Sunday, March 3, 2013

Getting Your Feet Wet / Joining the Conversation

Well, I've been "working" on this post for quite some time now, and just haven't ever wrapped it up.  Bah.  To show how long I've been "working" on it, I came up with the idea before Richard Bejtlich posted on the Mandiant blog about InfoSec career building and before Chris Pogue posted about his job change (and where he hinted at the possibility of a "Sniper Forensics" book - bring it, Chris!), or about careers (his 2nd post on this topic).

Part of this comes from a comment that Hal Pomeranz made a while back.  He said (general paraphrase) that there's no better use for social media than to help others.  In context, he was talking about InfoSec jobs.  Hal's a guy that I highly respect, and since I've witnessed - first hand - his willingness to put his money where his mouth is (so to speak) in this area, I take it to heart.  By the way, he has an excellent series on working for yourself over on his blog (keyword: consulting).

A number of great folks have posted career-focused info, including those above, and it's more recently entered my radar as I'm in more of a position to help others.  I don't have the "street creds" they do, but I wanted to offer up a few things I've put together.  As I moved late last year into managing our InfoSec group, as well as heading up the IR team, I've had the opportunity to mentor a couple of newcomers to our field, and I put this together in part for them, to give them some additional resources.  I highly agree with what others have said, that putting yourself out there is important - blogging, tweeting, mailing lists - just talking and sharing with others.  I won't go into that in any depth, as I think it's been very well-covered elsewhere; I'll just re-emphasize that it's important.  I've seen it myself, where potential employers check out blogs, activity on email lists, and so on; it definitely makes a difference, because hiring someone in this field revolves around having confidence that they KNOW what they're doing, and can DO the work.

So with that said, if you're new to InfoSec (security, forensics, incident response, auditing, etc) here are some resources that can help you start to get more comfortable and plugged in to the community.  And it IS a community, more so than many other fields I've seen. 

Mailing lists:
Dragon News Bytes
PaulDotCom
Win4n6

Websites:
DFIR Online - this is an excellent resource, and also hosts the monthly "DFIR Online"
PaulDotCom - yes, it's showing up again  :-)
SecurityFocus
Darknet
CommandLineKungFu – this is just awesome and hilarious too
HolisticInfoSec - Russ has some great tool writeups
KrebsOnSecurity - Great resource on cybercrime
Team Cymru
US Cert
SANS Reading Room
Internet Storm Center
Jesse Kornblum
Lenny Zeltser
SANS Computer Forensics
ForensicArtifacts
A Fistful of Dongles
Hacking Exposed

Books:
The Basics of Information Security
Hackers Beware – older, but very good info
Network Security Bible – another one by Dr. Eric Cole
DFWOST
Hacking Exposed - any of the "Hacking Exposed" series
WFAT - any of Harlan Carvey's books
Practical Packet Analysis
Violent Python
I’ve found great deals on books at Half-Price Books, which can make a big difference.  Some of the older ones, you might be able to find at the library as well.

Twitter:
I really recommend you get on twitter if you’re not.  Have a profile that’s focused on what you’re interested in, and follow people in that field.  It can be a great source of information, as well as connections when you need to know something.  Here are just a few folks that may be good to start with:
Johannes Ullrich
Josh Wright
Lance Spitzner
Russ McRee
Wesley McGrew
Doug Burks
Christiaan Beek
Eric Cole
Brian Krebs
Mike Cloppert
Richard Bejtlich
David Cowen
Didier Stevens
Lenny Zeltser
Hal Pomeranz
Chad Tilbury
SANS Forensics
Rob Lee
Andrew Case
See who they're talking to, and start branching out with who you follow.  Don't be afraid to join a conversation, ask questions, and share your experiences.  There are also quite a few active DFIR types on Google+, and there have been some good conversations happen there (at more than 140 characters a pop), as well as some hangouts.

Hope you find it helpful.

PS:  I have been advised by Counsel to at least mention that this list of resources is by no means exhaustive, nor intended to be.  In addition, they are in no particular order, nor intended to be any sort of status qualifier, and I'm not getting paid in any way for these references (aka, name dropping).  They are just some of the resources I find helpful, and wanted to share.  If you , your site, your book, or your list are not mentioned, that doesn't mean I don't follow, read, etc (see the whole "not exhaustive list" piece).  There are several hundred folks I follow on twitter, over a hundred blogs, dozens of books, and websites galore where I gather info while on this journey.  Quite simply, too many to mention.  Thanks to you all for being available and sharing with the community!