Many of us working in information and network security today did not have formal training or education in security, but rather came into it from some other field. Some of us saw something in security that sparked our interest, or we were passionate about understanding how things work — seeing what would change if you altered a certain detail, and continuing to figure out how to build the system better and break it down again over and over.
Today more than ever, security in the digital world is a hot topic and there is almost an information overload out there. How can we possibly stay current on our specific knowledge and skill sets, while still trying to keep up with the industry and general security concerns? Trying to comprehend and make sense of all this information is daunting, if not impossible. The good news is that there are options everywhere to help you, and instead of trying to ingest everything, you may want to consider taking an approach that works for your learning style.
Social Media, Podcasts and Videos
To keep up with current news and topics, Twitter and other social media outlets offer probably the most real-time (but not always the most accurate) way to stay current. From there, I recommend filling some of your free time with general industry knowledge. I like doing this with podcasts or videos that I can listen or watch while commuting, working out, etc. This helps keep me current on news and topics that are happening in the industry. There are also a lot of security blogs and other media outlets that provide information in this format. From those items, when I come across something that I am interested in or is relevant for me, I can dive deeper when I have the time.
For topics that I want a deeper knowledge and understanding of or need to get a certification for, I like to begin by understanding the topics at a high level. I do this by watching videos or reading about them in a general format. That helps me get an overall idea of what I need to understand and what the topic or solution is all about.
Security Certifications and Classes
At that point, if it is possible, I try to attend a class with an experienced instructor. These can be in person or virtual. I have found that if I take to the time to attend a class, it makes me focus on the objectives and helps prevent distraction. In a class environment, there is also a chance to network with classmates and instructors to help drive discussion and answer questions as they come up, which can really make the information sink in.
Most of the time, technical training will have some sort of lab to help apply the knowledge. For me, this is a must; I have to make it work and see it in action, break it and tweak it, to fully understand how it works. From there, it usually stays with me for an extended period of time and I can feel comfortable saying I understand it. There are emulators, labs, hacking challenges, vulnerable hosts and all kinds of stuff that can be found online to help drive this knowledge home.
The Cybersecurity Community
I know it is cliché, but in my experience, the security community itself is the best way to stay current. The options are endless: Join user groups and forums, attend local meetings, talk with our peers, mentor others, ask for help, or listen to others’ thoughts and opinions.
It was a hacker mentality that drove a lot of us into security, and hopefully it is that passion for learning and understanding that continues to drive us forward.
Additional Security Resources
Here are some resources that I’ve found helpful and that you may find helpful as well:
- Security Weekly: A network with a variety of shows. I primarily listen to “Security Weekly” and “Enterprise Security Weekly.”
- TWiT: Another network with a variety of shows. Here, I primarily listen to “This Week in Enterprise Tech,” “Security Now” and “MacBreak Weekly.”
- “Beers with Talos” from Cisco Systems: Offers some good industry and Cisco information.
- “Unsupervised Learning”
- “35 of the Best Information Security Podcasts to Follow” from the Digital Guardian blog: A long list to fill your device for hours.
Online Classes and Video Training (Both Free and Paid)
- CBT Nuggets
- YouTube: Obvious, I know, but there are a ton of great videos and channels.
- SANS Institute
- InfoSec Institute
- Cisco Live
Security Magazines, Website and Blogs
- Security magazine
- Security Today
- Dark Reading
- Wired’s Threat Level blog
- Schneier on Security