I created this website with a view to keeping track of some of the most useful content that I feel that is useful.
Depending on your use case, this may differ from my definition of useful, so if you find it helpful, then great!
I am also asked quite regularly for any advice that I can offer for people trying to break into cyber security, so I will share my thoughts with you.
The first thing I would say is to keep up to speed with current events which have a cyber security aspect.
It may help if you know the area of cyber security that interests you most so that you know where to focus your searching.
If you use twitter then following high profile cyber security people may help keep you in the loop with events, but be careful that any information you receive is checked against independent sources especially if you are going to passing this information on or using the information in your work/blog posts etc.
If you do use information that other people have compiled then I strongly suggest that you give credit to the person / company that you got the information from – or better still check if they are the originating source – and use the original source but still quote how you got the information.
(If I’ve missed quoting the source on anything on this website it’s unintentional)
Own any mistakes you make; don’t try to hide behind any errors, don’t blame outside influences, think “how can I learn from this” if you feel that something hasn’t gone as well as you hoped.
Study – it’s a constant learning field; don’t try to know everything; use people around you (maybe better worded – utilise) so that you know one area, they know another, you supply knowledge in an area they are weak, they supply areas you are weak in.
A caveat to the study – make sure you get down time to rest and relax – burnout in cyber security is a big topic, in my opinion you need a hobby that doesn’t involve computers to help you relax.
Admit if you don’t know something – I have much more respect for someone who says they don’t know but are willing to have a guess (and make it clear it’s a guess) and follow that up with learning to reinforce the knowledge.
Ask for feedback, if someone just says “it’s great” – I ask how can it be improved?
That could be on anything.
A big one – treat all people the same; I don’t care the colour of someone’s skin or their gender, their preferences, religion, it makes absolutely no difference to me; if they are willing to learn and they ask for help, I am willing to help where they want.
If I don’t know the subject, I’m willing to learn alongside them Don’t push people to learn; if they aren’t interested then it’s much less likely for them to absorb the information.
When applying to a company where they have advertised, research the company. See if you can find who the hiring manager(s) is/are – and personally I would suggest follow them on social media to see what their public posts are like; but don’t stalk them.
Research what the company has done; any mergers? Any changes with partner companies? Have they released press releases? Have they disclosed any positive or negative information and review that – see how it is worded, this may give clues as to how they deal with an issue that they may or may not have wanted public, it can tell you a lot.
If in the UK, check out companies house for any information that is available there on the company, that can give research thoughts that you may have previously not considered.
Check out any blogs, YouTube videos or similar that the company has released or endorsed.
It is important to follow procedures in this line of work; procedures are not always correct, but if challenged in the correct way then they can sometimes be improved.
If you are asked something by someone where you don’t know if they should have that information, then don’t give the information, but refer it to someone higher up the chain.
This can stop a lot of data leakage by social engineering. The more sources of information / learning you can soak up information from, the better. IMPORTANT – if you are going for an interview, make sure you prepare well in advance; tailor your CV to the job each time, read the job spec fully and understand each word, fit your experience to each point without making anything up.
You may not have any commercial experience on “X” tool, however you may have a home lab where you have setup tool “Y”, and you struggled on setting up component “B”, this could be a talking point in the interview, lots of hiring managers are willing to let someone talk through a problem because it demonstrates how the candidate thinks through a problem to solution.
Be prepared to be challenged on any claim in your application / CV, and think in advance “what can they ask about this point”. Ask questions; in my opinion, the only silly question is the one not asked – as long as the research has been done. Sometimes people may laugh at a question, but if you’re learning from the answer then who cares?
Hope that has helped someone!