Laying your Foundation in Cybersecurity

?

In preparation for this week's talk at California State University, Fresno , I've compiled a list of training and some key points for those thinking about starting a career in cyber or IT.

"Over the years I have had the privilege of working alongside some amazing people." -Me, circa 2024

What makes them stand out as amazing?

• We will spend most of our days together, so we have to work well together
• They are Motivated and always looking to improve | Excited to be here and learn.
• They work hard and have good work ethic.
• They are able to communicate well and have great soft skills

?

What can you do to Stand out?

Embrace Experimentation!

• Don't be afraid to experiment with new ideas, tools, technology and processes. Even if initial tests fail, valuable insights can guide you towards more effective solutions and skills that others lack.
• Find hobbies, and things that you think are interesting. Go to places and do meet ups, find other activities that you like to do. This helps you in some many areas, and it's just really Fun!
• Cyber/IT is just a small part of the whole. See what else is out there, and understand the people you are supporting. Its people first!

?

I was/am all over the place trying different things, enjoying life

Nutritionist | Personal Trainer | Photographer | Cinematographer | Wook working classes | Product Development for Rebook | Owned and operated 3 businesses | Foster parent | Drummer | Gardening | Architecture enthusiast

?

Get your foundation and then select a focus

?Be Consistent, yet Flexible in Vision and Tactics:

• Maintain a clear purpose but be flexible with the ways to achieve it. Tactics can change over time as long as they align with the overarching mission.

Example: I got out of film and wanted to get back in. So, I started posting on TikTok every day. I slowly grew my following and portfolio.

Example: I wanted to complete more certifications. So, I have a goal of always having a certification I’m working on. Even if that is Mico certifications. EAT The Elephant

Example: Willem Dafoe had a great quote. "Get your foundation and then start to focus in on the details."

?

How do I gain the “Right” Experience?

?

1. Micro Certifications: Free and Quick to complete. Allows you to add items to your resume and experience. Gives your broad range of skill sets.
2. Certifications: Allows you to focus on a topic. But starting with the basics of Security + and Network +.
3. Internships / Work Placements: Having a cybersecurity work placement on your resume demonstrates practical experience and commitment to the field.
4. CTF (Capture-The-Flag) Events: Participating in CTF competitions provides hands-on experience in solving real-world cybersecurity challenges.
5. Volunteering: Consider volunteering for cybersecurity-related projects or events. Check out Skull Games
6. Networking: Connect with professionals in the field, attend conferences, and join relevant online communities.
7. Set Up Home Labs: Create a lab environment to practice different techniques and tools.
8. Contribute to Open-Source Projects: Collaborate on open-source security projects to enhance your skills.
9. Bug Bounties: Explore bug bounty programs to find and report security vulnerabilities.
10. Find a Mentor: Feedback is Key. The Army has a saying, Shoot – Move - Communicate

?

What Resources | Training are available?

?

Network/Security (Free)

• Cisco Skills For All : Various courses, including cybersecurity.?
• Juniper Learning Portal :?Free courses through their Learning Portal. You can learn about Junos OS, Mist AI, and more. Additionally, they provide recertification options for existing Juniper certifications.
• Aruba Training :?Aruba’s training program covers networking and security.
• Palo Alto Networks :?Free Palo Alto Cyber Certifications
• Aviatrix ACE Program :?Aviatrix focuses on multi-cloud networking and security. Their ACE program offers certification?and expertise in cloud networking.
• Fortinet Training for Cybersecurity Professionals :?Fortinet provides free training for cybersecurity professionals.?
• IBM Training - Free :?Curated learning content used to acquire various skills or knowledge for a specific product, solution, job role or technology area. Collections can also be role-based and include badges
• RIPE.Net : Setwork and Security Training. Free Training, in preparation for certifications.

?

