsides.com/ |
| ISSA: | http://www.issa.org/ |
| OWASP: | https://www.owasp.org |
| CitySec: | https://www.reddit.com/r/netsec/wiki/meetups/citysec |
Competitions
Competitions are a great way to network with people in the field, show off your skills and learn.
Most larger security conferences have capture the flag contests
| US Cyber Challenge: | http://www.uscyberchallenge.org/ |
| National Collegiate Cyber Defense Challenge: | http://www.nccdc.org |
Podcasts
https://defensivesecurity.org/resources/podcasts/
Misc
Large list of relevant links: http://www.r00tsec.com/2015/08/link-resource-for-learning-security.html
Five pieces of advice for those new to the infosec industry: http://www.cgisecurity.com/2012/09/five-pieces-of-advice-for-those-new-to-the-infosec-industry.html
Experience
A significant problem for newcomers to the information security industry is getting the first job with little or no experience.
Here is some information regarding overcoming the experience paradox: https://www.maliciouslink.com/dealing-with-the-experience-required-paradox-for-those-entering-information-security/
This post has a lot of great information becoming a penetration tester, but also has compiled a list of companies that regularly hire newcomers: https://www.corelan.be/index.php/2015/10/13/how-to-become-a-pentester/
Book: “The Network Security Test Lab“
Hi there,
Just came across your site and starting my journey in InfoSec. I found a link that I guess has been moved as its currently broken. This is the one from your site under essential reading which isn’t working:
Microsoft Security Intelligence Report points to: http://www.microsoft.com/security/sir/strategy/default.aspx#!section_1
I searched the Microsoft site and found the latest volume is Vol.24 from 2019, hopefully they will have a 2020 soon but thought I would pass the info along so you can update your resources link that other users might also try (and fail)…here’s the vol.24 link:
https://www.microsoft.com/security/blog/2019/02/28/microsoft-security-intelligence-report-volume-24-is-now-available/
Thanks,
Shelly