Resources to increase your info security knowledge and benefit your infosec career…

@GeekGrrl posted a note on her blog asking this question:

1) How would you recommend getting started on a career toward Network Security/Network Pen Tester?

She has some follow-up questions to that first one requesting some specific information. Go read her post and then come back.
Okay, here is what I suggested. Obviously, not exhaustive.

Here is a good blog post that might help.

1) Certs –

  • If you want to be technical, I would start with the SANS GSEC cert. Make sure you go for the GOLD cert and not just the silver. This cert will give you a good base to build on.
  • From there, move on to firewalls, ids, etc.  as appropriate.  SANS certs are the best technology agnostic certs around.

2) Cons

  • Defcon – cheap and worthwhile.
  • Keep doing what you are doing, watch and read the presentations after they are posted. Garret Gee over at Infosecevents usually posts links to archives when he comes across them.

3) Associations

  • See if there is an Infragard chapter nearby.  Free and often strong in cyber security.
  • Start a chapter of You will probably learn more and meet more people that can help you doing this than anything else.

4) Books

5) Other

Finally, VirtualBox is a great free virtualization platform for Windows and Linux that will let you setup VMs like DVL to hack against.

Go ahead and offer up your suggestions in the comments.

UPDATE: On the drive home I today, I was still thinking about this question and I realized I left off one things that an individual can do that will probably reap more benefits than any of the items listed above.

Find a mentor.

Find somebody who has been in the business for a while who is willing to let you bounce questions off of them and is willing to give you the benefit of their experience when you hit situations that you are not familiar with. Somebody who can offer you those second opinions that can be so helpful.

Here is a link to a bunch of articles on finding a mentor and the mentoring relationship. The articles are not infosec related at all, but still apply.



3 Responses to Resources to increase your info security knowledge and benefit your infosec career…

  1. bluejay says:

    Hi Kevin,

    I find it very interesting that you give this kind of tips to newbies who want to get into Info Security career. I actually am in a similar position to GeekGrrl. Although I do not have as many years of experience in the IT field as her, I do hold a middle-managerial position in a large company in the health sector. I’ve wanted to become an infosec specialist in my company for some time and I am now finally in the position in which I can work on certs. But unlike GeekGrll, I am not interested in being a PenTester, but one of the network security specialists. I am passionate about it, and I love to read and learn about things I am passionate about.
    What would you recommend to me? What certs and books? I think that I should also be concerned about data privacy and protection, because in my sector this is is and will be for years a very big theme. How important do you think this is for me and my career?

    Thanks 🙂

  2. Kevin Riggins says:

    Hi Bluejay,

    Much of what I wrote above applies to your desire to enter the network security field also. Particularly the Certs, Cons and Associations parts.

    Some might argue with me, but the CCNA cert, while Cisco centric from a implementation perspective, does provide a great deal of good network training that is applicable no matter what hardware you are using.

    Regarding books, the network security topic is very broad and there are many good books available. Instead of suggesting one or two, I will point you here

    Data privacy and protection are going to continue to be very important topics. Anything that broadens your knowledge in these areas is a good thing.

    Finally, the Security Blogger’s Network is a great source of timely information. You can subscribe to it here:


  3. OneEyedCarmen says:

    Another great site, particularly for anyone trying to get started in the pentesting field, is

    Don Donzal does a great job over there.

    Bluejay, I’d suggest looking into the classes for the HIPAA Security Specialist cert (whether you get the cert or not, the classes are helpful). It’s a little pricey, but as you’re already working for a healthcare organization, you may be able to convice your company to ante up.

    Good luck,

%d bloggers like this: