Just got a job as an Information Security Specialist
Jasiono
Member Posts: 896 ■■■■□□□□□□
And I am SO stoked. I'm opening up all my channels (forums) of information to keep abreast of everything security related.
That being said, this, and one of my linkedin groups are the only two resources I have. I need to expand it a bit if I'm to thrive in here.
So, I present you, a couple of questions.
First, I just want to throw this statement out there:
I'm not looking to get direct answers, as in, you do my job for me. I'm merely trying to get to a point of knowing where to look for answers, suggestions, and come up with my own informed decisions, but from reputable sources.
First question:
Where do you go for tech news, specifically security related news such as new attacks and such?
What are reputable websites that dive into security related programs and gives unbiased reviews for them?
Are there any books for my desk anyone recommends? I'm going to be starting with Pen Testing. Quick reference books, or websites, would be great. I haven't dived into pen testing yet, but will be trained in it from the ground up.
If there are any more questions I will post them in here, but I think that these will really help me start running.
Thanks for taking the time to read this, if you read it. I do appreciate it.
That being said, this, and one of my linkedin groups are the only two resources I have. I need to expand it a bit if I'm to thrive in here.
So, I present you, a couple of questions.
First, I just want to throw this statement out there:
I'm not looking to get direct answers, as in, you do my job for me. I'm merely trying to get to a point of knowing where to look for answers, suggestions, and come up with my own informed decisions, but from reputable sources.
First question:
Where do you go for tech news, specifically security related news such as new attacks and such?
What are reputable websites that dive into security related programs and gives unbiased reviews for them?
Are there any books for my desk anyone recommends? I'm going to be starting with Pen Testing. Quick reference books, or websites, would be great. I haven't dived into pen testing yet, but will be trained in it from the ground up.
If there are any more questions I will post them in here, but I think that these will really help me start running.
Thanks for taking the time to read this, if you read it. I do appreciate it.
Comments
-
stryder144
Member Posts: 1,684 ■■■■■■■■□□
I recommend the following book: Information Security: The Complete Reference by Mark Rhodes-Ousley. Very in depth and informative. As for websites: nist.gov.The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia
Connect With Me || My Blog Site || Follow Me -
shochan
Member Posts: 1,014 ■■■■■■■■□□
Depending on where you are at & what software tools you use...but if you do use Nessus, I look up plugin vulnerabilities here all the time:
Nessus PluginsCompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP -
JasminLandry
Member Posts: 601 ■■■□□□□□□□
For me Twitter is my #1 resource for security news and updates.
Oh and congrats on the new job! -
Jasiono
Member Posts: 896 ■■■■□□□□□□
Perfect, thanks for the replies so far!
NIST.GOV is a little hard to navigate. I'll keep at it. I also just ordered that book after reading some of the reviews and taking a look inside the book on amazon. Very nice, thanks a lot for that I really appreciate it!
I'll have to set up a twitter account and follow some sources as well.
I checked out scmagazine.com and I added it to my bookmarks, as well as nist.gov. -
Jasiono
Member Posts: 896 ■■■■□□□□□□
Depending on where you are at & what software tools you use...but if you do use Nessus, I look up plugin vulnerabilities here all the time:
Nessus Plugins
That's the first assignment I have. I'm looking at different tools to use and compare to what we currently use for application testing (we use webinspect right now).
Currently we are in the process of becoming ISO 27001 certified, so there's going to be a boatload of documentation as well as procedural manuals. -
dhay13
Member Posts: 580 ■■■■□□□□□□
Nessus is free for home use. When I got my current job and found out I would be using it daily I installed it at home. Takes about a day to become proficient with it. Takes a little longer to understand what it is telling you though. Cybrary.it actually has a micro-cert for Nessus. I completed that for free (with the coupon code) about a month ago. It's not a wall hanger or anything like that but it was free and I use it every day so thought it may be useful down the road.
Oh, and congrats! -
xxxkaliboyxxx
Member Posts: 466
Different blogs from the major infosec players and rss feeds from the nmap site.
Also, brush up on your reporting skills and get some templates for incident response. Get some blue team cook books and reference handbooks.
Most likely you will not be doing any red teaming, you will be considered blue team so incident response would be a bigger priority than pentesting.Studying: GPEN
Reading: SANS SEC560
Upcoming Exam: GPEN -
PC509
Member Posts: 804 ■■■■■■□□□□
I listen to this podcast daily - https://isc.sans.edu/podcast.html
It's a quick 5 minute overview of new security issues that happen daily. Very informative, keeps you up to date on the most recent news and exploits. Not too detailed (Google for that), but you know what's going on. -
TechGuru80
Member Posts: 1,539 ■■■■■■□□□□
Is your job a pentesting job? If not, and you are just starting, that's not going to be the biggest ROI place to start.
As far as resources...krebs on security, Bruce Schneier anything, dark reading are just a few resources on the web. -
kalimuscle
Member Posts: 100
Congratslive, learn, grow, fail, rebuild and repeat until your heartbeat stops !
