How to become an information security specialist – experts answer

In information security, as in any professional activity, there are a huge number of areas, each of which requires unique knowledge and skills from a novice specialist. So, when working on the security of web applications and APIs, it is important:

1. It is imperative to know English, especially technical. This knowledge is useful for reading various manuals and technical reports. In addition, major conferences attended by professionals from around the world in various information security fields are held primarily in English. To keep abreast of the latest trends, it is imperative to view reports from these conferences, at least those related to your specialization.

2. A good understanding of the operating principles of the Linux operating system. And the higher the level of knowledge, the better, because this is the main system on which the servers on the Internet work. Knowledge in the field of computer networks is also necessary: ​​the features of their construction, architecture and protocols by which all this works. Here I can recommend the 5th edition of Andrew Tanenbaum's book Computer Networks. At least it will be useful to study the section on TCP / IP. Also, a good theoretical base would be the book Computer Networks. Principles, technologies, protocols ”V. Olifer, N. Olifer.

3. Acquire knowledge in your profile. Now the network has a huge number of courses in various areas of information security. Pay attention to reviews, as the quality of many, in my opinion, leaves much to be desired.

In addition, no one is canceling the study of printed electronic literature. From books I can recommend, for example, The Hacker Playbook 3: Practical Guide To Penetration Testing by Peter Kim. This is a great book that covers the practical aspects of operating and using various utilities. Her third version was released in mid-2018, so it contains relevant information that cannot be found in many textbooks that came out earlier.

Information security is a rapidly developing field, so try to study the latest newsletters on the topic. Great service Vulners. It is a vulnerability aggregator with advanced search capabilities. There is also the telegram bot vulnersBot of the same name, where you can subscribe to news about areas of interest to you. Fresh exploits can be found on Twitter, on GitHub, and on the trusted Exploit Database resource.

4. Knowledge of different programming languages ​​will greatly facilitate the study of web applications, and high-quality testing using the "white box" method (when the source code of the application is studied) is impossible without it. Today most common are Ruby, Python, Java, PHP, .NET.

You can start, for example, with Python – it has a huge number of utilities and exploits written on it. This language has a low entry threshold, it is quite flexible and weakly dependent on the platform.

5. Do not underestimate the ability to quickly search for the right information in search engines. Finding and embedding some solutions in a workflow is easier and faster than rewriting them. In 90% of cases, the task that confronted you has already been solved by someone before.

If we talk about utilities, then there are entire assemblies with all the necessary software. Most often, these are Linux-based systems that can be installed on a working machine or used in live mode, for example, by loading from media. The most popular are Kali Linux and Parrot Linux. Kali Linux has been available since 2013. It is a proven and stable working environment for years. The popularity of this assembly caused the appearance on the network of many different manuals and options for using the applications that are part of it.

I can also recommend some good books on this subject. For beginners, it’s useful to learn “Hacking With Kali Linux: A Comprehensive, Step-By-Step Beginner’s Guide to Learn Ethical Hacking With Practical Examples to Computer Hacking, Wireless Network, Cybersecurity and Penetration Testing”. For more in-depth study – "Mastering Kali Linux for Advanced Penetration Testing: Secure your network with Kali Linux 2019.1 – the ultimate white hat hackers’ toolkit, 3rd Edition. " In general, there are quite a few books, but most of them are in English (we recall the first recommendation). Of the Russian authors, I can note the book by N. Skabtsov, "Security Audit of Information Systems."

Finally, in addition to the necessary knowledge, the amount of which will only grow as one goes deeper into the industry, qualities such as perseverance, determination and the ability to think outside the box will be useful to an information security specialist.

Similar Posts

Leave a Reply