Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
resdac8827yHey, as a security engineer student im quite interested in some reading material, care to share? :)
-
Cybrary has free (but shady) courses.
You'll need a good background in networking (books by Tannenbaum/Stallings) and operating systems (practical Windows/Linux internals).
For a good rundown on the theory go through William Stallings' book on security, good coverage of algos and stuff.
If you're into malware analysis and reverse engineering there's a good book on that by Bruce Dang (but it assumes good knowledge of Windows internals and ARM/x86 assembly).
For formal verification, you could go through a theorem prover like Coq (and a good part of the theory is explained by a free Coursera course on formal logic by Stanford).
For a certification you may want to look at CompTIA Security + (which is a joke) or EC-Council's CEH (which is also a joke, but eh, certifications.)
You can get pentesting experience starting with smaller companies after you have a certification.
You can use that to go for a higher certification and/or apply for a position with a security company. -
Ohhh, check out a book called Black Hat Python, full of techniques you can use to write your own scripts, agents and stuff. Really cool and a fun read.
-
Also, since your tags mention CEH: I have that cert, it's pretty shady, in the sense that I felt the level of rigour and knowledge assessed by it was just not enough for an actual practicing pentester. But employers seem to like it, and it regularly appears in lists like "highest paid certs" so....
Also, about what @BindView said, unless you're going into research I seriously doubt you need a whole lot of maths. You need to know when to apply what algorithm, strengths and weaknesses, but almost never implementations (because of things like sidechannel attacks). Case in point: my teacher in the CEH course was an experienced guy with years of pentesting behind him and tons of certs, but he barely knew the maths behind the Diffie-Hellman key exchange, and that's a basic algorithm.
But I'm a theory guy, @exceptionalGuy also has a CEH, I think his advice would be better (he also hates maths). -
I may not the be best person to advice since I'm not very experienced myself but I would suggest learning about network and protocols first. If you're not into research and everything, practice is all that takes. Work on hackboxes, set up your own environments and hack into them and never hesitate to ask for help. I know people who don't have any certifications and who suck at Math do amazing stuff in the field so yeah, practice.
-
As someone with 4 years experience in cybersecurity I can say loud and clear- DON'T.
It's a meme. The work is pretty boring. Too many non-techincal people to deal with. In most security jobs you hardly to any programming, asude from stupid scripts here and there.
The only perk I can think is the salary which is pretty nice.
I want to leave this meme and br a dev instead -
@BindView XD
When you put it that way....
I meant that it's perfectly possible to have a career in cybersec without being a maths major. Just like maths is not really a prerequisite for a good dev career but a good chunk of it is based on maths.
Besides, one can always learn along with said career.
Related Rants
I'd love to get into a career within the cyber security industry.
Anyone got advice?
I've played around with Kali/Parrot and setup a proxmox box to perform pen testing and have a fair number of PDF ebooks and audio books on networks, security and pen testing
question
pentesting
ceh
hackers
it security hackers