The question arises time and time again “How can I get started in infosec?”. The vast amount of information out there it can to say the least make it overwhelming. I just wanted to write up a small jump start guide that can help you dive in and become a part of the fun. These are just my opinions so feel free to disagree or contact me with any others suggestions.
#1 Get a Twitter account
Twitter can be used as a very effective news feed if you follow the correct people. This will allow you to keep up to date on trending topics and ideas floating around the security world. Like most social media sites this can also turn into a big source of distraction so be careful.
Many popular tools and groups have an irc channel that can help you immerse yourself daily in security related topics. Even simply observing the conversations that are happening can be infinitely educational. Get on IRC and don’t be scared to ask questions.
A few channels I like on Freenode irc:
#3 Read, Read, Read
This should actually be number one but read like it’s going out of style. Anything you can get your hands on. Find books that are up to date and make a reading plan so that you can absorb the large chunks of info that are required to have a general oversight of the infosec realm. Find articles online to read, blog posts, white papers, academic papers, or any other material you may find interesting.
#4 Listen to Podcasts
This can be a great wealth of knowledge on a consistent basis if you pick the correct podcast. Best thing is you can listen to them while driving so you can squeeze infosec into every second of your day. Many experienced and respected infosec professionals have podcast that can be downloaded weekly or daily.
Here is a list of some of my favorites:
- Paul’s Security Weekly
- Risky Business Podcast
- Exotic Liability
- Social-Engineer Podcast
- SpiderLabs Radio
- Defensive Security Podcast
- Southern Fried Security Podcast
- Brakeing Security
- TrustedSec Security Podcast
- Hackers on Fire
Conference videos, youtube, and Securitytube combined can be a wealth of information. Securitytube offers a centralized location for everything infosec related and the creator Vivek has many megaprimers that are free and very in depth about many topics such as Wireless security, Meteasploit, and Assembly language. These mega primers will start from the basics and go deep into detail. I feel these mega primers can be a true jump start for anybody jumping on the security train. Conference videos if watched in a timely manner can give you up to date information on current research, techniques, and findings in the infosec realm. They can also be useful for years to come. Binge watching videos and trying the techniques can help you rapidly grow.
#6 Home Lab
Hands on is a must. Get in there and get you hands dirty. Don’t be afraid to fail as those are the times you will learn the most. Setup scenarios and test every software and OS you can get your hands on. Without hands on experience you are going to waste tons of time when you actually try to do things you thought you had down because you understood the concepts. No amount of reading can suffice for real hands on experience.
These are just a few ideas that can help you start on a learning track.
Part 2: So you still want to infosec?