Cybersecurity Save

This is meant to assist people looking for entry level Cybersecurity jobs, as well as study up on skills that they can put on their resume.

Project README

GitHub stars GitHub forks GitHub license

Cybersecurity Document

This document is meant to be a Swiss Army Knife for entry level Cybersecurity jobs and to learn hacking skills. A work in progress, so if you see mistakes, please mention it in the "Issues" section.

NOTE: I DO NOT OWN ANY OF THIS INFORMATION. THIS IS JUST MEANT TO BE A COMPILATION OF VARIOUS RESOURCES. SOURCES ON THE BOTTOM.

DISCLAIMER: The information below is for eduational purposes ONLY. You are responsible for your own actions. (Don't hack your friend for not hanging out with you!)

Table of contents

Entry Level Job Titles (Not Cybersecurity per-se, but for getting a foothold in the industry)

IT Support Technician - Using a ticketing system for internal support requests and installing programs on computers.

IT Helpdesk Tier 1 - Using a ticketing system to provide support, as well as providing technical support over the phone.

Junior Network Technician - Assisting in adding users to the network, modifying user access, and performing basic network maintenance tasks.

System Administrator - Responsible for the configuration, upkeep and reliable operation of a company’s network and computer systems.

Data Administrator - Use specialized software to store and organize data.

Network Administrator - Manage an organization's computer networks.

IT Technician - Provide general desktop and printer support for a company and/or its clients, or they provide network support.

Security Administrator - Installs, administers, and troubleshoots an organization's security solutions.

Network Engineer - Design, build, implement and maintain the computer networks businesses and organizations use.

Entry-Level Job Titles (Cybersecurity)

Information Security Analyst - Plan, implement, upgrade, or monitor security measures for the protection of computer networks and information.

Junior Penetration Tester - Hired by a client to bypass or defeat security controls.

Cybersecurity (Security) Technician / Specialist - Protects computer assets by establishing and documenting access; maintaining files.

Cyber Crime Analyst/Investigator - Information security professionals who use their skills and background knowledge in areas like network administration or network engineering to help counter the activities of cyber criminals such as hackers and developers of malicious software.

Incident Analyst/Responder - Require an understanding of security operations, a solid foundation of technical skills related to information and network security, and strong communication skills.

IT Auditor - Responsible for analyzing and assessing a company’s technological infrastructure to ensure processes and systems run accurately and efficiently, while remaining secure and meeting compliance regulations.

Mid-Level

Cybersecurity Engineer (systems): ensures memory is handled safely, ensures interfaces are implemented securely, etc

Cybersecurity Engineer (Web): ensures web apps utilize frameworks or architecture paradigms that are resistant to CSRF/XSS/SQL injection attacks (using tokens, MVC frameworks, input validation, etc.), ensures imported libs are trustworthy, etc.

DevSecOps Engineer: largely operates in the IT security space, automates security tasks and functions in a security orchestration position

Cybersecurity Analyst - Information technology professional whose primary function is to protect organizations from cyber attacks and respond swiftly to restore protection if compromised.

Cybersecurity Consultant - Responsible for keeping a client’s data suitably protected and free from the risk of cyber attacks and related problems

Penetration & Vulnerability Tester - Highly skilled security specialists that spend their days attempting to breach computer and network security systems.

Cybersecurity Architect - Combines hardware and software knowledge with programming proficiency, research skills, and policy development.

Advanced-Level

Cybersecurity Manager / Admininstrator - Require an advanced understanding of information security concepts, security operations and information assurance, as well as risk management and project management skills.

Reverse Engineer(RE)/Malware Analyst: decompiles software and uses this information to determine the function or security flaws of target software. Often participates as a member of an Incident Response Team or sometimes even a red team. Probably has a background in OS or embedded/systems development, and in-depth knowledge of assembly code for the target processor architecture

Penetration Tester/Red Team Developer (SWE): May participate on a red team, building utilities and chaining tools that are configured for a specific target. Builds out software for C2 infrastructure. (example, chains a browser exploit, image parser exploit, and OS exploit, then executes code that maintains persistence and elevates privileges)

Career Websites

Indeed

Ziprecruiter

Glassdoor

Monster

Chegg

SimplyHired

CareerBuilder

USAJobs

NSA Jobs

FBI Jobs

Google job search (etc. cybersecurity jobs [city name])

Job search on company websites

How Do I....

Learn About Vulnerabilities:

HACKSPLAINING

Learn About Kali Linux (Pen-testing OS):

Kali Linux Revealed Course

tutorialspoint - Kali Linux

Learn About Parrot (Pen-testing OS):

tutorialspoint - Parrot

Parrot Linux Documentation

Learn About BlackArch (Hacking OS):

BlackArch Linux Installation

The BlackArch Linux Guide

uthena BlackArch Linux Course (Paid)

Practice Linux Skills:

OverTheWire - Bandit

Practice CTF (Capture The Flag) Skills:

picoCTF (Free)

Cyber Skyline / National Cyber League (Paid)

CTFlearn (Free)

Hacker101 (Free)

Practice Penetration Testing:

HACKTHEBOX (Free/Paid)

TryHackMe (Free/Paid)

PentesterAcademy (Paid)

