I like giving back to the InfoSec community. I figure they’ve done so much for me so it’s only fair that I give back as well. As part of that, I moderate /r/CISSP. My goal is to provide up to date study materials, and answer any questions that come my way.
Recently a user reached out to me with a Direct Message. His questions were so relevant that I thought it would be good to post on the blog as well.
I’m the guy from this thread. What languages would be useful for me to learn? I’m learning python through learnpythonthehardway and -bash/ssh from overthewire.org but, I don’t really know how I would start to practice for the things I would do in a job. As stated in my thread, I am hoping to get a job in either government or a corporation.
What are some good blogs for CyberSecurity to follow and in general things that I should always keep up to date on pertaining to the field?
How long should I study for SEC+? I was thinking of picking a book around the end of the semester, study through summer and hopefully get the cert in time to put it on my resume for internships in October.
Honestly, if you’re looking to learn a language for a particular cert (specifically the CISSP), I wouldn’t bother. Coding/Scripting isn’t part of the Sec+, SSCP, or CISSP. HOWEVER…if you’re looking to get some more advanced hacking/pentest stuff (GPEN,OSCP,etc), you can’t go wrong with python. Depending on where you want to go in your career (red/blue/purple) will depend on what sort of skillset you should acquire.
SEC+ shouldn’t take you long. I’d say take no more than 30-45 days to study and take the exam. Everyone learns differently. Me? I can’t stand reading. Put a book in front of me and I’ll fall asleep in a matter of minutes. Online video training? That works as long as you keep the keyboard away from me so I can’t alt-tab out and surf reddit or something (oh the irony). Classroom? Oh hell yeah. I’m all about classroom training.
There’s a lot of resources online. I’m not much on the infosec blogs. Twitter however is where it’s at. It’s the primary social media of infosec practitioners. Podcasts are also a great resource. I personally listen to the The Cyberwire, Defensive Security, Southern Fried Security, Paul’s Security Weekly, and a few others. Also, check the sidebar on the /r/cissp page. The links there are legit. I swear ITPro.tv and skillset.com are my favorites.
Lastly, where are you based out of? The infosec community is a very close knit group. We look out for each other. I personally know a guy in Dallas that’s looking for a summer intern. Let me know where you’re out of and perhaps I can hook you up.
One other thing that I forgot to mention is that the CISSP requires 5 years of relevant work in the domains to be considered for the certification. Considering that you’re just coming out of school, you’re not going to be even in consideration for the full certification. You’d be getting the associates. I’d personally wait until you have some more certifications under your belt, more experience in the field before you tackle the CISSP. It’ll come much easier to you as well by that time.