As time goes by, brevity seems more important. As such, I'll try and be as concise as possible here.
I'd like to learn how to hack stuff.
That's as simple as I can break it down. After meeting with an IT security professional, I've began taking steps toward this end. Today is actually day nine in my current endeavor, though I've only just begun ye ol' Blogger.
I figure there are others like myself who know next to nothing about breaking into the computer tech security field, but who are also like myself intrigued by it. Well, I'm starting from scratch and documenting the journey--however far it takes me.
We discussed some short and long term goals last week:
- Security + certification from CompTIA...this is great book knowledge type stuff that will help down the road on a resume as far as actually landing a job. I've yet to get the Security + book, but this needs to happen soon as this is something that I can begin immediately.
- CISSP...this one is a must have according to my friend, and in order to even get it, you've got to have something like 5 years of experience. Apparently "experience" in this case is a somewhat flexible term that many things can count toward. More shall be revealed; this too is a little ways down the road, though a definite must have for career purposes.
- OSCP Security...I'm perhaps most excited about when I'm ready to tackle this bad boy. This is a very hands on security certification that cost about $1100 for the online class and 90 days of the lab. At the end of it, you are tested by hacking into a network over a period of 24 hours. The deeper you get, the better you score. Very cool.
- Programming...I've always wanted to learn a computer language, and if I'm going to pursue this security stuff, now is the time to go ahead and do that. He suggested Ruby on Rails or Python.
- MOOC...this stands for Massive Open Online Courses. In essence, they are totally free university courses from big time names like MIT, Harvard, Berkeley and Stanford hosted on sites such as edx.org, coursera.org and udacity.com. Can't believe I'd never heard of this until now actually. As fate would have it, MIT has an introductory programming course via edx.org on the Python language that started Oct 3rd and an introductory Computer Science course that starts on the 15th. I've enrolled in these and a few others, but for the sake of completion, I am committed to these two for now.
- Tons of specialized GIAC training from SANS. This stuff is incredibly costly, though there are some ways to help out at conferences for a discounted rate. After getting my feet wet, I'll consider delving further into these options.
- Formal Schooling...we talked a bit about Masters Programs for security. There are significant scholarships available for this through the government that are bound to agreements to work for the government for x amount of time upon graduation. Pretty good deal. Norwich and James Madison Universities both have online Masters programs.
Quite the handful of items to consider. Thus far, the EDX Python course has proved to be pretty cool. The EDX site is extremely well put together. Very minimalist layout that works well. I'll be producing an accompanying podcast to this blog on a weekly basis. Both of which will serve simply to follow me, a noob to InfoSec, on my journey into the unknown.
May the force be with you,