Cybersecurity / Information Security Essentials for new Professionals
With Sen. Elizabeth Warren proposing jail for CEOs for breaches — Cybersecurity is definitely mainstream. Demand for talent is likewise growing exponentially — 2019 is an incredibly exciting time to be in Cybersecurity!
Basic Training for Cybersecurity
However — increasingly I meet brilliant new people in cybersecurity that haven’t been exposed to Infosec fundamentals — and often aren’t sure where to begin. We should help them!
Aside from the traditional CISSP — It feels like there is a large gap in educational materials to help new practitioners come up to speed quickly.
I’ve spent a significant part of my career on the problem of growing, teaching, training, and scaling Infosec teams from 0 to 1, so…
Giving back
It’s time to give back to the community that has so generously supported me. If you’re new and wondering why you should continue reading —I am extremely passionate about this space & have made significant contributions to advancing state-of-the-art Infosec:
25 years in Cybersecurity Security & 35 years as a hobbyist-hacker
Orgs & capabilities I’ve helped build:
- Fishnet Security: I helped build the DFIR (digital forensics & incident response), Software Security/Appsec, Pentesting, and Threat Modeling programs at one of the first billion-dollar Infosec companies.
- WhiteHat Security: We built the first SaaS-based DAST/SAST Appsec company, including an incredible recruiting/training bootcamp.
- Facebook: creating global standards across billions of users for measurement and enforcement of Authenticity, Transparency, Originality, and Impersonation.
In my free time I have also published research over the years ranging from:
- Introducing timing-attacks against Java methods, and trigger-based SQLi in the “Hacking Exposed Web Apps” books.
- Benchmarking security testing tools for OWAST/NIST & SAMATE
- Publishing old-school 0-days in Nokia, Microsoft, Cisco, products to
- Giving talks around the globe about Threat Models & breaking software
Most importantly — I have had the incredible opportunity to learn from the most brilliant minds in the Infosec industry — some of whom you may not have heard of before. I am excited to start sharing their wisdom here through interviews.
And Finally: my wife Mary Evans is also collaborating with me on this — she is a professional educator and has taught subjects like Phishing at Paypal.
Mistakes and keeping a Growth mindset
I first started writing about cybersecurity decades ago — but due to early mistakes, I ceased writing and had those articles taken down, out of embarrassment — I thought no one would ever hire me if they saw them! And what a shame….I hadn’t yet learned to have a Growth mindset.
Those early mistakes would turn out to be a treasure trove on the learning curve most of us naturally go through in security — I’ve watched folks new to Infosec make the same mistakes repeatedly over the years. I’m excited to share these and help you avoid a few common traps on your own journey.
This article is the reference map for our journey.
If there is something specific you’d like me to help explain for you in Cybersecurity — let me know and I’ll try to find or add it!
Guide to Cybersecurity / Information Security 101 Series:
- Infosec 101: A 3000 year history made easy
- How did I get into Cybersecurity?
- How do you get into Cybersecurity?
- Information Security Fields/Branches
- Cybersecurity job types
- Information Security: Risk / Threat Taxonomy 101
- Application & Software Security 101
- Lightweight Threat Modeling made easy
- Threat Modeling for Product Managers / Abuse-case modeling
- What are the biggest mistakes I’ve made in Cybersecurity?
- Cybersecurity maturity framework
- Data Science/ML/AI is the future of cybersecurity: Big Data analytics wins.
Thank you for reading. If you enjoyed this article, please hit the clap button 👏 to help others find it.
