Getting started in cybersecuri

Getting Started in Cybersecurity === :::danger :radioactive_sign: I will start with a serious disclaimer: never use any of the tools or techniques in this guide against any targets that you don't have explicit approval to experiment with. It is illegal and wrong to do so, and can result in financial penalties or incarceration. Only experiment with targets that you either control, or that have been specifically included in a bug bounty. I cannot emphasize this enough. Always act as an [ethical hacker](https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/what-is-ethical-hacking/) and never use your skills for evil or self-enrichment. Be a force for good in the field, and in the world. ::: # Introduction Cybersecurity means different things to different people, but as a field, it really means how to make all the pieces and parts that deliver some sort of service to end-users more secure. That service could be as simple as an operating system like Windows or MacOS running on a computer or mobile device, an application like Microsoft Word, an internet service like Facebook. Cybersecurity applies to any “digital thing” that someone uses, whether it is hardware or software. Learning how all these digital components work is fundamental to being a good cybersecurity professional, since it is very hard to secure something that isn't understood. Think about trying to secure a building without knowing where all the doors and windows are, what kind of locks are on them, what the doors and walls are made of, and even more importantly, what in the building are you trying to protect, and from who. In the same way, understanding how IT systems are built and what they are made of is fundamental to learning how to secure them. As you can imagine, there are many parts involved with enterprise IT, and there are disciplines that specialize in each area, along with cybersecurity tools and techniques to secure each. There are also different ways in which to specialize in those areas, such as working for a consumer of technology (government, banks, etc.) or a producer of technology (Microsoft, Apple, etc..). In other words, you can work for a bank (a technology consumer), and secure/support the iPhones that the employees use, or you can work for Apple (a technology producer), and help design, build, and secure iPhones, their software, and their cloud services. Many IT and cybersecurity professionals got started in an IT area called “end user computing,” supporting desktops, laptops, and mobile devices. This may be a logical place to start for you, and you can build a wealth of knowledge about the other areas by starting here. You will learn about how computers work, how they are connected together, the software that runs on them, and how to secure them. That being said, as you explore different aspects of IT and cybersecurity, don't be afraid to aim directly at a specialty that excites you. # How to Get Started This is a hard question to answer generally, since everyone's experiences and interests differ. That being said, I would suggest thinking about what interests you about cybersecurity, and start digging deeper into that particular thing by finding blogs, podcasts, and other resources on that topic. There are lots of resources linked in this guide, and hopefully will give you a broad perspective on the field and somewhere to start. If you are looking to get employed sooner rather than later in the field, you should pursue a [CompTIA Security+](https://www.comptia.org/certifications/security) certification. It is a well-recognized certification in the field, and the preparation process will teach you a lot about cybersecurity. If you can't afford the certification, then take advantage of the many free resources linked in this document to build up your knowledge and experience in the field, and make sure to produce demonstrable results of your work. Also, building your professional network helps with finding a position in this very competitive market. (see "Building Your Brand" below). With the market being as competitive as it is, you should also think about your past experiences and see if you can use those as a way to differentiate yourself and find work in a niche area. For example, if you have business, healthcare, critical infrastructure (water/electric/gas), or legal training/experience, these could lend themselves to cybersecurity specializations and make you stand out. If you have sales experience in anything, you may also be able to use that skill to get a position in a cybersecurity company as a [sales engineer](https://www.coursera.org/articles/sales-engineer) or [inside sales representative](https://www.close.com/blog/what-is-inside-sales), and work your way towards your dream role, or stay in those roles if you enjoy them! Technology sales isn't for everyone, but it requires a combination of technology knowledge/abilities