Any cyber security people in here? I am currently on my second semester and having trouble understanding many of the concepts. Any advice on online tools or who to follow online to get a better understanding? Or does anyone want to be my tutor? HA.. I am sure it will all come to me as I continue. I am learning from home, didn't want the VAX.. 😄
You're viewing a single comment thread. View all comments, or full comment thread.
Comments (18)
sorted by:
I'm at the director level in cyber security. I've had to learn this stuff myself for the most part over the last 6 years or so as there is a dearth of information out there. (been in IT over 20 years) Nobody seems to understand "why" we do things. It's very frustrating. I'm an architect so understanding "why" we do things is very important to me (and management that pays the bills).
https://www.cisecurity.org/controls/cis-controls-list
It is by far the most easy to understand way of expressing what do in cyber security to secure the information systems. See if you can download the controls. They used to include diagrams which were very helpful. I need to download the latest version myself. Use your college e-mail address as your college may already have a CIS SecureSuite Membership.
I consider the CIS critical controls to be "momma". If you have a question about how we do cyber security, see what "momma" has to say about it. There are tons of security frameworks/controls out there, but they all map back to "momma" for the most part.
The controls are listed in order of importance with "1" being the most important. Everybody wants to do penetration testing because they want to be a "hacker", but it is in fact the least important thing "number 18" of what we do in cyber security.
Cyber security isn't glamorous. It is a constant game of "whack-a-mole".
Oh, and learn some fucking networking. I am astounded at how little cyber security people know about networking, but it is getting better. If you don't understanding networking, how the hell can you do your job? I brought my networking skills into cyber security.
Update: CIS Controls v7.1 has diagrams. CIS Controls v8 has no diagrams. You can still download v7.1.
I think this is an important callout.
The control list is a good high-level overview of the industry that you can then specialize into what interests you.
u/solarsavior may be focused on defense-in-depth and compliance
red-teamer may be focused on abusing proxies and selenium
SOC analyst is interested in basic triage forensics
a threat hunter would be interested in TTPs from recent campaigns
Its good to cross-discipline, but nobody does everything.
I am doing the Lab work, and passing them, but I want to REALLY learn it, and yes, I think I lack networking knowledge. Any sources to help me better understand that.. that you think are better than others?
The Network+ certification is still around. I got one of these years ago when I was self-training to change careers and get into IT. Get one of these.
https://www.comptia.org/certifications/network#exampreparation
https://www.amazon.com/CompTIA-Network-Certification-N10-008-Comptia/dp/1264269056/ref=sr_1_1?keywords=comptia+network%2B+total+seminars&qid=1674772567&s=books&sr=1-1
Consider building a home network.
Edit: Hold on. There used to be some network simulation software. Looking to see if it is still around.
https://www.networkstraining.com/network-simulation-software-tools/
https://www.imedita.com/blog/top-10-list-of-network-simulation-tools/
I haven't messed with in ages, but GNS3 was promising. There are others.
Awesome man.. I've been into your links since you posted them here. I think this will help me. My dad is a very smart computer guy, he did this type of stuff for a long time, however, we don't talk. Politics and covid related... so I want to learn this even more. I just need to make it all click in my brain.
Be willing to skip around when learning things if you can. Learn what interests you first if you can. You’ll gain momentum and it will get easier. I was completely self-taught before I changed careers. I got lucky in that I changed careers in 2000; the best time in recent history to get into IT.
Skip the fucking OSI Model if you can. Learn it later. It won’t click until you know what a hub, switch, router, etc. actually do. It always bothered me that they put it at the start of the book when it should be at the end.
We all start somewhere. I remember that Commodore 64 and being up all night, mostly trying to figure out how to format a floppy disk. I remember buying a home networking kit; basically a hub, two network cards, and cabling. The damn thing wouldn’t work. Learned that coiled up unshielded networking cable doesn’t work.
Wow, good stuff here. Can't thank you enough! I hope we can be friends, ha. I am going to start check in to all this stuff now. Thank You!