I'm at the director level in cyber security. I've had to learn this stuff myself for the most part over the last 6 years or so as there is a dearth of information out there. (been in IT over 20 years) Nobody seems to understand "why" we do things. It's very frustrating. I'm an architect so understanding "why" we do things is very important to me (and management that pays the bills).
https://www.cisecurity.org/controls/cis-controls-list
It is by far the most easy to understand way of expressing what do in cyber security to secure the information systems. See if you can download the controls. They used to include diagrams which were very helpful. I need to download the latest version myself. Use your college e-mail address as your college may already have a CIS SecureSuite Membership.
I consider the CIS critical controls to be "momma". If you have a question about how we do cyber security, see what "momma" has to say about it. There are tons of security frameworks/controls out there, but they all map back to "momma" for the most part.
The controls are listed in order of importance with "1" being the most important. Everybody wants to do penetration testing because they want to be a "hacker", but it is in fact the least important thing "number 18" of what we do in cyber security.
Cyber security isn't glamorous. It is a constant game of "whack-a-mole".
Oh, and learn some fucking networking. I am astounded at how little cyber security people know about networking, but it is getting better. If you don't understanding networking, how the hell can you do your job? I brought my networking skills into cyber security.
Update: CIS Controls v7.1 has diagrams. CIS Controls v8 has no diagrams. You can still download v7.1.
I'm at the director level in cyber security. I've had to learn this stuff myself for the most part over the last 6 years or so as there is a dearth of information out there. (been in IT over 20 years) Nobody seems to understand "why" we do things. It's very frustrating. I'm an architect so understanding "why" we do things is very important to me (and management that pays the bills).
https://www.cisecurity.org/controls/cis-controls-list
It is by far the most easy to understand way of expressing what do in cyber security to secure the information systems. See if you can download the controls. They used to include diagrams which were very helpful. I need to download the latest version myself. Use your college e-mail address as your college may already have a CIS SecureSuite Membership.
I consider the CIS critical controls to be "momma". If you have a question about how we do cyber security, see what "momma" has to say about it. There are tons of security frameworks/controls out there, but they all map back to "momma" for the most part.
The controls are listed in order of importance with "1" being the most important. Everybody wants to do penetration testing because they want to be a "hacker", but it is in fact the least important thing "number 18" of what we do in cyber security.
Cyber security isn't glamorous. It is a constant game of "whack-a-mole".
Oh, and learn some fucking networking. I am astounded at how little cyber security people know about networking, but it is getting better. If you don't understanding networking, how the hell can you do your job? I brought my networking skills into cyber security.