Getting Started in Cybersecurity
Looking to enter the field of cybersecurity? There’s no single, correct way to get into it. Ericius Security’s own staff comes from a variety of backgrounds and experiences, including those outside of IT and computing. So, below we’ve put together a brief guide with resources and suggestions that may help along the way.
The recommendations are split into two areas: study and do. Study has your consumable media: books, videos, and podcasts. Do comprises certifications, getting hands on keyboard, conferences, etc.
Best of all, most of the resources below are free or low cost.
NOTE: Ericius Security receives no compensation for any of the purchase links below.
Study it
Authors and Books
Threat Modeling - Designing for Security
Consider the below recommendations to be "extra-curricular." Some are "older" and considered foundational to modern cybersecurity.
Podcasts
SANS Internet Storm Center Stormcast
Websites
Security Week - A security news site with short articles that cover many newsworthy topics.
Ars Technica - More security news with longer format reporting on news and critical vulnerabilities.
Hacker News - Another cybersecurity focused news aggregator.
Youtube - Someone probably made a video on a topic you want to know more about.
Do It
Certifications
CompTIA A+/Network+/Security+ - CompTIA recommends starting with A+ and going to Security+. If you have no knowledge of computers or networking, you should probably get A+ and Network+ before trying for Security+.
Specialized Certs - Interested in a specific technology like cloud (Amazon Web Services, Azure, Google Cloud), Linux, Microsoft, Cisco, or VMware? Look for certifications in those areas.
CISSP – Not for the faint of heart, and getting the certification can be tough. However, the exam materials cover a wide range of cybersecurity topics and for a great fundamental understanding of a lot of the principles behind many cybersecurity concepts, so even just studying the materials can be enlightening.
Conferences and Organizations
Find your Information Systems Security Association (ISSA) local chapter
Open Web Application Security Project (OWASP) - Consider this a Study resource as well for learning the OWASP Top 10
Labs/CTFs/Coding
Capture the Flag (CTF) competitions are great for learning a variety of sought-after skills.
https://nationalcyberleague.org
Having knowledge of a coding language can help tremendously. If you like Linux, get familiar with Bash. If you like Windows, learn PowerShell. For OS neutral scripting, look at Python (which is included with most Linux installs). JavaScript is good for web-related programming. If you want to get into secure software design, look at Java, C/C++, Swift, or Rust. And get a GitHub account to share your work with the world.
https://adventofcode.com/ - A website with progressively more difficult programming challenges that you can complete in whatever language you want.
- Also check out https://reddit.com/r/adventofcode for help, solutions, etc. New challenges every December.
Finally, set up your own home network or lab. A spare computer can easily be repurposed to run Linux. If you have a decent CPU (4 or more cores) and more than 8GB of RAM, look at VMware Player or Oracle VirtualBox and learn how to use virtual machines. A Raspberry Pi is also a great inexpensive Linux computer you can buy.
- Watch this webcast recording from Black Hills Information Security on building a lab https://www.youtube.com/watch?v=9QoPmtpn-gs
Once you’re set up with a virtual environment, download the Kali Linux distribution. It contains many security tools for both offensive and defensive operations.