and people skills which, if you have that, can be a differentiator too. # Building Your Brand As you learn and experiment, you should start building up your visibility and presence in the cybersecurity community. Don't be shy or afraid to speak up in online or in-person forums. The overwhelming majority of cybersecurity professionals are welcoming and eager to teach (and learn from) anyone who has something to contribute. Even something that you may think is simple may be worth writing a blog about, since the mere act of explaining it will help you understand it better, and may also help someone else who is getting started. "Paying it forward" is fundamental to the cybersecurity community and we all owe it to each other to nurture new talent and help grow the field. Your "brand" is who you are as a person and as a cybersecurity professional. This can include any personal, educational or cultural influences that make you who you are and why/how you approach cybersecurity. For example, there are many aspects of my life that have built up a deep "rescue/protect" instinct, which drives me to be a "cybersecurity guardian." Personal motivations and characteristics that show your passion and dedication to the field helps you develop your reputation in this industry. There are many ways to build your "brand," visibility, and network. Some examples: - [GitHub]([GitHub](https://github.com)) is a major repository of code and knowledge across many disciplines of IT and cybersecurity. If you start writing cybersecurity-related code, you should make it available there so people can learn from and build upon the work you are doing. - [LinkedIn](https://www.linkedin.com) is a great place to build up a professional network. You can learn a lot from following cybersecurity researchers/journalists like [Brian Krebs](https://www.linkedin.com/in/bkrebs/) or cybersecurity vendors like [Palo Alto Network](https://www.linkedin.com/company/palo-alto-networks/) or [CrowdStrike](https://www.linkedin.com/company/crowdstrike/). Building your network is critical to finding a job in IT/cybersecurity, since making personal connections helps make you stand out to hiring managers. - [Medium](https://medium.com) is a good place to publish any blog posts that you may write. You can also [publish articles directly on LinkedIn](https://www.linkedin.com/help/linkedin/answer/a522427/publish-articles-on-linkedin?lang=en) if you prefer. --- # Cybersecurity Foundation and Focus Areas - [High-level overview of Cybersecurity](https://www.ibm.com/topics/cybersecurity) - [Deeper cybersecurity overview](https://www.crowdstrike.com/cybersecurity-101/) - [Cybersecurity terminology reference](https://www.coursera.org/resources/cybersecurity-terms) - [Free cybersecurity fundamentals training](https://www.codecademy.com/learn/paths/fundamentals-of-cybersecurity) Cybersecurity is a very rich field with many different aspects on which to focus. As you explore the IT field, you may find that certain aspects interests you more than others. At a high level, cybersecurity can be broken down into the following categories. Please click the links to learn more about each. - [Defensive (blue team)](https://cyberinsight.co/what-is-defensive-security-in-cyber-security/) - This is what it sounds like: a cybersecurity professional whose job it is to defend computer systems and services against attacks. This can be focused on any number of IT components like desktops, networks, cloud, and more, and a good defensive strategy should span all of them in a coordinated way. - [Offensive (red team)](https://www.ibm.com/topics/offensive-security) - This cybersecurity role is focussed on proactively and ethically probing computer systems and services in order to find vulnerabilities that can be fixed by defensive teams. This field can be focused on activities such as [penetration testing](https://www.ibm.com/topics/penetration-testing), [reverse engineering](https://www.geeksforgeeks.org/what-is-reverse-engineering-technique-in-cybersecurity/), and more. - You can gain experience and learn about red teaming by downloading and working with tools like [Kali Linux](https://www.kali.org), [Metasploit](https://www.metasploit.com), and [Burp Suite](https://portswigger.net/burp/communitydownload). There are also penetration testing certifications like [PEN-200 PWK/OSCP 2.0 Penetration Testing Certification](https://www.netsecfocus.com/oscp/2021/05/06/The_Journey_to_Try_Harder-_TJnull-s_Preparation_Guide_for_PEN-200_PWK_OSCP_2.0.html) and more. - [Defensive/Offensive Combination (purple team)](https://www.crowdstrike.com/cybersecurity-101/purple-teaming/) - This is a team characteristic which involves close collaboration between defensive and offensive teams to quickly find and fix vulnerabilities. - [Governance, risk and compliance](https://aws.amazon.com/what-is/grc/) - From [Wikipedia](https://en.wikipedia.org/wiki/Governance,_risk_management,_and_compliance), governance, risk