In this video, Marc Menninger decribes resources which can enhance the career of IT security professionals. Learn about general resources like the NIST CSRC, CERIAS, and the SANS Reading Room. Explore other helpful security resources like news and blog sites, security podcasts, free security training, and security books.
- One of the benefits of being in the IT security industry is the great variety of resources available which can enhance your career. Some of these resources are educational, while others are more entertaining, but luckily many of them are free. We'll start with a few general security resources. The National Institute of Standards and Technology, or NIST, maintains a Computer Security Resource Center. The C-S-R-C is a helpful site when you're looking for examples of security policies and standards, especially if you're writing these for your organization and you need some inspiration.
Next is CERIAS, the Center for Education and Research in Information Assurance and Security, at Purdue University. Here you'll find free IT security seminars, plus industry news and opinion. And you'll want to check out the SANS Reading Room where you can reference more than 2500 IT security white papers written by other IT security professionals. As an IT security professional, people will expect you to know and have an opinion about current security events.
You can stay on top of IT security news, events, and trends by reading these blogs: Krebs on Security, Naked Security, Threat Level, Dark Reading, Threatpost, and Information Security Magazine. Sometimes it's easier to listen to security news and commentary, so you might enjoy these popular security podcasts. Brakeing Down Security, Down the Security Rabbithole, Southern Fried Security Podcast, Security Current Podcast, and the SANS Internet Storm Center daily podcast.
There is no lack of paid training opportunities in the IT security field, but there are also high quality free training resources if you know where to look. Check out these free trainings if you need to expand your knowledge in these areas. Cybrary, which provides free IT security training on a wide variety of topics, including many certification exams. Metasploit Unleashed, a free course on ethical hacking using the Metasploit framework. C-I-S-S-P Cryptography Mini Course, a free course covering the basics of cryptography.
And SANS Cyber Aces, which provides courses on fundamental IT security topics like operating systems, networking, and system administration. For a mix of education and entertainment there are plenty of great IT security books worth reading. Schneier on Security is a great read that explores security expert Bruce Schneier's security philosophy. There are also four riveting titles that tell real stories of hacking, espionage, and cybercrime.
Ghost in the Wires: My Adventures as the World's Most Wanted Hacker, by Kevin Mitnick. Spam Nation: The Inside Story of Organized Cybercrime from Global Epidemic to Your Front Door, by Brian Krebs. The Cuckoo's Egg: Tracking a Spy through the Maze of Computer Espionage, by Cliff Stoll. And finally, Kingpin: How One Hacker Took over the Billion-Dollar Cybercrime Underground, by Kevin Poulsen. Of course there are many more resources for IT security professionals than the ones I've covered here.
And as you progress in your career you'll find your own favorites. In the ever-changing world of IT security the most important factor when determining where you get your news is data quality.
Marc closes with a few pieces of career advice specific to the world of information security, which will help you succeed in this dynamic and high-demand industry.
- IT security key concepts
- The job marketplace (government vs. healthcare, etc.)
- IT security success traits
- Career specializations
- IT security certifications
- Getting experience
- Marketing yourself