There are many resources available to learn cybersecurity. So many that it can be difficult to choose. In general, I would be wary of any course or certification that promises a job after completion. It isn’t a realistic expectation, and employers will always expect some real experience.
You should instead aim to get good foundational knowledge and build from there. As security is such a wide subject it might take you a bit to find your niche.
I have made a selection of material that might be useful if you are starting in cyber. I hope you find them useful.
Feel free to reach out if you have any queries. π
π Guides
Infosec Survival Guide
The first port of call is the fantastic guide from the guys at Black Hills Information Security. Probably one of the best and more entertaining guides:
Cybersecurity Hiring Manager Handbook
π« Courses and Training
Hack The Box
If you want to learn security concepts and hacking techniques there are environments like Hack The Box. However, I find that the learning curve is quite steep for those with less experience. I haven’t checked recently, but the free tier used to be quite limited.
TryHackMe
For an easier entry level you can check TryHackMe. My criticism is that some of the material could be better written. There is a lot of free content available. I have added some lists to help you make the most of it. My profile is dhacks, come and say hello.
- TryHackMe
- Free TryHackMe Training: The Ultimate Guide for Beginners
- winterrdog/tryhackme-free-rooms: a list of 390+ Free TryHackMe rooms
Pay What You Can – Antisyphon Training
Antisyphon Training offer courses in a pay what you can basis. They allow you to attend for free, but if you pay a minimum of 25$ you will get a certificate of attendance.
Other sites and free courses
- DFIR Diva
- Curated lists of trainings and events.
- Cybrary
- Free entry-level cybersecurity training.
- Open Security Training
- Non-profit organisation providing free cybersecurity training.
- SANS Cyber Aces
- Free cybersecurity training from SANS.
- edX Certificates in Cybersecurity
- Stanford Cybersecurity courses
- Google Career Certificate in Cybersecurity
π² Games
KC7
On a more entry level you have KC7, a free game, originally aimed at students. I havenβt looked at it in detail, but it is free, very engaging, and maybe an even easier entry point than any of the above. It is aimed to those with no background in cyber.
King of the Hill
TryHackMe also provides a free game environment called King of the Hill, where you and your opponent attempt to secure your environment while attacking his. This one requires a bit more knowledge but it can be good fun.
Backdoors & Breaches
Backdoors & Breaches is a card game that can be used as a tabletop exercise. The objective of the game is for the players to discover the four attack methods used for:
- Initial Compromise
- Pivot and Escalate
- C2 and Exfiltration
- Persistence.
There are different decks for different scenarios, and you can play a realistic scenario (where the tools available mimic the ones your organisation is using), or an open one. There is a free online version:
π Certifications
There are far far too many, and not all of them will help you professionally. Please, have a read on certifications in the already mentioned Infosec Survival Guide.
You can use the following sites to help you choose what certification is most suited to your goals.
π¨π½βπ« Webinars
There are far too many to list them all. In most cases they are going to be driven by vendors, which understandably have their own agenda (selling their product/services). I recommend to look for community webinars.
Black Hills Information Security
Their webinars happen 2-3 times per week and they will bring employees or different people from the industry to give talks. Sometimes they are really good, and sometimes I don’t find them as useful, but it is always great to have different specialists talking about different subjects. Additionally, you get attendance certificates that count towards your CISSP or similar certifications.
I think that it is important to stress that absolutely no one is an expert in all aspects of security, and this is why I like BHIS’ approach. They bring the relevant experts to talk about each subject, with members of the community chipping in with their experiences and questions.
π° News / Podcasts
SANS Internet Storm Center
This daily podcast hosted by Dr. Johannes Ullrich gives you the 5 minutes overview of the most important events and vulnerabilities going on. It is available in several platforms.
BHIS Talkin’ About News Podcast
This weekly podcast discusses the news of the week between different members of their staff and at times some external guests. Their staff has pentesters, blue and red teamers, SOC analysts, governance specialists, documentation writers, and so on. All that combined provides a really wide perspective of the industry.
My only complain is that their point of view tends to be very US centric, but understandable as that is where they are based. The podcast is available in several platforms. The below doesn’t list them all. Search for it in your preferred podcast platform.
- YouTube – Talking’ Bout News
- Apple Podcasts – Talkin’ About [Infosec] News
- Spotify – Talkin’ About [Infosec] News
π§π»βπ€βπ§π½Communities
Being part of a community can be extremely beneficial in terms of learning and networking. There are both online and in-person communities. Don’t worry if you feel you don’t have enough knowledge. The purpose of communities are precisely to help each other!
Healthy communities are formed by people that are welcoming and willing to help. We have at one point or another of our careers been at the starting point of something new. π
- π Online
- π In Person / π Online
You can find security related events local to you on sites like Meetup or Eventbrite.
πͺEvents
Besides community events there are also the following that can be useful:
- Infosecurity exhibitions/conferences
- Vendor or organisation’s events
π¦ Infosecurity exhibitions and conferences
These are events that are meant for vendors to showcase their products. They happen once a year and are a good way to see what the industry is doing or heading to. You can try different solutions and products, and make contacts with vendors.
Some available around London are:
- March – Cloud & AI Infrastructure / Cloud & Cyber Security Expo
- June – Infosecurity Europe
- October – Cybersecurity Expo / Security Cleared Expo
- December – Black Hat Europe
- December – Bsides London
π’ Vendor or organisation events
Some vendors will organise events to showcase their products. They are usually meant to get new customers, so depending of your role, you might find that you donβt get invited as often as you would like to.
These can be useful to meet people that are evaluating the same solutions as you, or to establish a closer relationship with a vendor. Visit websites of the vendors and solutions you are interested in and sign up to events you might be interested in.