management, and compliance are three related facets that aim to assure an organization reliably achieves objectives, addresses uncertainty and acts with integrity. - Governance is the combination of processes established and executed by the directors (or the board of directors) that are reflected in the organization's structure and how it is managed and led toward achieving goals. - Risk management is predicting and managing risks that could hinder the organization from reliably achieving its objectives under uncertainty. - Compliance refers to adhering with the mandated boundaries (laws and regulations) and voluntary boundaries (company's policies, procedures, etc.) Some other valuable training resources: - [Hackerone](https://www.hackerone.com/hackers) is a great offering with many training courses, some free, some paid. Their [Hacker101 course](https://www.hackerone.com/hackers/hacker101) is free and a great start. - [Hack The Box](https://academy.hackthebox.com) is another great resource and has [subscription plans](https://www.hackthebox.com/hacker/pricing) as low as $14 a month. - [Udemy](https://www.udemy.com) has coursework in [cybersecurity](https://www.udemy.com/topic/cyber-security/) and [many more IT focus areas](https://www.udemy.com/courses/it-and-software/) - [OpenCourseWare by MIT](https://ocw.mit.edu/search/) offers many free courses in IT, cybersecurity, data science and more. - The National Institute of Science and Technology (NIST) maintains this [list](https://www.nist.gov/itl/applied-cybersecurity/nice/resources/online-learning-content) of free and low-cost cybersecurity content :::danger :radioactive_sign: Again, never use any of the tools or techniques in this guide against any targets that you don't have explicit approval to experiment with. It is illegal and wrong to do so, and can result in financial penalties or incarceration. Only experiment with targets that you either control, or that have been specifically included in a bug bounty. I cannot emphasize this enough. Always act as an [ethical hacker](https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/what-is-ethical-hacking/) and never use your skills for evil or self-enrichment. ::: As you learn more about cybersecurity, you will likely come across the term [Zero Trust](https://en.wikipedia.org/wiki/Zero_trust_security_model). This is a systems design philosophy which strives towards a "secure by design" model versus trying to secure systems after they have been built. Definitely pay attention to this concept, since it is already prevalent in the industry, and will likely continue to grow and expand. The US government is spearheading many Zero Trust initiatives and specifications. This is one of the foundational Zero Trust documents that both government and industry are building from ([NIST Zero Trust Architecture specification](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf)). There are also certification courses being offered for Zero Trust such as [this one by the Cloud Security Alliance](https://knowledge.cloudsecurityalliance.org/certificate-of-competence-in-zero-trust-cczt) --- # Foundational Certifications Depending on your experience level, you may want to start with a general IT certification such as [CompTIA A+](https://www.comptia.org/landing/aplusbootcamp/index.html), though this isn't cheap (~4,000), so you may want to spend time learning on your own before investing in this certification. That being said, I would strongly advise you to get at least one security-focused certification. [CompTIA Security+](https://www.comptia.org/certifications/security) is a great one to start with, and while it isn't inexpensive, it is widely recognized as a good indicator of cybersecurity knowledge by employers (test is $349, prep course is ~$2,400). As you progress through. your career, you may want to gain more advanced certifications like [Certified Ethical Hacker](https://www.eccouncil.org/train-certify/certified-ethical-hacker-ceh-v12/), [Certified Information Systems Security Professional](https://www.isc2.org/Certifications/CISSP), or others such as those offered by the [SANS Institute](https://www.sans.org/cybersecurity-focus-areas/). --- # Building a Lab You do not have to spend a lot of money building a lab, and may already have what you need to learn and experiment. Many of the resources linked in this document have online sandbox environments you can use to experiment and run through the exercises. You may also find it useful to have a home lab to do more specific experimentation. Your home lab can run on your laptop/desktop or run on a dedicated computer, whichever you have room/budget for. A home lab should let you run a variety of cybersecurity tools and targets of those tools. You can accomplish this by installing a hypervisor on your laptop/desktop that lets you run [virtual