Does anyone work in Information Security?

Cromulent

Cromulent

Cromulent

Soldato
Joined
1 Nov 2007
Posts
6,243
Location
England
First of all, I'm only ever intending on being a white hat.

I was wondering if anyone had any suggestions for books? I'm interested in anything that will give me a grounding in the subject. My eventual aim is to report security bugs to open source software as I think that would be pretty interesting. Having said that I'd also like to explore network security as well.

Any tips appreciated :).
 
Cromulent said:
First of all, I'm only ever intending on being a white hat.

I was wondering if anyone had any suggestions for books? I'm interested in anything that will give me a grounding in the subject. My eventual aim is to report security bugs to open source software as I think that would be pretty interesting. Having said that I'd also like to explore network security as well.

Any tips appreciated :).
Click to expand...

I have worked in the network security field not so much software testing though.

What sort of base of knowledge do you have?

Btw working in information security isn't all about software or even hardware. When I was training we first learnt basic concepts such as door locks or human error and then basic cryptography. Because it doesn't matter how good your systems are if someone is mailing personal data to another office via an insecure email or device.
 
I'm actually looking at getting into the industry now from a general infosec grounding.

Physical security I find easier despite having a technical background, so lock picking etc.

Twitter seems the place to connect to others in the field, http://jasonestreet.com/ is worth following and you'll soon find others being suggested.

He's got 3 books that are on my Christmas list :D

I've also seen "How to measure anything in CyberSecurity Risk" by Stuart McClure and Daniel E. Geer as a highly recommended book.

Youtube and places like Vulnhub.

I'm planning on getting a website set up asap listing a lot of resources I've found so far :)

http://ir0nin.com/

I certainly wouldn't worry about the colour of your hat yet, learn the techniques and how they are used. then put them to use :)
 
AhhBisto said:
I have worked in the network security field not so much software testing though.

What sort of base of knowledge do you have?

Btw working in information security isn't all about software or even hardware. When I was training we first learnt basic concepts such as door locks or human error and then basic cryptography. Because it doesn't matter how good your systems are if someone is mailing personal data to another office via an insecure email or device.
Click to expand...

I've been a programmer for about 5 years but only really done normal everyday web development. Nothing that special.
 
AHarvey said:
I'm actually looking at getting into the industry now from a general infosec grounding.

Physical security I find easier despite having a technical background, so lock picking etc.

Twitter seems the place to connect to others in the field, http://jasonestreet.com/ is worth following and you'll soon find others being suggested.

He's got 3 books that are on my Christmas list :D

I've also seen "How to measure anything in CyberSecurity Risk" by Stuart McClure and Daniel E. Geer as a highly recommended book.

Youtube and places like Vulnhub.

I'm planning on getting a website set up asap listing a lot of resources I've found so far :)

http://ir0nin.com/

I certainly wouldn't worry about the colour of your hat yet, learn the techniques and how they are used. then put them to use :)
Click to expand...

Awesome. Thank you. I'll keep an eye on your website as well.
 
I work within information security.

You are looking more at pen testing than info sec.

Check out CREST for industry certs or (EC-Council) Certified Ethical Hacking.

There are some good bug bounty blogs for beginners which are worth reading.
 
I'd recommend James Foreshaws 'Attacking Network Protocols' depending on your experience and 'Red Team Field Manual' and 'Blue Team Field Manual' for beginners

e/ If it isn't just bug hunting you are looking at getting in to I'd also recommend

hackthebox.eu
vulnhub.com

Discord infosec communities and obviously twitter are also invaluable
 
Thanks for all of the recommendations. I'll certainly check them out. After a quick browse through, I had a look at the Certified Ethical Hacker exam and found the accompanying exam guide on Amazon, which looks like a good start.

In the meantime, I've been reading a book called Low-Level Programming which has been great at refreshing my knowledge of the C programming language as well as teaching myself assembly for x86_64 which I have never attempted before. I'm sure this low-level programming knowledge will be useful in finding exploits in software and services.
 
You must log in or register to reply here.
Back
Top Bottom