Cyber Defense Advisors

Learning Cybersecurity

Cybersecurity is a huge topic ~ where do you start?

Free Content on Jobs in Cybersecurity | Sign up for the Email List

This is a compilation of some of my post that might help someone who is trying to learn cybersecurity. Cybersecurity is a huge topic with many different paths to explore.

In my case, I started learning when I ran an e-commerce business, experienced a data breach, and started trying to learn cybersecurity any way I could.

First, I started reading books. I’ve reviewed some books on this page, but I also wrote my own book which a primer on cybersecurity at a high and fairly non-technical level. Cybersecurity is really about risk management. I like to say, “How many chances are you giving the attacker?” You’ll never plug all the holes but you want to plug as many as you can, and be able to effectively monitor what you need to leave open.

It’s also a good idea to understand how threat actors operate around the world and locally. The books I’ve reviewed include a lot of different aspects of cybersecurity and my own book sums it up at a high level. Although it the title is “Cybersecurity for Executives in the Age of Cloud” it could have been “An Executive Summary of Cybersecurity in the Age of Cloud.” I’ve had experienced security professionals and developers read it and give positive feedback, so it’s not only for executives.

Cybersecurity Books

Back when I started out, there were few training options, but I ran across SANS Institute and ultimately started following and reading their newsletters. Then I went on to take some classes there and get some certifications. I have some of the certifications I got listed on this page, which also includes information on getting a job in cybersecurity or recruiting cybersecurity professionals. There’s no paywalls on those stories, by the way. They are all free for anyone to read.

Cybersecurity Careers and Jobs

When you’re learning cybersecurity part of it is how to think about cybersecurity. It’s not about hacking into systems or changing firewall rules. It’s about designing systems that meet business needs to get business done while protecting business assets. In addition, cybersecurity is not about buying a product, setting it up, and you’re done. It’s a matter of constantly revisiting your configurations, monitoring what the attackers are doing, and adjusting accordingly.

When you design your systems you need to think about how you can design them in a way that they are manageable. Sometimes there are a myriad of things to configure and how will you make sure things are configured the way they are supposed to be? If you are working at a company with tens of thousands of developers, how will you ensure they are all abiding by the corporate standards and compliance rules? How will you make sure the security team can see all the logs and the logs have what they need in them if a breach occurs?

Here are some posts along those lines:

Cybersecurity for Executives: Table of ContentsHow to THINK about cybersecurityCloud GovernanceThe right cybersecurity training

If you want to be on the technical side of defending and attacking networks, you will want to learn cybersecurity fundamentals. I’ve written some posts that dive into some of the fundamentals of cybersecurity that might interest you.

Cybersecurity MathSecure Code By DesignFaulty Security Control Logic

If you want to start learning networking and how to look at logs from a security perspective and design effective firewall rules, I would recommend setting up a home network. I have some posts on doing that with pfSense and a UDM Pro. I’ve tried other products and these are the ones that fit my budget and work effectively at the moment for a home network. Every network device is constantly under attack so watch for vulnerabilities and keep your software and firmware up to date. If you cannot afford these devices you can use an open source version of pfSense on your own hardware.

Configuring pfSense and Netgate Devices

If you want to learn Cloud Security and AWS Security, I’m working through a whole series on AWS Security here. I’ve had a few fits and starts as I worked through the issues of setting up a security cloud environment. I also have a free open-source code repo associated with these posts. You will learn not only how to write the code but how I troubleshoot problems and think about how an attacker might get into my cloud environment. Ultimately I want to get to the point where I’m automating cybersecurity metrics in this environment but there’s a lot of ground to cover.

Automating Cybersecurity Metrics (ACM)

If you want to set up a website on AWS and secure your GitHub repositories I have posts on that too. Everything is always a work in progress so you may be reading this before it’s done.

Components of a Static Web Site on AWSGit and GitHub Security

If you want to be a penetration tester then check out these posts. Penetration testing and security assessments are something I do for a living, but I recommend starting on the builder or securing side of cybersecurity before moving into penetration testing to be a better pentester. Understanding how things are built and managed will provide you better information to perform useful attacks. Also, I’ve simply written much more about security things than attacking things to date, but I have more posts on penetration testing coming after I work through my AWS account and web site setup. How many stories you see depends on where I’m at by the time you read this.

Pentesting and Bug Bounties

I hope those resources are helpful to anyone trying to learn and get a job in cybersecurity. Even if you aren’t working directly on the cybersecurity team, these stories will provide a better understanding of how cybersecurity works and what your security team is worrying about when they won’t let you do that risky thing you are trying to do. If you have a home network, you will be more secure at home and better protect your bank accounts and other people’s systems that may be attacked by your firewall. Understanding cybersecurity may help you better protect your business and if you are allowed to vote for elected officials in your country, you will be able to make more informed decisions when cybersecurity topics make their way into politics. If you plan to work for a large corporation or the government, you will be able to help stop insider threats and espionage that can harm your organization.

If you need more help, I have some services listed on LinkedIn at https://linkedin.com/in/teriradichel and on the home page of this blog: https://medium.com/cloud-security.

Happy reading and learning!

Follow for updates.

Teri Radichel | © 2nd Sight Lab 2023

The best way to support this blog is to sign up for the email list and clap for stories you like. That also helps me determine what stories people like and what to write about more often. Other ways to follow and support are listed below. Thank you!

Get an email whenever Teri Radichel publishes.

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
Author: Cybersecurity for Executives in the Age of Cloud
Slideshare: Presentations by Teri Radichel
Speakerdeck: Presentations by Teri Radichel
Recognition: SANS Difference Makers Award, AWS Security Hero, IANS Faculty
Certifications: SANS
Education: BA Business, Master of Sofware Engineering, Master of Infosec
How I got into security: Woman in tech
Company: Cloud Penetration Tests, Assessments, Training ~ 2nd Sight LabLike this story? Show your support so I can write more!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Clap for this story or refer others to follow me.
Follow on Medium: Teri Radichel
Sign up for Email List: Teri Radichel
Follow on Twitter: @teriradichel
Follow on Mastodon: @[email protected]
Follow or Like on Facebook: 2nd Sight Lab
Follow or like on YouTube: @2ndsightlab
Buy a Book: Teri Radichel on Amazon
Request a penetration test, security assessment, or training
via LinkedIn: Teri Radichel
Schedule a consulting call with me through IANS Research

Cybersecurity for Executives in the Age of Cloud

Learning Cybersecurity was originally published in Cloud Security on Medium, where people are continuing the conversation by highlighting and responding to this story.

Related Post

  • by
  • September 19, 2024

This Windows PowerShell Phish Has Scary Potential

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who

Cyber News
  • by
  • September 19, 2024

Wherever There’s Ransomware, There’s Service Account Compromise. Are

Until just a couple of years ago, only a handful of IAM pros knew what service accounts are. In the

Cyber News
  • by
  • September 19, 2024

Hackers Exploit Default Credentials in FOUNDATION Software to

Threat actors have been observed targeting the construction sector by infiltrating the FOUNDATION Accounting Software, according to new findings from

Cyber News
  • by
  • September 19, 2024

FBI Shuts Down Chinese Botnet

The FBI has shut down a botnet run by Chinese hackers: The botnet malware infected a number of different types

Cyber News