machines](https://en.wikipedia.org/wiki/Virtual_machine) on it. This means that you can run one or more virtual computers inside your Windows or Mac laptop to experiment with. Keep in mind that you will need to have a laptop with a good amount of memory and CPU cores to run virtual machines. For example, a laptop with an Intel i5 processor with 4 cores and 32 GB of RAM should be enough to run a couple of virtual machines at a time. There are a few free hypervisors available: - [VirtualBox](https://www.virtualbox.org) - [VMWare Fusion (mac) or Workstation (Windows)](https://www.vmware.com/content/vmware/vmware-published-sites/us/products/desktop-hypervisor.html.html.html) - [Podman Desktop](https://podman-desktop.io) - This is a more advanced capability that lets you run applications in [containers rather than in virtual machines](https://www.ibm.com/think/topics/containers-vs-vms). Even if you don't choose to start with this, it is good to at least understand that containers exist and what they are, since containers are very widely used in the industry If you prefer to use a dedicated computer for your lab, there are plenty of choices. I personally like mini-servers made by SuperMicro, but almost any desktop computer with a lot of memory (at least 32 GB RAM) and a good CPU (4+ cores) will do. Once you get a dedicated computer for your lab, you can install a free hypervisor directly on it and run as many virtual machines as memory/CPU will allow. [Proxmox](https://www.proxmox.com/en/downloads/proxmox-virtual-environment_) is a fantastic and free hypervisor to use. Some examples of SuperMicro servers for your lab: - [List of SuperMicro servers sold by MITXPC](https://mitxpc.com/collections/mini-server#-page-1) - [SuperMicro SYS-E301-9D-8CN8TP](https://mitxpc.com/products/sys-e301-9d-8cn8tp) - I personally like this one, since it has an 8-core processor and can take up to 512 GB of RAM, making it a very compact and powerful lab server. It isn't cheap, so this may not be your first choice though. --- # Learning how Information Technology Works As I discussed earlier, it is fundamental to understand how components of information technology work before you can understand how to effectively secure them. The following section is not a comprehensive list, but a good starting point for someone brand new to the field. Definitely skip past any topics you already know, and many of the resources below are free or low-cost. ## IT Fundamentals - [This course](https://www.codecademy.com/enrolled/courses/introduction-to-it) covers just about every aspect of IT at a high level. - This is a [great video series](https://www.youtube.com/playlist?list=PLME-KWdxI8dcaHSzzRsNuOLXtM2Ep_C7a) on many aspects of IT and computer science. ## The Internet [This article](https://www.internetsociety.org/internet/history-internet/brief-history-internet/) is written by some of the individuals who designed core technologies of the Internet and gives important context and history around it. Many of our cybersecurity challenges stem from the lack of secure-by-design approaches to the Internet and other technologies, and understanding this is important to a well-rounded cybersecurity background. [Crash course about the Internet - video](https://www.youtube.com/watch?v=AEaKrq3SpW8) ## The World Wide Web (WWW) [Overview of the World Wide Web (WWW)](https://www.geeksforgeeks.org/world-wide-web-www/) People often use "the web" and "the Internet" interchangeably, but it is important to understand the difference between the two and what protocol [(HTTP)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP) the web is written in. [Crash course about the world wide web - video](https://www.youtube.com/watch?v=guvsH5OFizE) ## Types of Computing Devices (Clients and Servers) [Overview of Clients and Servers](https://robots.net/tech/what-is-the-difference-between-server-and-workstation/) The Internet and WWW are mostly designed in what is called a "client-server" model. For example, when you access Facebook on your phone, your phone is the "client" and the computers that host Facebook are the "servers." Both clients and servers must be secured and both have their own sets of risks and vulnerabilities. Clients and servers can run a variety of operating systems: - Clients: [Windows](https://www.microsoft.com/en-us/windows), [MacOS](https://en.wikipedia.org/wiki/MacOS), [Apple iOS](https://en.wikipedia.org/wiki/IOS), [Android](https://en.wikipedia.org/wiki/Android_operating_system), and [Linux](https://linuxjourney.com) - Servers: [Windows](https://www.microsoft.com/en-us/windows-server/) or [Linux](https://linuxjourney.com) (there are others, but most run one of those two). These servers can run on dedicated physical computers or as [containers or virtual machines](https://www.ibm.com/think/topics/containers-vs-vms). Here are download links for [Windows](https://www.microsoft.com/en-us/software-download/windows10ISO), and two popular