Getting Started in InfoSec — Entry Level Guide

Many young men and woman are looking for a way into InfoSec. The toughest part is knowing where to start. We have all been there, but it’s sometimes hard to find a straight answer. The point of this post is to provide clear direction and some recommendations.

To start with, some look at college as unnecessary, but to the contrary, school is very important. Not necessarily for the technical aspect, although you will learn good high-level concepts in school, but for discipline, communication, grammar, and reporting reasons. Throughout your career in InfoSec, you will be asked to speak with customers, send a plethora of emails, and write a large number of reports. In order to properly represent your team or company, it’s important that you own these skills. This is one area in InfoSec that is lacking greatly. We have a lot of technically talented professionals that just don’t know how to speak to people, write reports, or send comprehensive emails. Now for as far as you need to go, it never hurts to get your bachelors, masters, or even a doctorate. Some companies may not require secondary education, but it will help your resume. I personally only have my Associates. The reason why I’ve achieved what I have at this point is due to my military background and a LOT of hard work. My employer sees it as a great asset for security and management. I completely agree; the security mindset and leadership values instilled from the military have proven quite useful. I’m currently a Security Operations Manager at Rook Security. Pretty exciting, but a whole hell of a lot of hard work. This is a fast growing industry and NEEDS passionate, smart, and motivated professionals.

Schooling should NOT, I repeat NOT, be your only source of learning. Look around your area for tech clubs like 2600; you can use meetups.com to help find local groups and meetings. Find peers, maybe through school, a group/club, or even gamers that share your passion. Idea’s are best served in groups. This will also help with your teamwork skills. Learning to work with different personalities is important as you will come across some unique people while working in InfoSec.

Internships are a great way to get the experience that will ultimately bring you to the top of a pile of resumes. Credentials will only get you so far in IT. Experience is regarded much more when recruiting and hiring professionals.

You will also be doing quite a bit of reading while in the InfoSec profession. So…read, read, read, read. As I put in my CircleCityCon talk, `While true; do echo ‘Read More’; done`

Learning the basics. I’m going to mix some certifications in on the next section, but by no means get a certification just for the paper or credentials. Use the certifications to help guide your learning and give you a launchpad into other area’s of interest. A quote I read the other day, which puts it perfect “Hire for passion first, experience second and credentials third.” ~ Paul Alofs. This just happens to be how I’ve been doing my hiring over the past year.

Core networking skills. Think about obtaining your network+. If nothing else, it will give you clear direction on the minimum that you should understand; while also building your confidence. This shouldn’t take more than a month or two, depending on your current level of knowledge and time you have available. I would suggest getting a CCNA study guide book and read the first 3–4 chapters a few times, that’s what I did. You will learn IP addressing, protocols, routing, etc. very important, basic information.

Learn a couple languages. I know C++, Python, and BASH. I’m by no means an expert, but that’s just because my current job doesn’t require it. As an analyst, having the ability to quickly and easily automate a task is an invaluable skill. Programming is a perishable skill, like any spoken language, so they must be exercised regularly. If you need ideas for projects, think about tools that you might find useful or use some of the challenges I list below as a driver to automate some of the research and parsing that might need to take place. This is where having someone to bounce ideas off is useful. Feel free to email me or post below if you want to talk about anything.

Find an OS and own it. Windows, CentOS, Ubuntu, OSx, etc. Choose your poison. I personally use *nix operating systems. I find them more versatile. But, I have colleagues that rock Windows and do it well. When you get into a team or department, they will find themselves in situations where they need an SME (Subject Matter Expert) on the affected operating system. Having a high-level understanding of all these operating systems is important and extremely helpful, but SME’s will be needed. So, get a hold of a copy of each, and play around. See which one you find most interesting or useful and dig in. Think about obtaining the MCSE or Linux+. These lead you in the direction of understanding that will make you the SME.