Watch Videos Related To Hacking:

Youtube - ITProTV

Youtube - The Cyber Mentor

Youtube - BLACK ARCH LINUX TUTORIAL PLAYLIST

Youtube - LiveOverflow

Watch Hackthebox Write-Ups:

Youtube - IppSec

Youtube - HackerSploit

Learn MITRE ATT&CK

MITRE Website

MITRE Website - Training

Rapid 7 - MITRE ATT&CK

Learn Reverse Engineering

MALWARE UNICORN

Practice Reverse Engineering

Binary Ninja

IDA Freeware

Radare

Learn PowerShell

Microsoft Documentation - PowerShell

PowerShell Tutorial

tutorialspoint - PowerShell

Learn Shell-Script

Shell Scripting Tutorial by Steve Parker

Shell Scripting Tutorial

Introduction to shell scripts

Subreddits

r/netsec

r/cybersecurity

r/hacking

Blogs

PortSwigger

SECURITYNEWSWIRE

ALL INFOSEC NEWS

Threatpost

BleepingComputer

Hacking

Dark Reading

Cyberscoop

The Hacker News

SANS Internet Storm Center, InfoCON: green

binary foray

Troy Hunt's Blog

Hexacorn Ltd

Cyber Wardog Lab

Project Zero

Another Forensics Blog

Schneier on Security

Windows Incident Response

DFIR and Threat Hunting

ToolsWatch.org – The Hackers Arsenal Tools Portal

Krebs on Security

Megabeets

Didier Stevens

This Week In 4n6

Podcasts

The CyberWire Daily

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Down the Security Rabbithole Podcast

Recorded Future - Inside Security Intelligence

Defensive Security Podcast

Brakeing Down Security

Malicious Life

Darknet Diaries

Hacking Humans

Caveat - Cyber Law and Policy

SANS Blueprint

Grumpy Old Geeks

Detections

Industrial Security Podcast

Beers with Talos

Certifications

Certifications are a way to get HR's eye. From my understanding, it DOES NOT replace a College/University Degree.

(Source: https://www.pauljerimy.com/OC/Security%20Certification%20Progression%20Chart%20v7.0.png) Certifications

OWASP

The OWASP® Foundation works to improve the security of software through its community-led open source software projects, hundreds of chapters worldwide, tens of thousands of members, and by hosting local and global conferences.

  • OWASP Web Security Testing Guide : The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals. The WSTG is a comprehensive guide to testing the security of web applications and web services. Created by the collaborative efforts of cybersecurity professionals and dedicated volunteers, the WSTG provides a framework of best practices used by penetration testers and organizations all over the world.

wstg-v4.2

  • OWASP Mobile Security Testing Guide We are writing a security standard for mobile apps and a comprehensive testing guide that covers the processes, techniques, and tools used during a mobile app security test, as well as an exhaustive set of test cases that enables testers to deliver consistent and complete results.

MSTG-EN

OWASP_MASVS-v1.2-en

  • OWASP Application Security Verification Standard The primary aim of the OWASP Application Security Verification Standard (ASVS) Project is to provide an open application security standard for web apps and web services of all types.

The standard provides a basis for designing, building, and testing technical application security controls, including architectural concerns, secure development lifecycle, threat modelling, agile security including continuous integration / deployment, serverless, and configuration concerns.

OWASP.Application.Security.Verification.Standard.4.0.2

Cheat Sheets

Nmap and Nessus (Source: https://cdn.comparitech.com/wp-content/uploads/2019/06/Nmap-Nessus-Cheat-Sheet.jpg) Nmap & Nessus

Wireshark (Source: https://cdn.comparitech.com/wp-content/uploads/2019/06/Wireshark-Cheat-Sheet-1.jpg) Wireshark

Hacking Tools (Source https://blog.compass-security.com/wp-content/uploads/2019/10/hacking_tools_cheat_sheet_v1.0-0.png) Hacking Tools

Hacking Tools P.2 (Source https://blog.compass-security.com/wp-content/uploads/2019/10/hacking_tools_cheat_sheet_v1.0-1.png) Hacking Tools p.2

Sources

best entry level cyber security jobs

what is an it technician

network administrator-525818

Database_administrator

what does a system administrator do

how to land an entry level cybersecurity job

security-administrator-job-description

iHcJHP.png

system security technician job description

pathway

how to become a cyber security analyst

cyber intelligence analyst-2071296

incident responder

it auditor role defined

cyber security consultant

cybersecurity manager

cyber security engineer job description

Acknowledgements

I want to give a big shoutout to my partner on this document Jalan (JayCruzer17) for assisting me with creating and maintaining this document. I also want to give credit to those on the r/cybersecurity subreddit for giving me feedback on the document. I had made a post on reddit and I would like to thank all the comments for giving feedback in one area or another. In addition, I would like to thank the individuals doing pull requests on this document with additional links/information that I might have overlooked. Without the aforementioned people, this document will not be where it is now.

Open Source Agenda is not affiliated with "Cybersecurity" Project. README Source: harisqazi1/Cybersecurity
Stars
738
Open Issues
1
Last Commit
1 month ago
License
MIT

Open Source Agenda Badge

Open Source Agenda Rating