Entering The Infosec Biz

This page contains resources and information for people looking to enter the IT security field.

Beginner’s Guides

How to build a successful information security career https://danielmiessler.com/blog/build-successful-infosec-career/
ESET’s beginner’s guide http://www.welivesecurity.com/2015/06/16/beginners-guide-starting-infosec/
http://krebsonsecurity.com/category/how-to-break-into-security/
http://tisiphone.net/2015/10/12/starting-an-infosec-career-the-megamix-chapters-1-3/

Conference Talks

Information Security Specialties

Information security is a field made up of many specializations.  Determining a focus area is quite helpful with entering the field.  Here is a conference talk that describes “what we do”.

This page is the second part of a post referenced above, however this does a great job of describing various roles in information security:

http://tisiphone.net/2015/11/08/starting-an-infosec-career-the-megamix-chapters-4-5/

Next is a link that describes many of the different roles in information security: http://cybersecuritychallenge.org.uk/careers/typical-roles/

Here are two conference talks by Eve Adams, a recruiter focused on information security roles:

Information Security Resumes

Here is a good post on what to include and how to tailor resumes:

http://webbreacher.blogspot.com/2015/07/infosec-resumes-what-do-employers-care.html

Here’s a good video on job searching and resume writing:

 

General Advice

It’s easy to be caught up in the technical aspects of information security, however technical skill is only part of what employers are looking for.  They are also interested in hiring people who are assertive and are good communicators.  Most of us in information security will end up working for a company, meaning that some understanding of business and how information security supports business operations can be a valuable skill prospective employers look for.

Below are some business resources recommended by the security community:

Book: “How to Win Friends and Influence People”

Security Conference Videos

Irongeek (Adrian Crenshaw) records and posts talks at many information security conferences over the past several years. Those talks are available here:

http://www.irongeek.com/

Online Learning

Security Tube is a popular resource for learning various infosec tools and topics: http://www.securitytube.net/
Cybrary has a number of free online security courses https://www.cybrary.it/
Coursera Cybersecurity Certificate Specialty https://www.coursera.org/specialization/cybersecurity/7?utm_medium=catalog
Safari Books Online

Note: This is not free, however it is a very economical way to get access to a HUGE library books.

https://www.safaribooksonline.com/

Malware/Traffic Analysis Practice

Malware Analysis https://zeltser.com/build-malware-analysis-toolkit/
 Sample PCaps to analyze  http://malware-traffic-analysis.net/

Penetration Testing Practice

Vulnerable applications and related practice downloads for penetration testing http://wellr00t3d.com/practice.html
Web application exploits https://google-gruyere.appspot.com/

Certifications

Certifications can be handy to get past the HR firewall in many organizations.

CISSP https://www.isc2.org/cissp/default.aspx
Certified Ethical Hacker http://www.eccouncil.org/Certification/certified-ethical-hacker
OCSP https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/
SANS Certs http://www.giac.org/certifications/categories

Local Security Meetups

Networking with others in the security industry, particularly those in your area, is a key to entering the field.  These organizations have local meetups in many different locations

Security BSides: http://www.securitybsides.com/
ISSA: http://www.issa.org/
OWASP: https://www.owasp.org
CitySec: https://www.reddit.com/r/netsec/wiki/meetups/citysec

Competitions

Competitions are a great way to network with people in the field, show off your skills and learn.

Most larger security conferences have capture the flag contests

US Cyber Challenge: http://www.uscyberchallenge.org/
National Collegiate Cyber Defense Challenge: http://www.nccdc.org

 

Podcasts

http://www.defensivesecurity.org/resources/podcasts/

Misc

Large list of relevant links: http://www.r00tsec.com/2015/08/link-resource-for-learning-security.html

Five pieces of advice for those new to the infosec industry: http://www.cgisecurity.com/2012/09/five-pieces-of-advice-for-those-new-to-the-infosec-industry.html

Experience

A significant problem for newcomers to the information security industry is getting the first job with little or no experience.

Here is some information regarding overcoming the experience paradox: https://www.maliciouslink.com/dealing-with-the-experience-required-paradox-for-those-entering-information-security/

This post has a lot of great information becoming a penetration tester, but also has compiled a list of companies that regularly hire newcomers: https://www.corelan.be/index.php/2015/10/13/how-to-become-a-pentester/

Book: “The Network Security Test Lab

Leave a Reply