Are you a Rockstar?
If you’re interested in being a security engineer, take a shot at Security Innovation’s canyouhack.us qualification site as a first step.
Want a curated list of the best cybersecurity resources?
You’ve come to the right place. We’ve cut through the noisy barrage of info and listed our favorites.
- Training Courses & Videos – security awareness to secure development to IT security
- Hacking practice – vulnerable apps, CTFs, and computer games
- Career planning – certificate programs, internships, and recruiting sites
- Security tools – discovery, auditing, exploitation, and other tools
- Other resources – community sites, blogs, and learning sites
The following are recorded videos of Security Innovation’s computer-based courses and do not include quizzes, final exam, glossary functions, interactive elements, and other features found in our commercial courses.
- Fundamentals of Application Security
- Course – How to Test for the OWASP Top Ten: A1 – A5
- Course – How to Test for the OWASP Top Ten: A6 – 10
- Fundamentals of Database Security
- Fundamentals of Secure Architecture
- Creating Secure PHP Applications
- Defending AJAX Enabled Applications
- Risk Management Foundations
- Secure Java Coding
- Securing Python Microservices
- Creating Secure C/C++ Code
|Hands-on learning, from basic to advanced:
- Cyberseek – actionable job data and supply/demand heat map
- CyberSN – talent matching platform
- DHS National Initiative for Cybersecurity Careers and Studies
- NIST National Initiative for Cybersecurity Education (NICE)
- Cybersecurity Roadmap Tool – define goals, see what you qualify for
- 6 steps to becoming an information security guru
- PCI SSC training and qualifications
- CyberTalents – ranks job-seeking professionals by running CTFs
Internships are helpful and frequently turn into a full-time position. Also, volunteering is a great way to build up your resume.
TIP: A help desk position is a great way to get general IT experience!
The top recruiting sites allow you to search specifically for internships:
Getting a degree in cybersecurity is nice, but not an absolute requirement to enter the cybersecurity field.
Certifications are considered indicators of ability and can help open doors. Popular ones include:
- COMPTIA Security +
- ISC2 CISSP: Certified Information Systems Security Professional
- ISACA CISM: Certified Information Security Manager
- EC-Council Certified Ethical Hacker
- SANS GSEC: GIAC Security Essentials (GSEC)
- ISACA CISA’s Certified Information Systems Auditor
- OSCP: Offensive Security Certified Professional
- Burp Suite – proxy HTTPS traffic, edit/repeat requests, decode data
- OWASP Zap – attack Proxy for newbies and professionals alike; automatically finds vulnerabilities while developing and testing
- Metasploit Community Edition – develop and execute exploit code
- sqlmap – automates detecting and exploiting SQL injection
- Shodan – search engine for Internet-connected devices
- Nmap – network discovery and security auditing tool
Guides & References
- Secure, Resilient & Agile Software Development – actionable book
- OWASP Web Security Testing Guide – covers Web services too
- Web Security Academy – free training from the creators of Burp Suite
- John Hammond – hacking tips, various programming languages
- Girls Who Hack – a great resource for young learners
- InfoSecGirls – a resource for women passionate about InfoSec