Whichever domain you choose in Cybersecurity umbrella like Application Security, Cloud Security or DevSecOPs; there are common skills which one must learn to excel in this domain. I have explained what you need to learn in those common skills here
So, I will explain from where to study and how much time you should devote to learn those concepts in these common skills, so that you are job ready and interview ready too!
These 5 common skills are:
- Linux (1 week)
- Networking (1 week)
- Programming (2 weeks)
- Cloud Computing Fundamentals (2 weeks)
- git commands (1 week)
It should not take more than a week to be comfortable with basic linux commands to do day to day activities. Once you are comfortable with basic command, go fo networking and other security related command in little depth.
Bug bounty hunters, Penetration testers and almost all tech focused security professionals use O.S. like Kali Linux, Parrot OS or BlackArch Linux which have lots of security tools to play with. But for that you would need to know the basic working of Linux and commands.
- pwd,
- ls,
- cd,
- cp,
- scp,
- cat,
- uname,
- less,
- more,
- sort,
- ssh,
- mv,
- du,
- df,
- mount,
- mkdir,
- whois,
- whatis,
- locate,
- chmod,
- chown,
- sudo,
- top,
- kill,
- grep,
- find,
- sed,
- awk,
- ps,
- zip,
- tar,
- touch
- man
- service/systemctl
What else you can think of as common linux commands for everyone?
- netcat
- nslookup
- host
- dig
- netstat
- traceroute
- nmap
- nikto
- fierce
- dirb
- install/uninstall/update/upgrade
- find
- grep
- ifconfig
- learn basics of regular expression as well.
- start and stop services
- basic understand of /opt /tmp and log, server locations
- comfortable in running scripts written in various languages like python, ruby, go etc.
- Introduction to Linux Commands and Scripting
- Linux Fundamentals for Security Practitioners: Recommended
- Linux for Ethical Hackers: Recommended
- Hacking for beginners: Linux and Common Commands
- 50 most popular Linux and Terminal Commands
Except Audit and Compliance role, I assume almost every security professionals need to have basic to intermediate understanding of Computer Network to excel in its domain.
What to learn and what are interview questions related to this are already mentioned in what you need to learn in those common skills
- IPv4/IPv6
- concept of CIDR
- Public vs Private IPs
- DMZs
- Zero Trust Networks
- Common ports and protocols like 22, 25, ssh, https and so on.
- Understanding of common cryptographic modules and functions
- How DNS works
- How SSL works
- What are the common network threat around these
- MiTM
- Network sniffing
- Various TCP attacks
- DoS and DDoS attacks and its preventions
- Common ideas on firewall or Software defined networks
- Basic network troubleshooting like why internet is slow or down, why wi-fi is not working, open networks issues et al.
- See if you know basics as mentioned in this presentation
- Computer Networking: A Top-Down Approach by Kurose and Ross: Recommended
- Networking All-in-One For Dummies
- Computer Networking by georgia Tech on Udacity: Recommended
- Bits and Bytes of Computer Networking by Google on Coursera
Recently, it has become a mandatory skills for any tech security job roles to have a decent knowledge of at least one programming languages. Common Programming languages that attracts security folks are:
- Python (recommended)
- Go (gaining popularity)
- Ruby
What actually you should try when you are learning any of these programming languages:
- Learn basic concepts
- Try few basic projects like
- connecting to db and get some data
- extracting data from a webpage
- display some info from cloud like AWS Instance details region wise
- automate few security stuffs like docker monitor, get public IPs, server details etc
- See if you can find any task related to csv, json
- Learn the use of crypto modules
- simulate few linux or other commands to be comfortable with the language like small nmap simulation
- Understand OOP concept and at least you should understand others code comfortably
- Try to review source code form security perspective
- Read Python Security Best Practices
- Learn Python 3 the Hard Way - Recommended
- Violent Python
- Black Hat Python - Must Read
- Full Stack Python Security - Must for AppSec Professionals
- Masterting Python for Networking and Security
- Python Security Best Practices
- Security Checks for Python Code
- Intro to Python for Security Professionals
- Python for Cybersecurity Specialization
- SEC573: Automating Information Security with Python
- Python for Pentesters
Cloud Computing is everywhere these days be it Industrial, Pharma, Finance, IT etc. Sooner or later, it will be a mandatory skills to have for any cybersecurity job roles.
Learn any of the famous CSPs like AWS, Azure or GCP and
- try to understand the use of it to solve various traditional challenges and
- then try to understand what are the new security challenges added because of Cloud concepts.
- Understand various service and deployment models
- Shared Security Responsibility
- Microservices
- IAM functionalities (Must understand very well)
- Data Encryption
- Cloud Networking concept is very important to succeed in Cloud Security
There are separate plans for Cloud Security Study Plan as listed below:
- Cloud Computing for Dummies
- AWS in Action
You must understand any of the Version Control Software and git is one of the famous one at present. Don't go for gui version like sourcetree rather try to learn and understand common git commands at terminal level.
- git clone
- git add
- git commit
- git branch
- git pull
- git fetch
- git merge
- git push
- git config
- git log
There are many job roles/titles which make it as a mandatory skill, such as:
- AppSec
- Pentest
- DevSecOps
- API Security
- Pro Git by Appress - Highly recommended
- Beginning git and github by Apress
- github cheatsheet