My Linux project has been on the back burner since my workload has picked up. The workload in field services is hefty compared to being on the tech refresh team. Transitioning from tech refresh to field services was a great decision. Without a doubt, it has improved my troubleshooting and technical knowledge. Field services stays busy with reimages, program repairs, connectivity troubleshooting, operating system updates, and about a hundred things more. A decent benefit is also that I network a lot, which is something I had not prioritized before because I am not social. While work has been busy I have been trying to use my transit time (to and from customers) to get in studying.

I’ve read on several career and interview guides that a candidate will often be asked “how do you stay current on infosec?” or “what do you do to stay current in cybersecurity?”. I started to go down a really, really, reallllllllly deep rabbit hole of security podcasts, the best books, and related newsletters to stay current. It was super overwhelming and I ended up taking a step back and just enjoying the silence at my desk. (Not true silence. The office usually has Key & Peele, Chin Chin, or some overplayed music playlist on). I decided to narrow down my podcast playlist, e-books, and even bought a few paper-back books to keep handy. A majority of the time at work, we are in spaces where you cannot have personal devices. An old school book is a handy way to spend my time rather than analyzing the terrible paint lines on walls.

One of the books I recently finished was How Cybersecurity Really Works: A Hands-On Guide for Total Beginners by Sam Grubb. I am attempting each chapter’s hands-on exercise. The goal is to do each of the 10 exercises and document them here. Sam Grub first challenges the reader to reflect on what they are doing to stay up-to-date. Here is a rough outline.

Asking yourself the following…
- Are you getting involved in the community?
- Do you subscribe to newsletters and alerts?
- What types of threats are most common?
- How do various sources categorize threats?
- What common advice can you find across different resources to prevent these attacks?
- What sorts of search terms might you use to find more resources?
- Are you getting involved in the community?
- Do you subscribe to newsletters and alerts?
- What types of threats are most common?
- How do various sources categorize threats?
Staying Up-to-date with 4 Types of Resources
Author’s recommendations
My Picks

Exercise 1: Asking Myself ->

Are you getting involved in the community?

Getting started in “becoming involved” in the community was terrifying at first. It still is a little. Most of us identify either as extroverted or introverted; I identify as the latter. When I started my IT bootcamp at New Horizons, they talked our ears off about networking, networking, and more networking. Linkedin, Linkedin, and more Linkedin.

I told myself that I hate talking to people because of social anxiety and that I didn’t need “Facebook for work” to succeed. Well, not needing “Facebook for work” might be true to some folks or career chasers, this was not true for me. I KNEW in 2020 that I was going to voluntarily leave the Navy at the end of my contract in 2022. Why didn’t I join Linkedin then to help my Skillbridge search? Fast forward to October 2022 when I started my IT bootcamp. They preached to join Linkedin for too many reasons to list here. Why didn’t I join Linkedin? Fast forward to March 2023 when our bootcamp courses were wrapping up. Why did I just start my Linkedin? These are rhetorical questions and I hope if you are reading this (if anyone ever does read this) that you learn from my mistakes and make your Linkedin right now– like now now. I only made the Linkedin because it was required by the career services provided by New Horizons. And it led to my first help desk job that I started only three months after beginning my career as a civilian. Not only did it help me get my first IT job, it helped me get my second IT job, and my third IT job. Needless to say, becoming involved on Linkedin isn’t necessarily being involved in the “community” but it sure has been a baby step in being involved in the professional & networking community.

Do you subscribe to newsletters and alerts?

Absolutely. Because there are so many great and not-so-great resources out there, I had to unsubscribe from a few and be selective about the ones coming through my email. I follow a billion great IT & security experts on Linkedin. So, the amazing and all-knowing algorithm tailors their spying results to show me the best profiles & newsletters on my feed.

Alerts are a different story. Currently there are no alerts or notifications coming to my inbox. Occasionally I do navigate feeds through articles shared on Linkedin or newsletters but I am currently at an information overload and choosing not to dedicate time to monitoring alerts.

What types of threats are most common?

Phishing.

Ransomware.

Not changing default credentials.

I am not a SME but I do value security, privacy, and anonymity. Phishing, ransomware, and default credentials were the first three things that came to mind. Certainly there are other threats. During one of my ADD-rabbit-hole scrolling sessions I was jaw dropped to learn that an average of 70% of unauthorized access to logins were due to not changing default credentials. EXCUSE ME?! Don’t quote me on that number but a quick internet search will yield anywhere from 18-61%.

How do various sources categorize threats?

What common advice can you find across different resources to prevent these attacks?

What sorts of search terms might you use to find more resources?

Do a quick web search and it will probably yield different answers but a lot of different answers are related. Here are the top repeated results I found searching “Categories of threats”.