versions of Linux ([Red Hat](https://developers.redhat.com/products/rhel/download) and [Ubuntu](https://ubuntu.com/download/server)) which you can use in your lab. - [Learning Windows videos](https://www.youtube.com/playlist?list=PLjCc0NQcZY5Zc3TDlut7fjnRFUHJj4cXb) - [Learning Linux videos](https://www.youtube.com/playlist?list=PLYmlEoSHldN6W1w_0l-ta8oKzGWqCcq63) ## Identity and Access Management [Overview of Identity and Access Management](https://www.okta.com/identity-101/identity-and-access-management/) Identity is a foundational component of cybersecurity, since the act of controlling "who" can access "what" is fundamental to any kind of security. Identity is used both to establish who someone is (authentication) and what they are allowed to access (authorization). The [difference between authentication and authorization](https://www.geeksforgeeks.org/difference-between-authentication-and-authorization/) is key to understanding identity in a cybersecurity context. For example, you use your drivers license to "authenticate" your identity to purchase an airplane ticket. The airplane ticket then "authorizes" you to board that specific flight. In the same way, you use a username/password/[multi-factor](https://www.ibm.com/topics/multi-factor-authentication) combination to log into your email account to prove who you are and what you have permission to access. Unfortunately, in the IT world, there is no one identity credential like a drivers license that can be used to identity a person, so there are many different ways to define a digital identity and validate it (the technical term for "a way" in IT is a ["protocol"](https://techterms.com/definition/protocol)). Some resources to learn more about identity, authentication, and authorization - [Overview of authentication protocols](https://www.geeksforgeeks.org/types-of-authentication-protocols/) - [Overview of the Lightweight Directory Access Protocol(LDAP)](https://www.developer.com/guides/introduction-to-ldap-lightweight-directory-access-protocol/) a very common identity storage technology. [Microsoft Active Directory](https://activedirectorypro.com/what-is-active-directory/) is another very common identity technology, and is based on LDAP. ## Networking [Overview of Networking](https://www.geeksforgeeks.org/basics-computer-networking/) Computers and phones/tablets are useless unless they are connected to each other and to the internet. Networking is a very broad and deep field in IT, and has many implications for cybersecurity, since it is how everything (clients, servers) connects to each other. Learning how networking works is fundamental to a cybersecurity background. Networking is designed in nested layers, defined by the [Open Systems Interconnect (OSI) model](https://www.geeksforgeeks.org/open-systems-interconnection-model-osi/). Each layer serves a different purpose, and each is secured in its own way. Here are some additional resources: - [Networking basics](https://linuxjourney.com/lesson/network-basics) - [Crash course on networking - video](https://www.youtube.com/watch?v=3QhU9jd03a0) - [OSI model explained - video](https://www.youtube.com/watch?v=vv4y_uOneC0) - An introduction to [network security fundamentals](https://www.ibm.com/topics/network-security). If you want to learn about networking, looking at network traffic on your own laptop/desktop is a great way to start! Download [Wireshark](https://www.wireshark.org) and watch [this video](https://www.youtube.com/watch?v=TkCSr30UojM) to learn how to use it to capture and view network traffic right on your own machine. ## Coding [Overview of coding/programming](https://www.freecodecamp.org/news/what-is-programming-tutorial-for-beginners/) No matter what the IT and cybersecurity landscape evolves into, people will still be needed to actually write the software that everyone uses. Additionally, traditional IT fields like networking and storage have become “software defined,” which means that they are programmed, not configured. I won’t dig too deep on this focus area here, but learning a language like Python will help just about any field you choose to get into. Python is used across many of the focus areas described here, and is a great first language because of how prevalent it is in multiple fields, including cybersecurity. - [Interactive Python tutorial](https://www.learnpython.org) - [Learning Python in 1 hour - video](https://www.youtube.com/watch?v=kqtD5dpn9C8) - [Longer Python course - video](https://www.youtube.com/watch?v=rfscVS0vtbw) - [Python for cybersecurity](https://www.stationx.net/python-for-cyber-security/) - [Huge catalog of coding courses](https://www.codecademy.com/learn) In the context of cybersecurity, you will come across the term [DevSecOps](https://www.redhat.com/en/topics/devops/what-is-devsecops). This term implies incorporating security controls and considerations into software development from the very start of