How to get ahead in InfoSec*
Employment
• http://allowedtoapply.tumblr.com/ - blog telling you "You can do this, do it!"
• http://www.kalzumeus.com/2012/01/23/salary-negotiation/ - You're worth more than you think.
• https://trailofbits.github.io/ctf/intro/careers.html - Infosec Career Cheatsheet.
• https://ninjajobs.org/ - ignore the name, actually a useful job board.
• https://medium.com/@jocelyngoldfein/how-to-ask-for-a-promotion-87e0e3b4ebd6 - How to get promoted.
Security Resources
• https://www.owasp.org/ - Open Web Application Security Project.
• https://github.com/isislab/Project-Ideas/wiki - list of other things to go read to do with all things security.
• http://phrack.org - historical zine of things that happened.
• http://www.isis.poly.edu/ - NYU Poly's ISIS lab.
• https://developer.apple.com/library/mac/documentation/Security/Conceptual/Security_Overview/ThreatModeling/ThreatModeling.html - Risk Assessment and Threat Modeling by Apple.
• https://www.reddit.com/r/netsec/wiki/start - reddit's /r/netsec's "Getting Started in Information Security".
Security talks
• https://www.etsy.com/codeascraft/talks#section-Security - Etsy security talks.
• https://www.youtube.com/watch?v=KwJyKmCbOws - Why I teach people how to hack, Ýmir Vigfússon.
• https://www.youtube.com/user/HackersOnBoard/playlists - HackersOnBoards playlist of pretty much every DefCon.
• http://contagiodump.blogspot.com/2015/01/video-archives-of-security-conferences.html - Big archive of lots of other
security conferences.
Key things to the industry that just don't fit anywhere
• http://insecure.org/stf/smashstack.html - Smashing the stack for fun & profit.
• http://timetobleed.com/a-closer-look-at-a-recent-privilege-escalation-bug-in-linux-cve-2013-2094/ - fabulous walk through
of a real Linux kernel bug.
• http://www.wired.com/2011/07/how-digital-detectives-deciphered-stuxnet/ - Fascinating Wired article on Stuxnet.
• http://carnal0wnage.attackresearch.com/2012/11/the-biggest-problem-in-computer-security.html - "Problems in
computer security"
CTFs/online challenges
• http://hackertainment.net - meta list of great CTFs.
• https://exploit-exercises.com/ - variety of virtual machines, documentation and challenges.
• https://webgoat.github.io/ - deliberately insecure JavaEE application to break!
• http://www.dvwa.co.uk/ - Damn Vulnerable Web App is a PHP/MySQL web application that is very vulnerable.
• https://stripe.com/blog/capture-the-flag-wrap-up - Stripe's first CTF writeup.
• http://blog.ioactive.com/2012/08/stripe-ctf-20-write-up.html - write up of Stripe's second CTF.
• https://engineering.opendns.com/2015/03/16/security-ninjas-an-open-source-application-security-training-program/ OpenDNS's Open Source Application Security Training Program.
Books
• http://smile.amazon.com/Kingpin-Hacker-Billion-Dollar-Cybercrime-Underground-ebook/dp/B004IK8Q2M Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground
• http://smile.amazon.com/CUCKOOS-EGG-Clifford-Stoll-ebook/dp/B0083DJXCM - Cuckoo's Egg "a computer-age detective story, instantly fascinating [and] astonishingly gripping"
Twitters
• https://twitter.com/securitytwits - job posting stream.
As few tools as possible
• https://www.wireshark.org/ - take apart network packets and see what is happening.
• https://www.kali.org/ - entire Linux distribution designed for penetration testing.
Grab a copy of this from http://bit.ly/etsywicyspdf
CC BY licensed
https://www.etsy.com/careers
* or cyber, if you must.