In the end, Security related certifications can give you some GREAT information. I would highly suggest SANS certifications, but they are expensive. I have my GCIA, which was fun and highly technical. https://www.giac.org/certification/certified-intrusion-analyst-gcia. I have the Security+ as well. The Security+ is a good entry-level certification which will give you a good grasp of the terminology and check on your core networking knowledge. Ultimately leading you to the domains of IT in which you should be focusing.

Resources

Play with some of the challenges below. Watch/Listen to some of the videos. Read as much as you can stomach. You won’t understand all of it, and that’s ok. So, don’t feel like you’re cheating if you must read the answers first. Use the opportunity to reverse into the answer. You will get it, just be patient and will take the time needed to understand the outcome.

• From Grunt To Operator: My CircleCityCon talk that covers this topic. Might be a little rough (it was my first conference talk, but will hopefully give you some direction and contains quite a bit of what I’ve said here.)
• Go back and listen to some old Defcon and Derbycon talks
• DerbyCon
• DefCon
• Learn Python the Hard Way
• SecurityTube
• Break The Security — Hacking Tuts For Beginners
• Hack This Site
• Learn Hacking
• SANS Reading Room: Should try to make it a point to read at least one of these white papers a month.

Check out my twitter account @tgorup. Go through and follow some of the guys that I’m following that look interesting to you. Twitter is a great resource for live information and unique perspectives. Shoot me over who you find great information from.

Get an RSS reader, I use NewsBlur. It’s not free, but I’m sure there are some available if you’re not able to fork up the cash. Add the links below and any others you find interesting along the way. Some analysts like to use news aggregator apps like Feedly, App.net, News360, etc. There’s a LOT of information in InfoSec, so aggregating into a single feed makes life significantly easier.

Security Related Reddit Links

• http://www.reddit.com/r/netsec
• http://www.reddit.com/r/netsecstudents
• http://www.reddit.com/r/AskNetsec
• http://www.reddit.com/r/ReverseEngineering
• http://www.reddit.com/r/SocialEngineering
• http://www.reddit.com/r/sysadmin
• http://www.reddit.com/r/pwned
• http://www.reddit.com/r/computerforensics
• http://www.reddit.com/r/learnprogramming

Recommended Books

• Any book on protocols, e.g. CCNA, Network Warrior, TCP/IP Guide
• Practical Packet Analysis — Chris Sanders
• Practice of Network Security Monitoring — Richard Bejtlich

Challeges

• Response Team Training: The roadmap identifies 10 proposals on how ENISA could improve CERT training and exercises in Europe. The ideas in the document are valuable, as they reflect the actual community needs and requirements and there could be mutual benefit from both CERT community and ENISA in this more active approach towards training and exercises.
• Exercise Material: ENISA CERT Exercises and Training Material were introduced in 2008, in 2012 and 2013 it was complemented with new exercise scenarios containing essential material for success in the CERT community and in the field of information security. On this page you will find the ENISA CERT Exercise material, containing the Handbook for teachers, Toolset for students and Virtual Image to support hands on training sessions.
• Proactive Detection Report: This report describes available external sources of information and internal monitoring tools which can be used by CERTs to improve their capabilities to detect network security incidents.
• HandlerDiaries: Digital Forensics and Incident Response
• DFIR Challenges: Large zip, about 600+MB, of challenged, I haven’t pulled it down myself yet, but I believe it contains the following challenges/writeups:
• jackcr diff challenge
• 2012 GrrCON DFIR Challenge
• Ghost Backdoor Memory Sample
• 2013 ISSA Netwars Challenge
• Challenge Writeups
• thelulzkittens — jackcr challenge
• Bryan Nolen — jackcr challenge
• Paul Melson — GrrCON 2012
• Volatility — GrrCON 2012
• jackcr — GrrCON 2012
• Aman Hardikar’s pen test mind map: Includes all kinds of challenges. He did a really great job with it. It’s also included the SANS Pen Test Poster
• CounterHack: Ed Skoudis’ site has a nice set of links to challenges.
• Forensics Contest: Nice for some fun.