coding, to ensure that security issues do not make it into production applications. Secure software development is a huge topic right now, and feeds into the Zero Trust "secure by design" paradigm mentioned earlier. Concepts like [Software Bill of Materials(SBOM)](https://www.cisa.gov/sbom) (essentially ingredients lists for software), and [artifact signing](https://www.sigstore.dev) to ensure that software components are what they say they are and haven't been tampered with. There is a lot more to this topic, but this is a good starting point. DevSecOps is an extension of the [DevOps](https://www.ibm.com/topics/devops) methodology, which is a modern way of building software more effectively. At a high level, software used to be built very linearly, from start to finish, based on requirements defined at the beginning. The problem with that "waterfall" method was that by the time the software was built, there hadn't been opportunities for feedback or improvements along the way, so the final product may or may not be suitable, since requirements change over time. DevOps changes that by incorporating multiple "sprints" within the software development lifecycle to allow for improvements, changes, and review all throughout the process, which ends up with a more appropriate product. ![waterfall-vs-agile-development](https://hackmd.io/_uploads/rk-dUJEr0.png) (from https://logz.io/learn/what-is-devops/) As a tangible example of the benefits of DevOps, think about if you were a homebuilder who got initial plans from the home buyers, and you went off and built the house without any input along the way from them. Maybe the initial plans were off, or there were miscommunications at the beginning, and there were no opportunities for the home buyers to correct you along the way. Wouldn't it be better to have scheduled walk-throughs of the house while it was being built so you could identify issues? That's what DevOps is all about: continuous improvement, incremental development, constant feedback. ## Cloud Computing [Overview of Cloud Computing](https://www.geeksforgeeks.org/cloud-computing-tutorial/) [Definition of "Cloud Native"](https://www.infoworld.com/article/3281046/what-is-cloud-native-the-modern-way-to-develop-software.html) Many organizations and businesses have moved away from owning their own IT assets (servers, software, email services..) and are relying more and more on paying companies to take on much of that burden. This is what defines cloud computing and “software-as-a-service.” This migration has been driven by many factors, including cost, staffing, and reliability: - Cost and staffing - It costs a lot of money and people to buy and maintain the hardware needed to support a large-scale enterprise, and in some ways, it is cheaper to simply “rent” only the resources they need from a cloud provider like Amazon Web Services or Microsoft Azure. The great thing about this model is that a business can scale up or down what resources they are “renting” as needed. It’s much harder to rapidly buy new hardware when it is needed, not to mention the power and space it takes, and then if a business no longer needs the hardware, it can’t just return it. - What if I, as a business, want to provide email for my employees? The costs of building and maintaining an email system is significant. Or, I can just pay Microsoft a monthly fee to use their cloud-based email system (Outlook Online), and not have to worry about any of that. This model is called “Software as a Service,” or SaaS, where I just pay someone to provide me a complete service like email, or chat, or whatever my business needs. - Reliability - What is more reliable, a single server in a closet in an office that is right below a fire sprinkler head, or a globally distributed infrastructure that is built for 99.999% uptime by a company whose only job is to keep that infrastructure running? Enough said :) :::info :information_source: Cloud computing introduces [many cybersecurity challenges and nuances](https://en.wikipedia.org/wiki/Cloud_computing_security), and understanding this technology is critical to a modern cybersecurity professional. :::: There are many ways to learn about cloud computing. The two most common cloud computing companies are [Amazon Web Services (AWS)](https://aws.amazon.com) and [Microsoft Azure](https://azure.microsoft.com/en-us/). [Google Cloud Platform](https://cloud.google.com) is also in the market, though AWS and Azure are more prevalent. You can set up free [AWS](https://aws.amazon.com/free) and [Azure](https://azure.microsoft.com/en-in/pricing/free-services/) accounts and start experimenting with these platforms very easily. ::::warning :warning: If you provide a credit card when setting up your AWS or Azure account, keep in mind that not all services are free and you can accidentally run up a high bill. Make sure you keep an eye on what you set up and what the associated