Cyber Security or Information Security

By +longgonebn
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

+longgonebn Subscriber²

Posted
  • Subscriber²
Posted

I am looking into Cyber Security. It can also be called Information Security. I am wondering if anyone has experience with this area. What is required to get into it, what is the best resources for learning, and things like that?

The internet seems to be overfilled with information and it is hard to make out what is correct and what is false.

I found this website, but I am not 100% it's the right place to be. http://www.cyberaces.org/

 

Anyone have ideas, experience?

Link to comment
Share on other sites
Grand Master

Yusuf M. Veteran

Posted
  • Veteran
Posted

Let's not post links to sites that teach you how to hack other sites.

 

No Illegal Software/Copyrighted Discussion.

Discussions involving warez, cracks, security circumvention, using torrents for downloading copyrighted or illegal material is strictly prohibited. This includes music files or other unauthorized software. Asking for help in doing so will cause warns or suspensions of accounts.

 

 

Link to comment
Share on other sites
Grand Master

goretsky Supervisor

Posted
  • Supervisor
Posted

Hello,

 

A few resources, in no particular order:

 

http://www.cs.fsu.edu/~redwood/OffensiveSecurity/lectures.html - Florida State University, series lectures on offensive (as opposed to defensive) computer security

http://fumalwareanalysis.blogspot.com/p/malware-analysis-tutorials-reverse.html - malware reverse engineering tutorials

https://www.kali.org/ - Kali Linux distro home page

http://opensecuritytraining.info/Training.html - Open Security Training course list

https://www.owasp.org/index.php/Main_Page - Open Web Application Security Project home page

http://www.reddit.com/r/HowToHack/wiki/gettingstarted r/howtohack subreddit wiki on Reddit

http://www.reddit.com/r/netsec/wiki/start - r/netsec subreddit wiki on Reddit

http://www.securitytube.net/ - SecurityTube

 

Good luck with your studies!

 

Regards,

 

Aryeh Goretsky

  • +longgonebn
  • Like 1
Link to comment
Share on other sites
Grand Master

BinaryData

Posted
Posted

If you're wanting to go to school, I suggest Western Governor's University. They have a super awesome course. I'll be taking that soon as I get my transcripts submitted.

 

Also use those courses as a base, search for those names.

Link to comment
Share on other sites
Grand Master

BinaryData

Posted
Posted

Let's not post links to sites that teach you how to hack other sites.

I don't believe we have. You do realize there are 3 levels of hacking, correct?

1 - White Hat aka Legitimate Hackers, aka Penetration Testers. Kevin Mitnick is one of them, though I find him to be a cocky stuck up brat.

2 - Grey Hat - I've found over the course of my existence on the internet that these guys have rules, and things they won't do. Yes, they'll hack something, sell information, or steal something. The few I've interacted with, have rules. i.e. Will target people that fall into a certain criteria, but won't hit, for example, little old ladies who don't know any different, or single parents.

3 - Black Hat - Generally, give no ****s. Anything goes.

 

This is based on my 17 years in Cyberspace, and dealing with people. I've learned quite a bit about the "differences" between hackers. I can't say I am one, but I'd love to have that level of knowledge. My life time goal is to work for the FBI in their Cyber Security Division, and be apart of their Child Pornography Take Down Team.

Link to comment
Share on other sites
Grand Master

goretsky Supervisor

Posted
  • Supervisor
Posted

Hello,

 

If you are looking for schools in Canada, I would suggest looking at:

 

  • +longgonebn
  • Like 1
Link to comment
Share on other sites
Enthusiast

ITOps

Posted
Posted

Let's not post links to sites that teach you how to hack other sites.

 

Offensive and defense security is critical in properly protecting and developing websites, software, hardware and autonomous systems to defend critical systems.  Learning about defense capabilities are nice but the only way to test your defense is also conducting strong and unique offensive tests on your own properties.  Without the offensive knowledge it will be very difficult to find 0 day or existing known vulnerabilities in systems, find misconfigured systems or properly continue hardening what used to be secure configurations (example: it was OK back in the day to accept MD5 as a hashing algorithm, but now it is strictly known as something to no longer use due to the discovered vulnerabilities with the algorithm and it's ability to fall to brute force attacks of today's modern technology).

Link to comment
Share on other sites
Enthusiast

ITOps

Posted
Posted

I am looking into Cyber Security. It can also be called Information Security. I am wondering if anyone has experience with this area. What is required to get into it, what is the best resources for learning, and things like that?

The internet seems to be overfilled with information and it is hard to make out what is correct and what is false.

I found this website, but I am not 100% it's the right place to be. http://www.cyberaces.org/

 

Anyone have ideas, experience?

 

The best way to get into and move up in the Cyber Security space is to learn offensive and defensive practices for securing systems.  Since cyber security will not be going anywhere soon and the need for knowledgeable people for offensive and defensive capabilities is growing along with being a great long term career choice. 