Cyber Security Centered (Free)

• AttackIQ Academy : AttackIQ offers free courses in MITRE ATT&CK, purple teaming, and breach & attack simulation.
• FIRST.ORG : FIRST is providing several different trainings with the goal to educate new CSIRTs and enhance the capabilities of current teams. Free CSIRT Basic Course.
• CodeRed by EC-Council : CodeRed offers free courses in cybersecurity.
• ?(ISC)2 1MCC :?(ISC)2 offers the 1MCC (One Million Cyber Challenge) program.?
• MITRE ATT&CK Training : MITRE ATT&CK is a framework for understanding adversary behavior. Their training resources help enhance cybersecurity skills and knowledge.
• MAD20 for Individual Skills Development on MITRE ATT&CK : Threat-informed defense training on MITRE ATT&CK, offensive and defensive skills to combat cyber threats. Earn Continuing Professional Education (CPE) credits and certifications free.
• Vanta Security Awareness Training (SAT) : Covers essential security topics, including reporting suspicious activity, protecting accounts, and secure data handling.
• Microsoft Defender XDR Ninja Training : This training program focuses on becoming a Microsoft Defender XDR ninja.
• AWS Educate : AWS provides educational resources through AWS Educate. It’s a great platform for learning about cloud computing, AWS services, and more.
• Duo Level Up ?: Duo offers a course on protecting applications using their security solutions.?
• Rapid7: Cyber product Training Free.
• Forage : Cyber simulation to showcase your knowledge & get noticed by recruiters from top companies.
• Salesforce Trailhead: Free Training, Badges, and certifications in Cyber + Others.

?

Cyber Security Centered (Paid)

• TCM Security Academy : Full courses, boot camps and certifications.
• ?OffSec: : Full courses, boot camps and certifications.
• ?Cybrary: Full courses, boot camps and certifications.
• ?INE Security: Full courses, boot camps and certifications.
• ?Linux Professional Institute (LPI) : Full courses and certifications.
• ?AKYLADE Certified Cyber Resilience: Full courses and certifications.
• ?Infosec Institute : Full courses, boot camps and certifications.
• ?Pwned Labs: Full courses, boot camps and certifications.
• ? Security Institute : Full courses, boot camps and certifications.
• ?DestCert : Full courses, boot camps and certifications. Focused on CISSP+CCSP
• ?Bachelor’s Degrees in Applied Cybersecurity (BACS) | SANS Technology Institute

?

Google (Security, Network, Developer)

• Google Analytics Certification from Google | Class Central : Free Google Analytics Certification
• Google for Data Scientists :?Free Courses and certifications with Google Analytics
• Google for Creatives : Free Google Certifications in Applied Digital skills, and sub categories.
• Google for Developers: ?Free Courses and some certs for Developers
• Qwiklabs Courses | A Google Company: ?Free courses and Certifications for Google and Google Networking

?

Developer Centered Courses (Free)

• Databricks Training : Databricks provides training related to data engineering, analytics, and machine learning.?
• Postman Academy : Postman Academy offers both instructor-led workshops and self-study learning modules. Whether you’re new to Postman or an ongoing learner, you can enhance your skills in API testing and development.
• HubSpot Academy : HubSpot Academy provides comprehensive online training in marketing, sales, and customer service. Their globally recognized certifications cover topics like inbound marketing, social media, email marketing, and more.
• Snyk Learn : Snyk Learn offers developer security education and product training. You can explore interactive lessons on finding and fixing vulnerabilities, as well as using Snyk for security
• Cisco DevNet Start Now : Certifications in network programmability, developer fundamentals, and more. Learn about data serialization formats (XML, JSON, YAML), APIs, Python, Ansible, and Infrastructure as Code (IaC).

?

?

Risk Management (Free + Paid)

• FAIR Institute : The FAIR Institute is a research-driven not-for-profit organization dedicated to advancing the discipline of cyber and operational risk management. Free Cyber Risk Management Course/Certification
• NIST | RMF Introductory courses : The new online introductory courses are between 45-60 minutes, and available at no cost, and registration is not required.

?

Courses for Federal, State or Tribal governments. (Restricted + Free)

• Texas A&M Engineering Extension Service (TEEX)? 2 : TEEX provides a cybersecurity program. Although the exact content isn’t specified, it’s worth exploring for comprehensive training.
• Federal Virtual Training Environment (FedVTE) ? 2 : FedVTE provides free cybersecurity training for government employees and veterans. It covers various topics related to information security. There is the open public content section or sign up with our FEMA ID.
• First Responder Training System (FRTS) ? 3 : FRTS offers courses for first responders. Unfortunately, the exact content isn’t specified, but it’s relevant for emergency personnel.

