Fresh Start resources

[#fresh starters cyber security professional suggestions]

In my experience there are few valid ways to explore and evaluate different cyber careers options:

• use the NICE framework by the US Department of Homeland Security - https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework#

• CREST exams - https://www.crest-approved.org/professional-qualifications/crest-exams/index.html

• Digital, data and technology (DDaT) https://www.gov.uk/government/collections/digital-data-and-technology-profession-capability-framework

• Cyber Seek matrix - https://www.cyberseek.org/pathway.html

(!) Check job specs and LinkedIN profiles of who does the job you want, it is a powerful way to see the career approach they had, together with the syllabus you find above, you have enough to define your study and career path.

CAREER = KNOWLEDGE + EXPERIENCE

The experience will come with the day to day job experience, but you have to focus on knowledge....pay attention, I wrote knowledge not certifications.

KNOWLEDGE != CERTIFICATION

Get a car driver license doesn't make you a good driver, the same apply to cyber security, focus on learning and develop your knowledge, don't focus on just collecting certifications.

Money is a topic that I would like not to mention but nowadays you will be amazed by the cost of cyber security education, also by on-line remote options. My target is to give you the key of the kingdom without breaking the bank....how .... study books!

We are in a visual generation, Youtube and various tech vendors in the education space made miracles but if you get into a supermarket, doing grocery, it's not always true that picking what you like you will end up with a complete healthy lunch, here it is exactly the same case. If you are watching the MIT open course for cyber security, you are going to have a full structured syllabus and it's a good choice, but if you start to jump around video by video, in an almost random fashion....stop.

Books are the cheapest and most valuable options and there are amazing professionals that wrote and concentrated a golden cave of resources for you, in just one book. You only have to know which to take...fortunately it's easy!

When you selected the cyber career path for you, select the CREST exam munu item, from the website listed above. Now click on the exam and check the study material they suggested, bingo, you have a clear syllabus of the exam to be followed and a complete list of books you need, with a relative low investment.

What else you could need? .... Strategy, in fact I suggest to study a bit, without melting down but be constant, that's often the secret. Cyber security is a field where you will never end to study and if you make it part of your lifestyle, driven by your curiosity, it will never be a problem for you.

Which book do I suggest? ....

• Practical Malware Analysis: A Hands-On Guide to Dissecting Malicious Software - ISBN-10: 1593272901 ISBN-13: 978-1593272906

• Practical Packet Analysis, 3E: Using Wireshark to Solve Real-World Network Problems - ISBN-10: 9781593278021 ISBN-13: 978-1593278021

• The Practice of Network Security Monitoring: Understanding Incident Detection and Response - ISBN-10: 1593275099 ISBN-13: 978-1593275099

• The Hacker Playbook 3: Practical Guide To Penetration Testing - ISBN-10: 9781980901754 ISBN-13: 978-1980901754

• Network Security Assessment: Know Your Network - ISBN-10: 9781491910955 ISBN-13: 978-1491910955

• Hacking: The Art of Exploitation - ISBN-10: 1593271441 ISBN-13: 978-1593271442

• Metasploit: The Penetration Tester's Guide - ISBN-10: 9781593272883 ISBN-13: 978-1593272883

• Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning ISBN-10: 0979958717 ISBN-13: 978-0979958717

• The Shellcoder's Handbook: Discovering and Exploiting Security Holes - ISBN-10: 9780470080238 ISBN-13: 978-0470080238

• The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws - ISBN-10: 1118026470 ISBN-13: 978-1118026472

• The Tangled Web: A Guide to Securing Modern Web Applications - ISBN-10: 1593273886 ISBN-13: 978-1593273880

• Social Engineering: The Science of Human Hacking - ISBN-10: 111943338X ISBN-13: 978-1119433385

In summary, I love the No Starch Press security book range, the Wiley too and I do consider O'Reilly book collection a quality guarantee for most of the IT topics, even if I didn't talk about programming because based on your specialization you could have different resources and needs.

How do you train....in local, Virtual Box can be your best friend and by capture the flag programs like

https://www.hackthebox.eu/

https://hack.me/

are a great way to learn, but having your local virtual environment will be the first thing to do.

Do you need to become a tool Kung-Fu master...no!...you have to have solid knowledge about the core topics like

Network => http://www.tcpipguide.com/free/index.htm && https://openlearning.juniper.net/jol-courses/

OS => https://www.ibm.com/developerworks/linux/lpi/index.html

and more OS => https://mva.microsoft.com/

Databases, CDN, Cloud, Application Stack, CI/CD & C.

(!) Focus on vendor free knowledge, learn the technology but more than everything ... how it works!

Here some free cyber security courses:

• http://opensecuritytraining.info/Training.html

• https://www.cybrary.it/

• http://google-gruyere.appspot.com/

• MIT Cyber Security https://www.youtube.com/playlist?list=PLUl4u3cNGP62K2DjQLRxDNRi0z2IRWnNh

• https://www.offensive-security.com/metasploit-unleashed/

• https://www.first.org/global/sigs/malware/resources/

(!) If you are stressing out about which programming language to study start with HTML5, CSS, Javascript....you will always have to deal with webapp....later on start with Python or .NET or Ruby or whatever gives you script OS capabilities, it's not a big deal whatever you like, just get what's easy for you to learn.

(!) Decide your cyber security career path based on what you find easy to grasp as topic and based also on your personal soft skills

Here my personal opinion about soft skills that could help to reach the extra mile in each career path.

You are analytical, you have an extremely good attention to detail and you are well organized, you never leave something to be finished..... I would say:

Security Analyst, Forensics Investigator, DFIR/blue team, pentest/red team, Reverse Engineer

You never miss the big picture, you have curiosity for technology and you like to plan ahead... I would say:

Security Architect, Threat Modeler

If you get a new toy you never read the instructions but you rush to dismantle it to see how it works.... I would say:

Security Engineer, Pentester and Reverse Engineer

If you read a news, you always cross reference that with other sources, digging and investigating other articles on different journals, trying to make your own mind about the topic, investigating deeper, checking resources about multiple topics, you like to connect the dots.... I would say:

OSINT, Threat Analyst, Security Analyst, DFIR Forensics

What about the other jobs I left out? You need a mix of multiple skills and personal qualities, some requires a strong business acumen that you will learn along the career so, don't worry too much.

(!) As a motorcyclist would say, the destination isn't important, the journey makes you happy! ... Enjoy every second of your career ride, you will always have room to learn but remember...be humble, in this field you will never learn everything and you should never forget that, you contribute to the security posture of your organization working with your colleagues and it is always about a team work....if you forget even one second to be humble, you will make your biggest career mistake, helps others to grow and never forget that this is not a job, it's a lifestyle, be secure is a mind set, helps others to gain that.

______________________________________________________________________________________________________________________