Just got a job as an Information Security Specialist

And I am SO stoked. I'm opening up all my channels (forums) of information to keep abreast of everything security related.

That being said, this, and one of my linkedin groups are the only two resources I have. I need to expand it a bit if I'm to thrive in here.

So, I present you, a couple of questions.

First, I just want to throw this statement out there:
I'm not looking to get direct answers, as in, you do my job for me. I'm merely trying to get to a point of knowing where to look for answers, suggestions, and come up with my own informed decisions, but from reputable sources.

First question:
Where do you go for tech news, specifically security related news such as new attacks and such?

What are reputable websites that dive into security related programs and gives unbiased reviews for them?

Are there any books for my desk anyone recommends? I'm going to be starting with Pen Testing. Quick reference books, or websites, would be great. I haven't dived into pen testing yet, but will be trained in it from the ground up.

If there are any more questions I will post them in here, but I think that these will really help me start running.

Thanks for taking the time to read this, if you read it. I do appreciate it.

Find more posts tagged with

Comments

stryder144

I recommend the following book: Information Security: The Complete Reference by Mark Rhodes-Ousley. Very in depth and informative. As for websites: nist.gov.

shawnx715

This is my go to: https://www.scmagazine.com/

shochan

Depending on where you are at & what software tools you use...but if you do use Nessus, I look up plugin vulnerabilities here all the time:

Nessus Plugins

JasminLandry

For me Twitter is my #1 resource for security news and updates.

Oh and congrats on the new job!

Jasiono

Perfect, thanks for the replies so far!

NIST.GOV is a little hard to navigate. I'll keep at it. I also just ordered that book after reading some of the reviews and taking a look inside the book on amazon. Very nice, thanks a lot for that I really appreciate it!

I'll have to set up a twitter account and follow some sources as well.

I checked out scmagazine.com and I added it to my bookmarks, as well as nist.gov.

Jasiono

shochan wrote: »

Depending on where you are at & what software tools you use...but if you do use Nessus, I look up plugin vulnerabilities here all the time:

Nessus Plugins

That's the first assignment I have. I'm looking at different tools to use and compare to what we currently use for application testing (we use webinspect right now).

Currently we are in the process of becoming ISO 27001 certified, so there's going to be a boatload of documentation as well as procedural manuals.

dhay13

Nessus is free for home use. When I got my current job and found out I would be using it daily I installed it at home. Takes about a day to become proficient with it. Takes a little longer to understand what it is telling you though. Cybrary.it actually has a micro-cert for Nessus. I completed that for free (with the coupon code) about a month ago. It's not a wall hanger or anything like that but it was free and I use it every day so thought it may be useful down the road.

Oh, and congrats!

xxxkaliboyxxx

Different blogs from the major infosec players and rss feeds from the nmap site.

Also, brush up on your reporting skills and get some templates for incident response. Get some blue team cook books and reference handbooks.

Most likely you will not be doing any red teaming, you will be considered blue team so incident response would be a bigger priority than pentesting.

PC509

I listen to this podcast daily - https://isc.sans.edu/podcast.html

It's a quick 5 minute overview of new security issues that happen daily. Very informative, keeps you up to date on the most recent news and exploits. Not too detailed (Google for that), but you know what's going on.

TechGuru80

Is your job a pentesting job? If not, and you are just starting, that's not going to be the biggest ROI place to start.

As far as resources...krebs on security, Bruce Schneier anything, dark reading are just a few resources on the web.

kalimuscle

Congrats