Cyber Resources for Beginners

I am often asked “how do I get into cyber”? That one innocent question is often more loaded than the requester realizes. For one, the “cyber” community is huge and there is a position for just about every mindset. It takes a lot to run and secure a networked environment. Are you process oriented and enjoy checklists? Then Certification & Accreditation (C&A) work may be for you. Are you over analytical and enjoy researching complex topics? Then threat analysis may be a great fit. If you enjoy investigations and technical analysis, then Hunt & Incident Response may be a good fit. We also need solid technical writers and graphic artists that are capable of understanding the complex technical material and presenting it clearly & concisely in reports. 

The “Map of Cybersecurity Domains v2.0” can help new comers figure out their place in the world- it also helps seasoned practitioners deconflict areas of responsibility and cultural biases- but that’s a completely separate rant/blog. I recommend taking a look at the map and starting some surface-level research into each area to help guide you in your early career.   

The one common trait I see across the community is a desire to continue learning. In that regards, the community offers many, many… many resources. If you are asking the question “how do I get into cyber”, I highly recommend that you go in-depth with the below resources. If you are already involved in the community, I would love to hear about additional resources that I may have missed. This list is primarily focused on free or inexpensive resources that are a good fit for beginners. 

Conferences & Video Resources

www.cybrary.it 

Offering free cyber training videos and material for most cyber certs. Cybrary’s layout helps newcomers figure out the correct learning path by breaking out the training by skill level and by skill type. They also have a great forum, webinars, and links to other free resources. 

YouTube (duh)

I highly recommend Professor Messer for those looking at Net+ and Sec+ certs. BSides videos (and many other Cons) are recorded and posted by IronGeek. Videos from conventions are great resources since they let you see projects and problem sets that are being worked in the community while also picking up tips from other analysts’ “lessons learned”. This community is all about learning and YouTube is a great place for supplemental topics and videos. Besides checking out these two sources, YouTube is a great resource to search against when you're stuck in a project. There just might be a video explaining that step...

https://www.youtube.com/channel/UCkefXKtInZ9PLsoGRtml2FQ

https://www.youtube.com/user/irongeek/playlists

BSides (local to your area)

BSides events are a great opportunity to learn from and connect with local security professionals. They are also a lot of fun. At BSides, you will get involved in the talks and projects. 

Learn Linux

I’ll be honest, I’m still struggling with this one. Thankfully there are a few resources under this category.

Overthewire.org

Free site for different types of war games. I've actually only played with Bandit so far but I love the delivery and experience. All you need is to install Putty and SSH to their environment. It is a great way to explore Linux commands and file structure. 

https://vim-adventures.com

Great little game where you move a character around a map using VIM commands. 

https://www.vimsnake.com/

“Make your Vim snake eat the food to increase your score.”

Read, Read, Read.

No Starch Press

Not free, but still a great site for purchasing books that will take you through hands on experiences. Whether you want to learn to code or learn malware analysis, there is a book for you. If you’re looking for cool home projects to work on with your kids, they have some awesome coding projects for video games and the LEGO series of books looks promising too. 

Blogs

I use Digg Reader for my RSS feed because I like the way it sync’s with my phone for mobile reading or desktop reading. Below is a very small sample of the sites that I try to follow regularly. 

https://taosecurity.blogspot.com/

https://researchcenter.paloaltonetworks.com/

https://www.fireeye.com/blog/threat-research

https://www.alienvault.com/blogs/security-essentials

https://blogs.cisco.com/

https://blog.passivetotal.org/

https://blog.checkpoint.com/

https://threatpost.com/

Home Lab

Now… put it all in a home lab. It doesn’t take much to fire up a Virtual Machine of Ubuntu or Kali and start building your muscle memory. Grabbing old hardware from family members is another great way to get machines into your lab. Here are few resources to play with at home:

https://securityonion.net/

https://github.com/philhagen/sof-elk