Does anyone work in Information Security?

Cromulent

Cromulent

Cromulent

Soldato
Joined
1 Nov 2007
Posts
5,613
Location
England
First of all, I'm only ever intending on being a white hat.

I was wondering if anyone had any suggestions for books? I'm interested in anything that will give me a grounding in the subject. My eventual aim is to report security bugs to open source software as I think that would be pretty interesting. Having said that I'd also like to explore network security as well.

Any tips appreciated :).
 

AhhBisto

AhhBisto

AhhBisto

Associate
Joined
23 Feb 2019
Posts
461
Cromulent said:
First of all, I'm only ever intending on being a white hat.

I was wondering if anyone had any suggestions for books? I'm interested in anything that will give me a grounding in the subject. My eventual aim is to report security bugs to open source software as I think that would be pretty interesting. Having said that I'd also like to explore network security as well.

Any tips appreciated :).
Click to expand...

I have worked in the network security field not so much software testing though.

What sort of base of knowledge do you have?

Btw working in information security isn't all about software or even hardware. When I was training we first learnt basic concepts such as door locks or human error and then basic cryptography. Because it doesn't matter how good your systems are if someone is mailing personal data to another office via an insecure email or device.
 

AHarvey

AHarvey

AHarvey

Soldato
Joined
6 Mar 2008
Posts
10,078
Location
Stoke area
I'm actually looking at getting into the industry now from a general infosec grounding.

Physical security I find easier despite having a technical background, so lock picking etc.

Twitter seems the place to connect to others in the field, http://jasonestreet.com/ is worth following and you'll soon find others being suggested.

He's got 3 books that are on my Christmas list :D

I've also seen "How to measure anything in CyberSecurity Risk" by Stuart McClure and Daniel E. Geer as a highly recommended book.

Youtube and places like Vulnhub.

I'm planning on getting a website set up asap listing a lot of resources I've found so far :)

http://ir0nin.com/

I certainly wouldn't worry about the colour of your hat yet, learn the techniques and how they are used. then put them to use :)
 

Cromulent

Cromulent

Cromulent

Soldato
OP
Joined
1 Nov 2007
Posts
5,613
Location
England
AhhBisto said:
I have worked in the network security field not so much software testing though.

What sort of base of knowledge do you have?

Btw working in information security isn't all about software or even hardware. When I was training we first learnt basic concepts such as door locks or human error and then basic cryptography. Because it doesn't matter how good your systems are if someone is mailing personal data to another office via an insecure email or device.
Click to expand...

I've been a programmer for about 5 years but only really done normal everyday web development. Nothing that special.
 

Cromulent

Cromulent

Cromulent

Soldato
OP
Joined
1 Nov 2007
Posts
5,613
Location
England
AHarvey said:
I'm actually looking at getting into the industry now from a general infosec grounding.

Physical security I find easier despite having a technical background, so lock picking etc.

Twitter seems the place to connect to others in the field, http://jasonestreet.com/ is worth following and you'll soon find others being suggested.

He's got 3 books that are on my Christmas list :D

I've also seen "How to measure anything in CyberSecurity Risk" by Stuart McClure and Daniel E. Geer as a highly recommended book.

Youtube and places like Vulnhub.

I'm planning on getting a website set up asap listing a lot of resources I've found so far :)

http://ir0nin.com/

I certainly wouldn't worry about the colour of your hat yet, learn the techniques and how they are used. then put them to use :)
Click to expand...

Awesome. Thank you. I'll keep an eye on your website as well.
 

Beerbaron

Beerbaron

Beerbaron

Soldato
Joined
28 Feb 2006
Posts
6,044
Location
Beds
I work within information security.

You are looking more at pen testing than info sec.

Check out CREST for industry certs or (EC-Council) Certified Ethical Hacking.

There are some good bug bounty blogs for beginners which are worth reading.
 

craaaaaig

craaaaaig

craaaaaig

Associate
Joined
1 Sep 2004
Posts
678
Location
Kent
I'd recommend James Foreshaws 'Attacking Network Protocols' depending on your experience and 'Red Team Field Manual' and 'Blue Team Field Manual' for beginners

e/ If it isn't just bug hunting you are looking at getting in to I'd also recommend

hackthebox.eu
vulnhub.com

Discord infosec communities and obviously twitter are also invaluable
 

Cromulent

Cromulent

Cromulent

Soldato
OP
Joined
1 Nov 2007
Posts
5,613
Location
England
Thanks for all of the recommendations. I'll certainly check them out. After a quick browse through, I had a look at the Certified Ethical Hacker exam and found the accompanying exam guide on Amazon, which looks like a good start.

In the meantime, I've been reading a book called Low-Level Programming which has been great at refreshing my knowledge of the C programming language as well as teaching myself assembly for x86_64 which I have never attempted before. I'm sure this low-level programming knowledge will be useful in finding exploits in software and services.
 
You must log in or register to reply here.
Back
Top Bottom