InfoSec101 CheatSheet

So, you’re new to InfoSec you say?  How can I help?  Below are a few resources that I just put together for one of my mentee’s.  I offer a bunch of InfoSec links over at my DFIRLinks site: https://dfirlinks.blogspot.com.  The formatting on the blog is a bit wonky, so if you want this cheatsheet as a PDF, go here:  https://bit.ly/InfoSec101.

Jason Blanchard:

-Jason is amazing.  He runs a twice-weekly job search meet-up.  Jason works for one of the leading Cyber Security firms called Black Hills InfoSec (BHIS), owned by an industry luminary, John Strand. 

Schedule: 

Tuesday Nights: 7-9pm ET 

Friday Afternoons: 1-3pm ET 

-Jason's job meet-up group meets over Twitch, once or twice each week.  It covers job hunting tactics and techniques, resume and interview tips, and much more.  People looking to fill open positions sometimes attend, and even recruiters have been known to attend because it’s so popular with strong candidates: https://www.twitch.tv/banjocrashland.

-Jason has archived some of the meet-ups on the BHIS YouTube channel: https://www.youtube.com/c/BlackHillsInformationSecurity/videos, and they are also on his Twitch channel: https://www.twitch.tv/banjocrashland/videos. 

-Jason's online handle is @BanjoCrashLand: 

https://twitter.com/BanjoCrashland/status/1359630484695904257 

"We're doing a 5-part extended series on each one of the aspects of the job hunt. 

52+ viewers have landed new jobs so far since March 2020."

 

Black Hills InfoSec (BHIS): 

BHIS runs weekly Cyber Security WebCasts which they often record and post afterward.  I try to never miss them!  They also offer discounted (pay what you can) training: 

https://www.blackhillsinfosec.com. 

https://www.youtube.com/c/BlackHillsInformationSecurity/videos. 

Be sure to follow them on Twitter: https://twitter.com/BHinfoSecurity.

They also have an active Discord server: https://discord.gg/4mJ7Hf7W.

-Here’s an example of their “Pay what you can” training: 

https://wildwesthackinfest.com/training/getting-started-in-security-with-bhis-and-mitre-attck-john-strand. 

Wild West Hackin’ Fest: 

Wild West Hackin’ Fest is a Cyber Security conference by the folks at BHIS: 

https://www.youtube.com/c/WildWestHackinFest/videos.

-Here's an example WebCast from BHIS: The Dirty Truth Behind Breaking into Cybersecurity: 

https://www.youtube.com/watch?v=D9IDqb-Fsak&t=1s. 

Be sure to follow them on Twitter: https://twitter.com/WWHackinFest. 

They also have an active Discord server: https://discord.gg/wwhf.

Active Counter Measures (ACM):

John Strand of BHIS also runs: Active Counter Measures: https://www.activecountermeasures.com. 

 

-ACM often runs free Threat Hunting classes: https://www.activecountermeasures.com/events. 

Be sure to follow them on Twitter: https://twitter.com/ActiveCmeasures. 

They also have an active Discord server: https://discord.com/invite/2JjfB7E. 

Dave Kennedy/TrustedSec/Binary Defense: 

Dave Kennedy runs two companies (Trusted Sec and Binary Defense), and he has been known to “tweet” when they are hiring (often Junior level): 

https://twitter.com/HackingDave/status/1359623939815862276 

"My favorite thing this year is we are opening up our junior program. To get new folks to INFOSEC trained up and into the field. Where best to learn!? #TrustedSec We are crazy hiring over at #TrustedSec and #BinaryDefense with more jobs being posted in the next few days. Have to shape our future, and more than pumped to have new folks coming into the industry." 

Be sure to follow them on Twitter: https://twitter.com/HackingDave. 

They also have an active Discord server: https://discord.gg/trustedsec. 

SANS Institute: 

Great courses as well as many free offerings: https://www.sans.org/free. 

Check out their “New-to-Cyber Field Manal”: 

https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/blt5ab5b4422465696e/608990afb9440f10206ea26e/SANS_New_to_Cyber_Field_Manual.pdf. 

Train up!  CTF’s: 

I offer a bunch of links to CTF’s and training video’s: https://dfirlinks.blogspot.com, below is a sample: 

(1) Watch Ed's CTF talk which begins about 17.5 mins in: 

https://www.youtube.com/watch?v=lQsKX92uTW8 

(2) Holiday Hack: https://holidayhackchallenge.com 

(3) CTFtime: https://ctftime.org 

(4) WeChall: https://www.wechall.net/active_sites 

(5) Smash the Stack: http://smashthestack.org 

(6) picoCTF: https://picoctf.com 

(7) WarGames (Bandit is recommended): https://overthewire.org/wargames 

(8) Daily CTF, just one challenge per day: https://nw3.ctfd.io/challenges 

(9) https://www.root-me.org/?lang=en 

(10) https://ringzer0ctf.com 

(11) https://247ctf.com 

(12) https://cryptopals.com 

(13) http://websec.fr

(14) https://chall.stypr.com

(15) http://pwnable.kr

(16) https://pwnable.tw

(17) Hack the Box (free account works fine): https://www.hackthebox.eu 

(18) CTF MindMap CheatSheet: https://www.amanhardikar.com/mindmaps/Practice.html 

(19) Cyber Defenders: https://cyberdefenders.org/labs 

(20) Try Hack Me: https://tryhackme.com

I can count on one hand the recruiters whom I respect, and that’s as nice as I can put it; sorry, not sorry - been burned one too many times.  That being said, I do have two fantastic recruiters whom I can highly recommend:

Katie Owston 

https://www.linkedin.com/in/katieowston 

Email: katie.owston@glocomms.com 

John Terkovich 

https://www.linkedin.com/in/johnterk 

Email: John@TerkoTech.com