Monthly Archives: April 2017

InfoSec Career “Quick-start” guide

  1. Install Kali
  2. Pwn all the things
  3. Collect big paycheck!

So what I really want to accomplish with this post is to provide a series of sources to help you get going in your infosec career.  I had a much longer post going on about building a good base of other technical skills and such but lets just get to the meat of it.

Online Training

Free Resources:

  • Codecademy – Offers a number of free courses with added features if you upgrade to a pro subscription.  Great place to learn Python and Ruby.
  • Udacity – Much wider selection of programming courses, possibly better place to start for you App Sec types.
  • Microsoft Virtual Academy – Yes, even MS has a ton of free training resources.  Powershell to .NET C#!

Paid Sources

  • PluralSight – 30 bucks a month and a free trial.  They cover a wide variety of topics from CISSP to OWASP Top 10 for .NET with Troy Hunt.
  • ITProTV – Covers a wide variety of content spanning IT, probably a good place to start if you need to build up those base skills.  A bit pricier than PluralSight but has a stronger focus on IT in general.  Also you can probably find a discount code if you listen to Paul’s Security Weekly.

Podcasts

  • Security Weekly – They have expanded beyond the initial Security Weekly podcast to cover Enterprise, Startups, and Securing your digital life.  Listen to them all or pick and choose!  The team is great and you can’t go wrong, they will get you asking “What is the problem we are trying to solve??”
  • Risky Business – Covers the weekly security news from an Aussie perspective and includes special segments and interviews.
  • Southern Fried Security – Weekly-ish topical security discussions from the south.
  • SANS Internet Storm Center (ISC) – a quick 5-7 minute daily micro-cast covering security highlights.

Social Media

Twitter – Pretty much start with the people who host the above podcasts and the ones followed by our twitter account.  It is a great place to start interacting with the active security community.

Conferences / Meetups

  • Security BSides –  Spawned out of rejected CFPs from Blackhat 2009, Security BSides has evolved into a global series of events put on by local security communities.  This is a great place to get your feet wet and the cost is free to minimal.
  • DerbyCon –  5 day con down in Louisville, KY.  One of my personal favorites if you can fly and afford the hotel.  If you are in a reasonable distance you can also drive.  They have 2 days of training sessions before the actual conference.  It is a more intimate conference compared to the likes of DEF CON.  They also include nightly activities and a CTF that has something for all skill levels.  When you are there make sure to stop by the hardware hacking and lockpick villages!
  • CircleCity Con – I can’t speak on this one but the organizers are a great bunch.  If you can get to Indianapolis in June, check this one out!
  • Thotcon – another small con, it already happened this year but put it on your calendar for next year if you are going to be in the Chicago area.
  • DEFCON – Can’t mention the others without mentioning this one.  Without Blackhat and DEFCON we would not have the community that we have now.  I have yet to attend either of these but it is on the bucket list.
  • Meetups – Google search for local groups in your area.  Check around at Maker and Hacker spaces.

Other Resources

So that is it for now, hopefully you found this useful.  If you have other resources you come across feel free to message me on twitter and I will post an updated list.  Good luck and remember, if you are looking for your first official security gig, don’t be afraid to apply even if you think you are not qualified.  The smart employers may look past the lack of skills if you can demonstrate the right mindset for this work.