costs are with condfiguring and running things in these clouds. The services do provide consoles ([AWS](https://aws.amazon.com/aws-cost-management/billing-and-cost-management-console-home/) and [Azure](https://azure.microsoft.com/en-us/products/cost-management/)) to let you track costs and even set up budget alarms. Don't start setting up things in AWS until you understand how billing works. :::: There are also many training resources for cloud computing: - [General Cloud Security Knowledge Certification](https://knowledge.cloudsecurityalliance.org/certificate-of-cloud-security-knowledge-foundation) - [Microsoft Azure training](https://learn.microsoft.com/en-us/training/courses/az-900t00#course-syllabus) course and some great videos by [John Savill](https://www.youtube.com/@NTFAQGuy) - [Introductory](https://explore.skillbuilder.aws/learn/course/external/view/elearning/134/aws-cloud-practitioner-essentials) and more [advanced](https://explore.skillbuilder.aws/learn/course/external/view/elearning/11458/aws-cloud-quest-cloud-practitioner) AWS training ## Data [Overview of data cybersecurity](https://www.crowdstrike.com/cybersecurity-101/security-operations/data-security/) Data is the life-blood of any organization, and it can be stored and used in many ways. Data can be as varied as email stored in GMail, the GMail web application itself, videos streamed by Netflix, or bank account information stored by financial services organizations. From a cybersecurity perspective, data is the true crown jewels of any organization, and all cybersecurity tooling and efforts are ultimately done to protect its [integrity, confidentiality, and availability](https://www.fortinet.com/resources/cyberglossary/cia-triad). Data can be stored in many ways, traditionally in a [relational database](https://opentextbc.ca/dbdesign01/), but [many other types of databases](https://www.sql-easy.com/learn/what-is-a-database/) have been developed to meet the needs of applications and services that produce, consume, and process data. ## Artificial Intelligence and Machine Learning (AI/ML) [Overview of AI/ML](https://cloud.google.com/learn/artificial-intelligence-vs-machine-learning) The IT industry and cybersecurity along with it are being challenged by problems of massive scale. Many more users demanding more services and generating massive amounts of data is driving adoption and growth of AI/ML to accommodate this explosion of scale. Think about every mundane task you perform on a computer, like entering data into a spreadsheet, or pulling together content from multiple documents for a report, and then imagine having much of that automated, so you can focus on “why” you are doing this task, instead of wasting time and energy on going through the boring and error-prone steps to get you to your final product. In this way, automation lets humans do what they do best, and lets computers do what they do best. Humans are good at intuition and problem solving, computers are good at crunching lots of data accurately and tirelessly. As the amount of data increases, as does the “cognitive burden” of that data on a human. Manual number crunching or staring at endless data, looking for patterns aren’t called “mind numbing” for nothing. That kind of task takes a toll on a human, and they just cannot do those tasks accurately for extended periods of time. Automation directly helps this problem by being able to execute those tasks tirelessly 24x7 without any loss of accuracy. There are a huge number of use-cases for AI/ML, and while [ChatGPT](https://chatgpt.com) may be the most famous [Large Language Model (LLM)](https://www.ibm.com/topics/large-language-models), from a cybersecurity perspective, many vendors are using AI/ML to help defenders find vulnerabilities in systems, detect attackers, and [many more security use-cases](https://www.crowdstrike.com/cybersecurity-101/machine-learning-cybersecurity/). The field is vast and growing very quickly, and will likely continue to be a highly sought-after skill-set. Many of the use-cases and industry trends are being driven by [Graphics Processing Unit (GPU](https://www.geeksforgeeks.org/what-is-gpu/)) manufacturers, since GPUs are fundamental hardware for AI/ML. [NVIDIA](https://www.nvidia.com/en-us/) is currently the world's largest producer of GPUs, though [Intel](https://www.intel.com/content/www/us/en/artificial-intelligence/overview.html), [AMD](https://www.amd.com/en/solutions/ai.html) also build GPUs. In addition to GPUs, there are also many organizations building machine learning models for many uses cases, not only LLMs, but also image/sound analytics, cyber-analytics and many more that are [open source](https://opensource.com/resources/what-open-source) and freely available. I won't attempt to compile a complete list here, but some places to start: - [Hugging Face](https://huggingface.co) is the largest AI community site, containing datasets, machine