?

?

Internship + Scholarship Opportunities

• NIST Pathways Program | NIST : The Pathways Program offers clear paths to Federal internships for students from high school through post-graduate school and to careers for recent graduates and provides meaningful training and career development opportunities for individuals who are at the beginning of their Federal service.?
• Intelligence and Cybersecurity Diversity Fellowship Program | Homeland Security ( dhs.gov ) The program will recruit high-performing individuals in intelligence or cybersecurity career paths from institutions of higher learning to support DHS’s mission. During the 12-week program, participants will be immersed in a federal work environment by collaborating with subject matter expert mentors on projects and performing assigned tasks on the intelligence and cybersecurity track.?
• CyberCorps?: Scholarship for Service ( opm.gov ) : CyberCorps recruits and trains the next generation of information technology professionals, industrial control system security professionals, and security managers to meet the needs of the cybersecurity mission for Federal, State, local, and tribal governments.?
• BreackLine (A Google Company): ?BreakLine provides education and coaching for exceptional, women, people of color, people with disabilities, and veterans who are interested in accelerating into the next phase of their careers

?

?

?

?

?

?

?

?

Cyber Associations + Certification Bodies

• Cyber Security Career Lifecycle? - ISSA International
• Cybersecurity Certifications | Information Security Certifications | ISC2
• (IT) Information Technology Certifications | CompTIA IT Certifications
• Home page | EC-Council Learning ( eccouncil.org )
• https://www.sans.org/
• IT Certifications | Earn IT Credentials | ISACA
• Cyber Security Certifications | GIAC Certifications
• Global Cyber Alliance: Enabling a Secure and Trustworthy Internet

?

Network Focused + Security Certifications

• Current Exam List - Cisco
• Certification | Juniper Networks US
• Education Services | HPE Aruba Networking ( arubanetworks.com )
• Certification | Palo Alto Networks
• How to get Certified for Cybersecurity | Fortinet

?

Training Events

• Black Hat | Home : Renowned computer security conference that provides consulting, training, and briefings to hackers, corporations, and government agencies worldwide.
• DEFCON : DEF CON is the premier event for hackers, corporate IT professionals, and government agencies aiming to expand their knowledge and skillset in the world of hacking.
• SANS | Cyber Security Training : SANS Institute, founded in 1989, empowers cybersecurity professionals with practical skills and knowledge to enhance global security. They offer high-quality training, certifications, and resources for individuals and organizations.

?

Great YouTube Channels

• Pirate Software | Pen Testing : You’ll find developer conversations and insights into their creative process.
• The Bearded I.T. Dad : Cyber Career Advice
• ThePrimeTime | Security and Developing : Scams in Software Engineering: They discuss scams and pitfalls in the software engineering field, solving Leetcode questions, and sharing their problem-solving strategies.
• Deviant Ollam | Pen Testing : Physical penetration specialist with?The CORE Group ?and the Director of Education for?Red Team Alliance .
• Essential Craftsman : It does not matter what field you are in, Scott does such a wonderful job of giving insight into hard work, staying motivated and proper work ethics.
• Willem Dafoe | How to approach projects : Centered around Acting, these universal points have impact across many fields.
• collinsinfosec | Cyber Talks : Wonderful insight into the industry and an honest perspective.
• The Website is Down #1: Sales Guy vs. Web Dude ( youtube.com ) : Ment for the seasoned IT professional, with a sense of humor! lol
• Sci-Fi Coding : Music for incident response in a isolated outpost
• Dystopian Coding : Music for incident response after the apocalypse
• Retro Coding Soundtrack : Music for incident response in the 80’s/90’s

?

Conferences

• Black Hat USA 2024
• DEF CON? Hacking Conference Home
• Wild West Hackin' Fest ( wildwesthackinfest.com )
• Cybersecurity Conference & Hacking Convention ( hackerhalted.com )
• Presentations at CanSecWest 2024 in Vancouver, BC from March 20 to 22. - secwest.net - secure virtual engagement
• 37th Chaos Communication Congress Infos ( ccc.de )
• Hack The Box: The #1 Cybersecurity Performance Center
• [HOPE XV] Welcome to Hackers On Planet Earth!

?