Cybersecurity

8182 readers

85 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

Can you recommend a book that teaches you about cybersecurity? (lemmy.dbzer0.com)

submitted 4 days ago* (last edited 4 days ago) by kennedy@lemmy.dbzer0.com to c/cybersecurity@sh.itjust.works

11 comments fedilink hide all child comments

I am currently unemployed (been looking for almost a year with no luck) instead of doing nothing I thought I might learn something new. I work on some coding projects for fun in the meantime because I love doing it. I went to school for computer engineering but I've always been interested in cybersecurity/infoSec I think its a good skill to have. I've been looking at courses that give you certification but I have no money (see unemployment). I've been mostly self taught anyways so I was wondering if you guys have come across any good books on the subject. A book you used as part of a university course you took or a book that helped you. I also feel like those courses with certificates barely teach you anything (especially the free ones). They feel like a bunch of checklists. I want to learn so I feel like a good book will help.

I have a part time job right now so I'm thinking I learn by myself then get enough money to get "officially certified" and move into cybersecurity cause software engineering only isn't doing me any good in this economy.

you are viewing a single comment's thread
view the rest of the comments

[–] pishadoot@sh.itjust.works 7 points 4 days ago (5 children)

You can find plenty of free sec+ study materials to get you started. It is basic, yes, but real cyber security comes from understanding systems, protocols, and best practices and honestly I'm not sure there's a good book that can give you that. I could be wrong, we'll see other posts if they show up, but starting with sec+ material and then reading deeper on things would be my recommendation.

Understanding active directory, Linux permissions and file structure, VPNs, firewalls, different security appliances, hashing, crypto methods/algorithms, handshakes, transmission protocols, VMs, cloud architectures, backup strategies, social engineering, etc - it all plays a part. You could find a number of books and resources about any of those things.

Certs like LPI Linux essentials is pretty good if you're unfamiliar with Linux basics, that's another one to look into where you can find free study material.

I guess what I'm saying is that cyber security is REALLY complicated and will always be tailored to the threats, the assets you're trying to protect, available budget, and systems used. It's why certs are the industry standard of recognition, because there's really not a good way to gauge competency unless you're assessed by another competent person in the field. And you may be AWESOME with an active directory setup but be lost in Linux, or need to work with embedded systems, but be weak in other areas because you've never worked with it, so certs kind of level the field so you can be at least aware of stuff if you've never worked with it.

I would not consider myself an expert in the field but this is my perspective. You can learn for the next 10 years for free and by just experimenting on old hardware and with VMs and a robust LAN.

The cyber landscape is so, so complex. There's an endless number of options and potential vulnerabilities. Defense in depth can't really be taught from a single book, but by identifying areas you'd like to learn more about can take you as far down the rabbit hole as you like.

[–] kennedy@lemmy.dbzer0.com 2 points 4 days ago* (last edited 4 days ago) (2 children)

ah okay so there there are sub fields you can specialize in but not one thing you can learn that with apply in everywhere. I guess that's why its been a bit hard to find cohesive material to look at. Everyhwere I tried to look was trying to teach me different things.

[–] scytale@piefed.zip 2 points 4 days ago

Sec+ resources are a good recommendation though, because it lays down the groundwork and fundamentals that you can then build on once you decide on the domain you want to specialize in.

[–] pishadoot@sh.itjust.works 1 points 4 days ago

I think everything you learn will for the most part apply everywhere, there's just no singular definitive source for everything. It's like saying you want to learn politics, or you want to learn construction, or you want to learn math. The field is so wide that you can't just get a single book about everything.

You definitely can specialize in sub fields though. My favorite areas are network architecture/security and social engineering. My primary skills lie in disaster planning and recovery though, because I migrated from a different industry where I applied pretty much the exact same thought methodology.

load more comments (2 replies)