learning models for many use-cases, and more. - [Open source foundational models from IBM](https://www.ibm.com/blog/building-ai-for-business-ibms-granite-foundation-models/) (access to the IBM Granite models themselves [here](https://github.com/ibm-granite/granite-code-models)) - [InstructLab](https://instructlab.ai) a new, open-source, community approach to building LLMs. This is [a great video](https://www.youtube.com/watch?v=ifpPkSM_OKQ) about it with hands-on guidance. There are many learning resources available on this topic, but here are a few to get started: - [Fundamentals of machine learning - MIT course videos](https://www.youtube.com/playlist?list=PLUl4u3cNGP63gFHB6xb-kVBiQHYe_4hSi) - [Freely available coursework from MIT on AI/ML](https://ocw.mit.edu/search/?q=artificial+intelligence) - [Learning AI/ML on your laptop with Podman AI](https://podman-desktop.io/extensions/ai-lab) ([more information here](https://www.redhat.com/en/about/press-releases/red-hat-announces-podman-ai-lab)) - [NVIDIA Learning Paths](https://nvdam.widen.net/s/brxsxxtskb/dli-learning-journey-2009000-r5-web)(some free, some paid) - [AI Courses, webinars and Certifications from Intel](https://www.intel.com/content/www/us/en/developer/topic-technology/artificial-intelligence/training/overview.html)(some free, some paid) There are lots of podcasts and blogs on the topic: - [List of AI/ML blogs](https://www.artiba.org/insights#blogs) - [List of AI Podcasts](https://www.apple.com/us/search/artificial-intelligence?src=globalnav) - [The AI Podcast ](https://podcasts.apple.com/us/podcast/the-ai-podcast/id1186480811) by NVIDIA. - [In Machines we Trust](https://podcasts.apple.com/us/podcast/in-machines-we-trust/id1523584878) by MIT Technology Review may be another good one to start with. There are also many for-cost degree programs in the field. Some examples - [Clemson University AI program](https://www.coursera.org/degrees/master-computer-science-clemson/academics) - [Harvard University AI professional certificate](https://www.harvardonline.harvard.edu/course/professional-certificate-computer-science-artificial-intelligence) - [IBM AI Engineering Professional Certificate](https://www.coursera.org/professional-certificates/ai-engineer) --- # Cybersecurity Conferences Conferences are a great way to learn new skills and meet new people. There are [many](https://infosec-conferences.com) to choose from, though you may want to start with a [Bsides](https://bsides.org/w/page/12194156/FrontPage) conference near you, like [BSides Charm](https://www.bsidescharm.org) in the Maryland area. One of the largest cybersecurity conferences is [DEFCON](https://defcon.org/?mob=1) held every year in Las Vegas, and is definitely worth attending at least once. --- # Additional Cybersecurity Resources Some selections from [this reddit post in /r/cybsersecurity](https://www.reddit.com/r/cybersecurity/comments/v8l4d5/tryhackme_a_good_starting_point/). There are many more resources in the post, but I trimmed the list down to some good starting resources, which include training, practice environments, and more. - [Series of YouTube cybersecurity playlists by InsiderPhD](https://www.youtube.com/c/InsiderPhD/playlists) - https://null-byte.wonderhowto.com/ - site containing lots of penetration testing techniques - https://tryhackme.com/ - Gamified cybersecurity hands-onlessons - https://zsecurity.org/ - Lots of blogs and content - https://portswigger.net/web-security/ - Free Web security training - https://www.hacker101.com/ - Another free web security class - https://owasp.org/www-project-juice-shop/ - A good practice web application that is designed to be vulnerable so you can install it in your lab and test your skills against it. - https://www.bugbountyhunter.com/ - Content dedicated to teaching about bug bounties. - https://www.hacksplaining.com/ - A nice site that explains common vulnerabilities - https://www.hackerrank.com/dashboard - Site dedicated to cybersecurity job interview preparation # Cybersecurity Blogs and Reports - Independent - https://krebsonsecurity.com - https://www.simplycyber.io/free-cyber-resources - https://blog.g0tmi1k.com/ - https://www.hackingarticles.in/ - https://blog.tryhackme.com/free_path/ - https://www.freecodecamp.org/news/what-is-git-learn-git-version-control/ - https://www.hackingtutorials.org/ - https://www.hacking-tutorial.com/ - https://hacklido.com/d/85-collection-of-resources-for-oscp - Vendor sponsored - https://unit42.paloaltonetworks.com - Palo Alto Networks is one of the largest cybersecurity companies in the world, and their threat research group (Unit42) does great work. - https://www.crowdstrike.com/resources/videos/under-the-wing/ - https://www.crowdstrike.com/global-threat-report/ - This is a fantastic annual report that is a must-read by any cybersecurity professional. - https://podcasts.apple.com/us/podcast/adversary-universe-podcast/id1694819239 ---