An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Enjoy!
Hi CISSPs and other folks with cyber-focused certifications! Did you know that you can often fulfill your CPE or other continuing education retirements by listening to podcasts? Well, now you know! Here’s my secret to keeping up with those CPEs - the Security Now! podcast with Steve Gibson and Leo Laporte.
You can also find summaries and transcripts of past episodes on Gibson’s website, which is refreshingly old-school and script-free.
Thanks, this is helpful as I've been travelling for a while and way behind on those CPEs.
Hey people Software dev here with 7+ years of experience, tech stack is mostly Java/Typescript/Angular/Node. I'm kinda sick of the day-to-day business of solving bugs and the occasional new feature and would like to dive into the cybersecurity industry. Was hoping my experience is somewhat useful for that.
Do you know the place to start for someone who would like to switch careers like that?
Ex-devs generally gravitate towards "DevSecOps"/Cloud/AppSec roles. There is a need in the infosec industry to have competent developers so if you have that skillset you need only to pick up some cyber know-how. Portswigger has their web security academy and there is OWASP which provides a ton of great resources. Start getting into those things and put them on your resume and you should start to have a path into infosec.
Playing around with the SecureFlag platform, pretty interesting IMHO. Also want to start a new language to stick with, I am pretty undecided between Zig (but is not memory safe by design) elixir (functional programming still isn't my thing) and nim (can't handle any more language with indentation-based codeblocks).
Any suggestion is welcome, I will use them to build mostly security tools.
Just noticed Zig with the 2023 StackOverflow survey. Stood out as a language people seemed to be happy with, and paid a lot. I tried elixir for a day and, like you, it wasn't my thing. For what it's worth (less than the cost of the electricity used in the process of posting my comment), I say maybe try Zig
For now I am pretty happy with zig, the semicolon mandatory is a bit annoying tho.
Never even heard of Zig or elixir but I have heard of nim. Doesn't mean much but that's about all the input I have for this one =P.
Starting Offensive Security EXP-301 Windows User Mode Exploit Development next week. Binary exploitation isn’t needed much in my work, but need it for OSCE3. After this I hope to be able to stick to normal training courses built for working professionals - instead of second job for many months plus grueling 72 hour exam + reporting courses. “Just one more and then I’ll quit”. Lol.
Hah, I've been telling myself that for years..."just one more...".