Where to start?

Xavier Briand

Follow

Jan 27 · 1 min read

A while back, seeking the next podcast to listen to, I hit “subscribe” on the BHIS podcast. That led me to their blog and especially to their 30 Things to get you started page, where I watched WEBCAST: John Strand’s 5 Year Plan into InfoSec Part 2.

Well that will be my start.

My notes

Year 1

Focus on core concepts:

• OS: install linux from scratch, read CIS Benchmarks, use Microsoft Evaluation Center
• Networking: TCP/IP and ICMP, learn to read a packet, sockets programming, build your own home network
• Learn a language like Python
• Learn Bash scripting
• Lookup security standards (CIS, NIST 800)
• Learn and understand CIS controls

Year 2

Get your security news, learn PowerShell, be part of a security group, write a blog.

Year 3

Learn to build web/mobile apps.

Year 4

Learn to use IDA, Immunity Debugger, OWASP ZAP.

Do online challenges

MITRE ATT&CK matrices

Year 5

Go to conferences, meet and present.

Other resources

• /r/netsec Getting Started in Information Security
• SANS Pen Testing poster
• Virginia Cyber Range

The good news is that I already nailed year 3 and I have a undergrade in telecom and networking!