Breaking into Information Security
Posted in Doxstars: The things you print on 27 June 2019
My name is Andy Gill and I work as an ethical hacker, author and speaker. Ethical & hacker are two words may people wouldn’t associate with each other. Essentially I help companies find security vulnerabilities in a proactive approach to better secure their products, or in other words use techniques that bad folks use and leverage them for good.
Hacking isn’t my only interest, I also get heavily involved in educating others on the different aspects of the industry in which I work. I take pride in helping those who are starting out their path and look at ways to facilitate their learning. I used to do this by writing blog posts and explaining topics which then grew legs and became the topic of my book; Breaking Into Information Security: Learning The Ropes 101.
Learning The Ropes 101 takes the reader through a baseline of different security related topics, in order to educate them about the fundamentals required to understand information and cyber security at a basic level. A high level overview of each chapter is detailed below:
Core Fundamentals – This take a look into the very basics required to understand sections later on in the book, specifically how two computers talk to each other over the internet and how binary works in computing.
Operating Systems – This is broken down into three sub chapVirtualization – This section talks about what virtualisation is, why it is important and how it works. I will also take you through setting up your first virtual machine (VM) in both VMWare & Virtual Box.
Programming – In security it can be very useful to understand programming, whilst you might not be able to code straight away it is very very useful to understand the core fundamentals. This section will cover off logical thinking, programming basics, the differences between language types and some tips on starting points in coding.
Infrastructure – Infrastructure penetration testing (also known as network penetration testing by some) like web application testing, is probably one of the most common forms of assessment anyone starting out in the industry is going to come across both in the consultancy sector and in the world of bug bounties.
Web Application Testing – Continuing the theme of learning the basics, this section takes the position of web application testing and how to use some tools. It also touches on some things to look for and some general tips & tricks. It will mainly cover off the general topic however this can be applied to both penetration testing and bug bounty hunting.
Importance of Reporting – In this section we will discuss the importance of reporting and what it means to me to create a beautiful, reproducible and verbose report. This can be applied to both a pentest or a bounty report as they are the same scenario, just slightly different writing styles (bearing in mind this is my opinion on this topic!).
Social & People Skills – For most of you reading this series you might have seen the first few technical articles then one about reporting, now you’re seeing this about people skills. It’s got you thinking now hasn’t it?
Penetration Testing vs Bug Bounty Hunting – This chapter discusses the differences between choosing penetration testing as a career path vs doing bug bounties. It will also cover off the pros and cons of both too.
Hacking Your Career Path – Finally this chapter covers off some key tips to bear in mind when looking for a job. Having the technical skills are great, going to meet-ups and making the social contacts is even better. What really gets you in the door though? Knowing people? A CV? Being somewhat known? All valid points and questions, all worth looking into and all will get you somewhere.
Thanks to Doxdirect for allowing me to do a guest post. I’ve been using them to print my book for the past few years and they’ve been excellent. Their process for designing what you want to print through to actually printing it is pretty painless, I just grabbed a PDF copy of my book, uploaded the cover separately and communicated with Doxdirect how I wanted it to look then they did the rest. Would highly recommend them to any aspiring authors or academics needing work printed, their turn around is also remarkable, with me ordering 100 books at a time they work quick and I get them inside a few days usually!!!