InfoSec 101 — Part Three (a): Online Learning Resources
(If you’re wondering where the previous part is, click here!)
Due how to abundant the Internet is in providing online resources, this feature will be split into two parts: the first will be a catalog of educational websites, and the second will be focused on practical, hands-on learning including labs, capture the flag (CTF) competitions, challenges etc.
As the resources mentioned here are ones that I’ve used previously, it is by no means an extensive list, or the ‘be all and end all’. If you’re interested in a topic that hasn’t been mentioned, try looking for resources in your favourite search engine.
Online Courses
Irrespective of the path you wish to follow within information security, there is a place for everyone to start learning. Here are some free and paid-for online courses available for people to complete at their own leisure:
- Cybrary: not only are there live and archived technical courses on digital forensics, security engineering, or risk management, but there are courses on how to start a career as a SOC analyst, engineer, or penetration tester. You can browse the full catalog here, and I would recommend filtering on “Beginner” and “Courses”, all of which are free.
- Lynda: now known as LinkedIn Learning, offers courses for the broader IT industry, including introductory material for information security professionals. Their catalog mainly focuses on certifications such as CISSP, CySA+, CompTIA, and SSCP; there is a free monthly trial available. Even if you don’t want to pursue a certification, the material covered is fundamentally necessary for any role within this industry.
- Future Learn: I’ve used Future Learn for hobbies of mine but I wanted to share this because they have a Intro to Cyber Security course endorsed by GHCQ, and a network security course too. Khan Academy is also great for things such as programming and computer science, but has some good introductory videos around security.
- Udemy: although it’s not free, it’s pretty cheap for what you get. There are so many options here that I won’t bother listing them out, but I would ask that you take the time to look into some of the courses they have.
FossBytes is much the same as Udemy. - IT Masters: a little closer to home, Charles Sturt University (CSU) offer free short courses that run for four to five weeks, with small assignments and a multiple choice exam at the end. The lectures run for an hour each week, and each course has been archived which you can now peruse through. edX is a MOOC that has tonnes of free courses as well.
Tutorials on YouTube
Do you enjoy spending hours of your day on YouTube? Well, you’re in luck. A small portion of security professionals like to record and publish their videos for you to learn from too.
- 13Cubed: run by Richard Davis, this channel focuses on Digital Forensics and Incident Response (DFIR), covering topics such as an introduction to Windows and memory forensics, and malware analysis.
- SANS: SANS DFIR covers more of the same content, and there are playlists dedicated to presentation videos from their many conferences.
- LiveOverflow: although most videos are about advanced topics, there are some awesome introductions into tech-heavy topics such as TCP, blue team vs red team, CTFs, linux, web applications, vulnerabilities etc.
- Eli the Computer Guy: I’ve used Eli’s videos particularly for networking concepts such as TCP/IP routing, subnetting, DNS, port forwarding etc. These are critical topics to understand for any security practitioner.
- Hak5: has some awesome penetration testing videos from beginner to skilled levels.
- Edureka: created a playlist called “Cyber Security Training for Beginners” which can be viewed here. Goes into some good detail on security, networking, career paths etc.
Technical Presentations
I mentioned in Part One of this series that conferences are a great way to learn something new. If you’re unable to attend them, the presentations are usually recorded. I’ve added some links to archived conferences that you could watch and take notes from:
- InfoCon Collection: is an insanely cool archive of conference presentations from all around the world. IronGeek has an exhaustive list too.
- DEF CON and BSides Las Vegas; pro tip, you can find other BSides conference videos by simply searching for it on YouTube.
- Webinars are a huge part of this industry, so be sure to keep on eye on them. Even if they seem too technical for your current level/skill set, it’s worthwhile to watch them and take notes so you can go back and conduct further research into that topic. I’d recommend the same for other technical presentations you watch, such as from a conference. Webinars can be found at BrightTALK, FireEye, Carbon Black, Dark Reading, and Security Intelligence.
Others
- If anyone happens to be interested in Industrial Control Systems, Robert Lee (Founder of Dragos Inc., and a certified SANS instructor) has composed of a list of resources for this space, which can be found here. I would also recommend looking through Dragos Webinars and Blog posts here.
- This blog post would not be complete without mentioning DFIR Training. The amount of learning opportunities on this site is astronomical. I would say it’s the one stop shop for all things DFIR. It includes references for books, websites, podcasts, challenges, tools, events, test images (I’ll explain this in the next part), and so much more.
- The most equivalent resource I’ve come across for offensive security professionals is this GitHub repository; it’s what I’ve always referenced when someone has asked for learning opportunities in this space, and seems to cover all avenues of penetration testing, from reconnaissance to exfiltration. You can find the blue-team version of this here.
Stay tuned for InfoSec 101 — Part Three (b).