Software attacks, theft of intellectual property…
Viruses, trojan horses, DoS…
Critical infrastructure, network, cloud, IoT…
Economic, food, health, environmental, political…
Malware, phishing, internal…
Loss of confidentiality, loss of integrity, loss of availability…

Staying Up-to-date with 4 Types of Resources (reputable & trustworthy resources)

Government Resources
Threat Feeds
Blogs
Podcast

There are a plethora of free and easily accessible resources out there to stay current; however, you could be like me and are a hoarder. Unfortunately the past two years I have spent more time compiling and organizing resources than time spent actually learning from them. Not anymore! Not today Satan! I still do pin LinkedIn post but I do more studying these days with these resources listed here.

How Cybersecurity Really Works Recommendations

Recommended Government Resources
Recommended Threat Feeds
- MS-ISAC Infragard
- isc.sans.edu
Recommended Blogs
- Krebs On Security
- threatpost
- fireeye
Recommended Podcast
- TWiT: security-now
- Darknet Diaries

Government Resources

NIST Resource Center

If you are not familiar, NIST is the National Institute of Standards and Technology and NICE is the National Initiative for Cybersecurity Education. NICE is a NIST program. NIST publishes several publications such as the NIST SP (special publication) series. They also NIST also publishes reports, white papers, historical bulletins, and a blog.

SP 800 Computer security

SP 1800 Cybersecurity practice guides

SP 500 Information technology

CISA Resources and Bulletins

Check up on weekly vulnerabilities listed as high, medium, or low severity.

NICE

I couldn’t have explained NICE any better so here is NIST’s own explanation.

The NICE Framework grew from the need to better define, develop, and assess the cybersecurity workforce in both the public and private sectors. More than 20 governmental departments and agencies, along with representatives from the private sector and academia, came together to address this challenge resulting in the creation of two early versions of the NICE Framework, followed by its release as NIST Special Publication 800-181 in 2017 and the first revision in 2020. The NICE Framework now provides an evolving resource that is agile, flexible, interoperable, and modular and continues to draw from engagement between the government, private sector, and academia
Workforce Framework
for Cybersecurity

Threat Feeds

MS-ISAC (Multi-State Information Sharing and Analysis Center)

MS-ISAC is a membership based collaboration that has two options: free and not free. MS-ISAC is the free resource and CIS charges for additional resources. On the top right of their homepage, you will see the real time Alert level as low, guarded, elevated, or high. You can sign up for their advisories and or newsletters here. They also publish CIS benchmarks. I haven’t dove into any yet but most of them are free and I assume practical.

CIS Benchmarks
- I will be adding their Ubuntu and iOS benchmarks to my ADHD to-do-list. Check out their options; you might learn something new.
- This is the coolest tool I have found on their site. Essentially CIS is sharing their compiled guidance for various providers, software, tools, devices, OS’s, etc.

They also have a podcast 🙂

Infragard

Infragard is a compilation between private sectors, “FBI and DHS threat advisories and alerts, intelligence bulletins, analytical reports, vulnerability assessments, webinars, and more.” If you are like me, you won’t be able to join yet due to not having been in a related field for 3 years. Check out their membership requirements for yourself. This seems like the real deal to stay-up-to-date resource with real time intel.

ISC SANS

I stumbled across the SANS Internet Storm Center prior to this exercise. This is a diverse resource and definitely worth bookmarking (that is if people still use bookmarks). I find it to be one of those rabbit holes because you can spend hours reading and clicking away.

Blogs

Krebs on Security

Brian Krebs has done all the homework for you. Don’t take SME advice from me. But I am certain taking a few minutes a day or weekly to scroll through Krebs on Security would be a good tool to add to your stay-up-to-date tools.

This post covers a lot of resources. If you are just scrolling through, please check out the Krebs on Security about the author page. He actually didn’t start his professional career in IT. That is motivation for us midlife career changers!

Oh, he also has a newsletter 😀

threatpost

This is another catch-all resource with podcast, articles, and recommended reading. I will say that IMO they have more of a blogging style rather than a reporting style. Time is a hot commodity for me so sometimes I just want the facts. Straight up.

fireeye

This one was interesting. When I copied the URL into my browser, it was automatically directed to the Trellix homepage. Unfortunately I was not able to locate “fireeye.com/blog.html” that was recommended in the book. But I did learn that Trellix is a relatively new company and their parent company bought McAfee and FireEye a few years ago. My search for the fireeye blog also led me to discover there is a fireeye malware out there.

Podcast

This Week in Tech– Security Now

Steve Gibson and Leo Laporte! Do you know who they are? Well, I didn’t before researching them. Apparently these gentlemen are well known. If you have extra time, like hours or days, go down the rabbit hole of TWiT. I’m sure you will find your flavor and possibly topics that you didn’t think exist.

