Starting out in a new career, is like a journey through a maze. Even if you have a map, what if there’s more than one way through? You still need to know where you want to go — Anon
This post was put together by our SEEK Security team. We’re excited to see a growing interest in cyber security and wanted to help you get started on your journey. That’s why we’ve put together a helpful guide that includes recommendations on groups to join, books to read, podcasts to listen to and even some fun hacking exercises. While it’s not an exhaustive list, it’s a great starting point to begin exploring the world of cyber security.
What do you want to be?
We’ve noticed that people often think of hacking (or Application Pen Testing), when they think of a career in cyber security. But there are many others to choose from. This includes being part of a Red, Blue or Purple team. Or maybe you’re interested in becoming a Security Architect, or an Incident Response Manager.
Check out some other career options:
- SANS 20 Coolest Cyber Security careers
- AU CyberExplorer
- Career Pathways (NICE Cyber security workforce framework).
The capacity to learn is a gift; the ability to learn is a skill; the willingness to learn is a choice. — Brian Herbert
Cyber threats are constantly evolving, and so are new devices, platforms and software. No matter which path you take, you’ll need to be constantly learning. We suggest keeping yourself up-to-date with the latest cyber security news articles e.g. SANS NewsBites.
Meetups & Events
Note: SEEK’s HQ is in Melbourne, Australia, so you’ll see most of the meetups and events are Melbourne-based.
- AWSN — Australian Women in Security Network — connecting, supporting & inspiring women in security Australia-wide, check the event calendar to see what’s coming up
- OWASP Melbourne — is an application security specific community that runs regular meetups during the week and the OWASP AppSec Day conference
- SecTalks Melbourne — is a regular meetup that focuses on offensive security topics and normally has a Capture the flag challenge too
- InfraCoders Melbourne — not a security specific meetup but helps you develop technical foundational skills which are important for application security.
Conferences
- BSides Melbourne — A well-run community driven conference with an emphasis on providing and encouraging and open and collaborative space in which people can contribute and learn (see also BSides Canberra, Brisbane, Sydney, Perth, Gold Coast)
- OWASP Melbourne — The OWASP® Foundation (Open Web Application Security Project) works to improve the security of software through its community-led open source software projects & has hundreds of chapters worldwide
- CrikeyCon — This is a not-for-profit security conference in Brisbane
- TuskCon — A two day hacker camp with an emphasis on hands on learning and activities
- ComfyCon — Originally constructed as an online conference in March 2020 as a response to the cancellation of Cyber Security conferences due to the COVID-19 pandemic. Check out past their conferences on YouTube.
Hacking Exercises
- PentesterLabs — this has some great free, beginner exercises — you may find you get quite obsessed with these exercises
- Offensive Security — they have a free Ethical Hacking course called Metasploit Unleashed
- OWASP Juice Shop — is an open source vulnerable and insecure web application. It can be used in security trainings as it’s easy to install, run and start hacking on the challenges
- http://flaws.cloud/ & http://flaws2.cloud — through a series of levels you’ll learn about common mistakes and gotchas when using Amazon Web Services (AWS). A series of hints are provided that will teach you how to discover the info you’ll need.
Podcasts
- Darknet Diaries — this is a podcast about hackers, breaches, shadow government activity, hacktivism, cybercrime, and all the things that dwell on the hidden parts of the network
- Women Speak Cyber — Louisa P and Louisa V along with their special guests share tools, tips and inspirational stories
- Motherlode — The gripping story about the birth of computer hacking from an unlikely centre — Melbourne Australia. It was here teenage boys, and they were mostly boys, hacked into some of the biggest organisations in the world
- Risky Business — A weekly information security podcast featuring news & in-depth interviews with industry luminaries
- The Social-Engineer — Understanding the human element and how we interact, communicate and relay information, can help us protect, mitigate and understand social engineering attacks.
- Cloud Security — Weekly live interviews with cloud security leaders and practitioners from around the globe.
Books
- The Web Application Hacker’s Handbook: Discovering and Exploiting Security Flaws by Dafydd Stuttard,Marcus Pinto— a practical guide to discovering and exploiting security flaws in web applications
- This is how they tell me the world ends (The Cyber Weapons Arms Race) by by Nicole Perlroth— Nicole is a cyber security reporter for the New York times & provides a terrifying first look at a new kind of global warfare.
- The Art of Software Security Assessment by Mark Dowd — the definitive insider’s guide to auditing software security, penned by leading security consultants who have personally uncovered vulnerabilities
- Network Security Assessment by Chris McNabb — provides you with the tricks and tools professional security consultants use to identify and assess risks in Internet-based networks.
Videos
Hacker videos
Technical skills
- Hans Rosling: The best stats you’ve ever seen | TED Talk
- Cole Nussbaumer Knaflic: “Storytelling with Data” | Talks at Google
- Why storytelling matters | Garr Reynolds | TEDxKyoto
- Surfing the Motivation Wave to Create Security Behaviour
- Expanding your blue team through security culture
Human skills
- Simon Sinek — Why Leaders Eat Last
- Marc Brackett — Emotional Intelligence Superpowers
- Brené Brown — The Power of Vulnerability
- Simon Sinek — The Finite and Infinite Games of Leadership
- Chris Voss — Never Split the Difference
Tools
- If you were to learn one language for cyber security, Python would be it! A lot of security tools are written in Python. It’s also a great scripting language and is often the hackers’ language of choice too
- If you aren’t familiar with Linux and Linux commands it might be worth doing a basic course on this. Many security tools and frameworks are designed for Linux. Kali Linux, in particular, contains lots of pre-installed hacker tools.
Other resources
- Women in Security Mentoring Program (awsn.org.au)
- Put your cyber incident response skills to the test (cyber.gov.au)
Do you have any recommendations that you’ve found helpful in your cyber security journey? Please add a comment below.