Security 101

4 minute read

Fundamental Information Security Domains

The domains below represent (generally) foundational knowledge areas for infosec professionals. You certainly do not need to be an expert in each of the security disciplines, but knowing as much as you can in each will ensure you are well-rounded information security generalist.

  • Security Fundamentals (e.g confidentiality/integrity/availability, risk management, least privilege, access control, defense-in-depth, etc…)
  • Scripting/Programming (e.g. Python, Ruby, Powershell, Bash, Java, C, C#, etc…)
  • OS Fundamentals (e.g. Linux, Windows, MacOS etc…)
  • Networking (e.g. TCP/IP, Networking Protocols, Routing/Switching, etc…)
  • Web Applications (e.g. HTTP, PHP, HTML, JavaScript, REST, SQL, etc…)

Resources

Learning to Google for things is probably the most valuable piece of advise for better understanding OSINT.

Where to Learn Stuff

There are plenty of online training/learning sites. Below are some of my favorites. Check out this post for a more comprehensive list!

  • Awesome Free Training List - This individual has been maintaining a pretty fantastic list of free resources, everything from training to podcasts.
  • Stack Overflow - Can’t figure something out, stack’s got your back.
  • YouTube - Believe it or not, tons of great instructional videos here.
  • Cybrary - Free IT training.
  • edX - Free online courses across a variety of disciplines.
  • Pluralsight - Paid online video training but has a vast library of courses.
  • Microsoft Virtual Academy - Free training from Microsoft.
  • NIST Special Publications - Computer Security Resources from NIST (take a look at SP 800-53). Can be dry reading, but it will help you talk the talk.
  • NIST CSF - The Cyber Security Framework. More reading from NIST.

Stay Up To Date

Infosec is a fast-moving field. Keeping up to date on everything going on is a large part of being a successful infosec practitioner. The resources below can help you keep track of it all…

To get you started, here is a [curated list of feeds] I follow (subreddits, blogs and twitter accounts). I try to keep it up to date.

Learn to Code

Coding is SUPER important for security professionals. So go learn some!

OS Fundamentals

You’re likely going to be using one or more OS’es to secure the same or other OS’es. In other words, you should probably learn about OS stuff.

Networking

Packets. Segments. Datagrams. Data. It moves from place to place and knowing how that happens is pretty useful.

  • Nmap - Available in the Kali distribution - Learn network scanning and a little TCP/IP while you’re at it!

Web Applications

The Internet. Ever heard of it? It’s full of web apps!

Penetration Testing

Fancy yourself a Mr. Robot-type?

  • VulnHub - Test your might against vulnerable VMs developed by the community.
  • Metasploit Unleashed - Hacking tutorial by the guys at offsec.

Certifications

Certs. Love ‘em or hate ‘em, they can be helpful.

  • CompTIA Security+ - Entry level certification but provides invaluable entry-level knowledge to the field of infosec.
  • SANS - Fantastic cybersecurity training but very expensive.
  • OSCP - Practical penetration testing training (and highly regarded certification in the industry).
  • CISSP - Need to improve resume? This cert can often help.
  • eLearnSecurity - Practical, hands-on infosec training. They have a great catalog of courses.

Cloud

The cloud is just someone else’s computer right? Well if you’re putting stuff on someone else’s computer you should probably learn to secure it even better.

  • AWS - Heard of the cloud? AWS can give you your own chunk of the cloud to play in.
  • Azure - Microsoft is also in the cloud game.
  • Google Cloud - Not to be outdone, Google. Also in the cloud.

Infosec Podcasts

Other Getting Into Infosec Guides

Don’t take it from me! Check out some of these other guides.

Conclusion

Thanks for reading! I hope the guide was useful in some way. I’d also like to reiterate that this is by no means an exhaustive how-to, nor does it represent the best or clearest path to a successful career in infosec. I only hope it can act as a compass for those who are interested.