 

Learning

First place to start is to learn secure programming techniques.  As this is where most of the problems start and get worse the further you dig.  udemy, coursera, and more then likely your local state college should be able to offer degrees in cyber security and or information security and assurance.  I would recommend looking into the programs that also include some programming classes if you have never programmed before.  As without the programming knowledge you may know of the general concepts of some of the vulnerabilities but you would not know how to spot them in code or test for them in the real world without tools.  Spending a few weeks of pure C programming creating various types of apps should give you a nice introduction into what should and should not be done with a programming language that is the basis for most of the other popular programming languages and operating systems used today (Ruby, C++, Python, Java, the JVM, Windows, Linux, OS X, etc.).

 

During your programming testing you should run into problems like buffer overflows, buffer underruns, out of bounds array issues, casting errors, pointer errors, memory segfault errors, file pointer errors, etc.  As time goes on you will learn how to not make these mistakes and with other languages you will see which ones try to protect you from making these mistakes along with the pros and cons of these protections. 

 

Normally the next step after general purpose programming is learning offensive and defensive measures to prevent security issues in web, database and operating systems.  For websites this is normally learning about secure configuration options for web servers like nginx, apache, IIS, secure programming, etc.  For databases you learn about setting up secure passwords and access, checking for insecure passwords, SQL Injection prevention and testing (also in line with learning web development that interfaces with databases), secure configuration of database configuration variables to help prevent denial of service attacks externally or internally.

 

When you move on to the operating systems you will normally add in networking too, if you are really interested I recommend looking into learning Juniper, Cisco and Brocade.  Taking some of the Cisco certifications (CCNA and CCNP) will give you a very nice introduction into networking.  For security classes you will more then likely learn how to conduct tcpdumps ( and using Wireshark) for troubleshooting networking problems along with finding security problems and testing then on your network.  For your operating systems you will normally learn about how to secure drive mounts, posix and windows permissions, securing data at rest, and secure data transmission along with secure practices for hardening your operating systems configurations.

 

Certifications

I would recommend you get the following to give yourself a good base.

Security+, Linux+, CCNA, CEH

 

Then move on to to get more detailed:

CCNP

CISSP

RHCSA

OSCP

 

 

Job

I would recommend getting a job with your local government directly or as a government contractor.  Jobs that will give you a speed boost in cyber security are roles as a system administrator, penetration tester, network administrator, database administrator, and developer.  If you get a job in the government or banking industry there are several requirements and regulations for securing systems that you will learn as you progress through the job.  If you want to get the full cake I would recommend looking into working on meeting the requirements to become a penetration tester or join a red and blue team which will fully emerge you into cyber security on a day to day basis.

 

Once you have some years of experience and breadth of knowledge you can normally start moving into the managerial side, writing policy and enforcing policy to help secure systems and enhance full penetration tests requirements on your own physical and virtual properties to insure they are doing what they say they are doing and are secure and up to standard.  As having the book knowledge is OK, but you will be in the fake it and probably not make it very far, when something really bad has happened or is about to happen and experts are needed to help resolve the situation before it gets out of control.  Having the actual work experience will make you more valuable in the short and long term along with being more trusted by your peers and those working for you down the road as you will be someone that actually did the work and retains the practical experience as time goes on. 

  • goretsky and +longgonebn
  • Like 2
Link to comment
Share on other sites
Grand Master

goretsky Supervisor

Posted
  • Supervisor
Posted

Hello,

I spoke to a former employee from our Montreal office, and here's what he had to say:
 

[...]
I have a couple in mind: Halifax, Calgary (Aycock), Kingston college (military), Polytechnique, ETS of Montreal, Concordia University.. there might be one in BC but I am not sure we don't really have the college thing in Quebec, hence many references to universities

Link to comment
Share on other sites
Grand Master

+longgonebn Subscriber²

Posted
  • Author
  • Subscriber²
Posted

Thanks for all the information, a great help!

 

From the looks of many of it, I might as well start learning programming in one form or another and then decide if this is exactly what I want to do or not :)

Link to comment
Share on other sites
Grand Master

BinaryData

Posted
Posted

Thanks for all the information, a great help!

 

From the looks of many of it, I might as well start learning programming in one form or another and then decide if this is exactly what I want to do or not :)

 

May I make a suggestion towards this?

VB .Net / C# WPF. I'm picking it up now. I don't fully understand it. My long term goal is C++. I'll have it mastered, or close to mastered before I'm 30! :) 4 Years to go D:

Link to comment
Share on other sites
Grand Master

+longgonebn Subscriber²

Posted
  • Author
  • Subscriber²
Posted

May I make a suggestion towards this?

VB .Net / C# WPF. I'm picking it up now. I don't fully understand it. My long term goal is C++. I'll have it mastered, or close to mastered before I'm 30! :) 4 Years to go D:

 

I am kind of in the same boat, I am turning 27 this year.

 

I was going to go with Ruby, Javascript or some combination, but yea C++ would be nice as well.

Link to comment
Share on other sites
  • 2 weeks later...
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.