Tech News Weekly
Windows Weekly
iOS Today
This Week in Google
This week in Enterprise Tech
Home Theater Geeks
Untitled Linux Show
And way more

Darknet Diaries

Let me start by saying…….let us all go get training in elevator mechanics and become certified elevator inspectors. Hello! Has anyone else listened to this episode?! Simply put, it is bad arse. Let me know if you also loved this episode.

Every episode is different. Jack Rhysider and his team are dedicated to keeping you on your toes with juicy & nerdy security talks. Those are my words, not his. PLEASE, do yourself a favor and go listen to an episode of true stories from the dark side of the internet.

My Picks and Recommendations

Podcast

W.I.R.E.D Security

This podcast is on my favorites list. They publish short episodes that cover technology & security. 9 times out of 10, when I open my podcast app, this is the first to show new episodes.

Here is a snap shot of their 3 newest episodes.

9/19/23 Massive MGM and Caesars Hacks Epitomize a Vicious Ransomeware Cycle
9/18/23 The US Congress Has Trust Issues Generative AI Is making it Worse
9/15/23 Top US Spies Meet With Privacy Experts Over Surveillance ‘Crown Jewel’

Daily Cyber Threat Brief

This is a podcast that is good to play in the background since it runs about an hour. You can check out the daily live stream or catch up on the recorded podcast later. And while you catch up on your cyber news, you can track your CEU’s at the same time.

Newsletters

CISO series (Cyber Security Headlines & Defense in Depth)

I wanted to say this is my favorite but I had to stop myself because these are my recommendations and all of them are my favorites. One day I was watching Dr. Gerald Auger’s Daily Cyber Threat Brief while I was home cleaning and I really listened to the narrator’s voices and I realized it was a playback from an outside audio source. Then I thought…who is this? That isn’t him (Dr. G). Where is he getting this? Then I found it! The Daily Cyber Threat Brief is a live commentary based on a review of the CISO series. At this point I was already a fan of the Defense in Depth podcast which is a part of the CISO series. The CISO series has a variety of sub-podcast based on your interest or research. I was excited to see the relation between the Daily Cyber Threat Brief and the CISO series because I really do enjoy listening to these as I catch up on my morning emails and coffee. Can’t forget the coffee.

Actionable Intel from Simply Cyber Newsletter

As a security enthusiast that has not worked a cybersecurity role, there is no excuse for us not to have professional experience. This newsletter is a liaison between you and you being a security practitioner.

FOSS Weekly

Become a Better Linux User is their subtitle and is my goal. Regretfully, 70% of the topics are above my current knowledge of operating Linux (Ubuntu to be exact). That doesn’t matter because it is helping me actually become a better Linux user. Also, their site is my second mainstay when I’m working on my linux project. My first is the Linux library on the Linode resources & tutorials webpage.

More newsletters I subscribe to but these can be shared at a different time.

GR Weekly Cyber Newsletter covers cyber intelligence, education, and more.

StationX Weekly Newsletter is more learning focused.

Duck Duck Go Privacy Newsletter is more towards end-user awareness.

Books

How Cybersecurity Really Works

Thank you Sam Grubb and no starch press for your contribution to streamlining tech education.

Linux for Beginners

Thank you Jason Cannon for sharing the Linux resources that you spent time creating in order to help educate and encourage newbies in taking the next step. Linux for Beginners, FOSS, Linode, and Network Chuck are resources that got me finally running Ubuntu.

Other

These two resources should have their own dedicated posts. This will have to do until we revisit the topics of MITRE ATT&CK & the OSI model. Working as a field service tech is diverse. We troubleshoot hardware, software, and visit users on-site. Some of the users are novice computer users who only use the computer when absolutely necessary and other users are tech savvy nerds. Knowing your audience and knowing your customer is soooo important because it determines how you approach them and the issue you are attempting to resolve. For example, there are user’s who are my grandparents’ age (who refuse to retire) and they detest using Microsoft Outlook. There are users who might be experienced engineers and likely did some troubleshooting before you come on-site. They might have narrowed down the issue for you, so when you arrive, you can fix it quickly, and they are back to working. This is what brings me to reference MITRE ATT&CK & the OSI model. Using these two technical resources furthers your technical knowledge and experience by helping you pinpoint what component, category, or approach to take as a technician. I highly encourage you to check these out. Although we become used to specific symptoms being associated with specific possible resolutions, does not mean you should jump on trying those possible resolutions first. Considering that I am roughly new to the game (less than 3 years), I do not go by my gut but rather go in accordance with a process or consult a technical manual to have physical and logical evidence in support of my troubleshooting.