(Part 2) Top products from r/ITCareerQuestions
We found 36 product mentions on r/ITCareerQuestions. We ranked the 224 resulting products by number of redditors who mentioned them. Here are the products ranked 21-40. You can also go back to the previous section.
21. The First 90 Days: Proven Strategies for Getting Up to Speed Faster and Smarter, Updated and Expanded
Sentiment score: 2
Number of reviews: 2
The First 90 Days Updated and Expanded Proven Strategies for Getting Up to Speed Faster and Smarter
22. CISCO CCNA, CCNP LAB 300-101, 300-115, 300-135 v2.0 Routing Switching 2RUN SMARNET
Sentiment score: 4
Number of reviews: 2
CISCO CCNA, CCNP LAB 300-101, 300-115, 300-135 v2.0 Routing Switching 2RUN SMARNET
23. The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
Sentiment score: 3
Number of reviews: 2
Wiley Publishing
24. MCSA Windows Server 2012 R2 Complete Study Guide: Exams 70-410, 70-411, 70-412
Sentiment score: 2
Number of reviews: 2
Sybex
25. The Phoenix Project: A Novel about IT, DevOps, and Helping Your Business Win
Sentiment score: 2
Number of reviews: 2
26. Penetration Testing: A Hands-On Introduction to Hacking
Sentiment score: 3
Number of reviews: 2
No Starch Press
27. XOOL Precision Screwdriver Set, 80 in 1 Magnetic Repair Tool Kit, Screwdriver Kit with Portable Bag for iPhone, iPad, MacBook, Gaming Console, Controller
Sentiment score: 1
Number of reviews: 1
【Wide Application】XOOL 80 in 1 Multi-functional bag tool kit is designed to service all popular iPad, iPhone, MacBook, PC, Watches, Glasses, Laptops, Phones, Game Consoles,PS4/Xbox Controller, Tablet and other most of electronics.【Most Economical】This Precision Screwdriver Set have more tool...
28. CompTIA Linux+/LPIC-1 Certification All-in-One Exam Guide, Second Edition (Exams LX0-103 & LX0-104/101-400 & 102-400)
Sentiment score: 0
Number of reviews: 1
29. The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy
Sentiment score: 1
Number of reviews: 1
Syngress
30. Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 8
Sentiment score: 2
Number of reviews: 1
Syngress
31. Cyber Crime and Cyber Terrorism Investigator's Handbook
Sentiment score: 1
Number of reviews: 1
Syngress
32. Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry
Sentiment score: 2
Number of reviews: 1
Syngress Publishing
33. Database Systems: The Complete Book (2nd Edition)
Sentiment score: 1
Number of reviews: 1
34. 60 Seconds and You're Hired!: Revised Edition
Sentiment score: 1
Number of reviews: 1
35. Concrete Mathematics: A Foundation for Computer Science (2nd Edition)
Sentiment score: 1
Number of reviews: 1
37. User Stories Applied: For Agile Software Development
Sentiment score: 1
Number of reviews: 1
Addison-Wesley Professional
38. Move Fast and Break Things: How Facebook, Google, and Amazon Cornered Culture and Undermined Democracy
Sentiment score: 1
Number of reviews: 1
Move Fast and Break Things How Facebook Google and Amazon Cornered Culture and Undermined Democracy
I’ve been working on this for a while, so I might as well drop it here. It should provide an authoritative answer for “How do I get started in CyberSecurity”
Before I get started, there are a few things I need to explain about cybersecurity - There are a ton of different areas of “CyberSecurity”.
This post is specifically catered around the core concepts of cybersecurity.
The most basic thing you need to understand about cybersecurity: It revolves around stuff communicating with other stuff. Anything from side-channel attacks to large-scale DDoS’ - stuff is insecure because stuff communicates with other stuff. Communication can be hard understand and even harder to define (let alone secure). I know this is a very vague statement, but it’s one of the core, fundamental concepts of cybersecurity.
The second most basic thing about cybersecurity you need to understand - “hacking” (I hate that word) as it’s known is not some bond-villain type activity. It’s intentionally mis-using something that already exists in a way that introduces a security flaw into the environment. Sometimes the right circumstances line up and this flaw can be leveraged into something, but sometimes it can’t.
I split up my resources into offensive-based and defensive-based because it’s important for you to understand that while each of these groups are individually important, each knowledge area is not as effective without the an understanding of the other one.
One other thing to note - Certifications are great, but you need to de-couple the idea that certifications=knowledge/skills in this field. There are certainly certifications that break out of that mold, but for the most part, this holds true. I’ve ordered them in the order in which I used/learned with these resources, so you can follow-along directly in order (if you want to). I learned offense first, so that’s the way I’m laying it out here.
Offensive-Based:
I started my career in InfoSec by studying for the most basic, foundational certification: The Security+. This is the best beginner-level cert that says “I know something about security.”
I learned by going through Professor Messer’s entire course, and I felt pretty ready after I went through it all. Here’s the link to his Sec+ course
Now, lets get into some practical stuff. OverTheWire. These are war-games, or CTF’s - challenges designed to test your practical ability in security, but also designed to help you learn new things. CTF’s are the absolute best way I’ve found to learn security. Here’s the link to OverTheWire in case Google is down. If you get stuck, here are some helpful write-up’s.
Do them in this order:
At this point, you should be set to start with the books and Hacking Labs.
At this point, I’d recommend going for another certification - CEH. Once you have the CEH, you’re ready to move into more practical-based certifications. Here's what I used to learn and practice the CEH:
Now, lets get into some more practical exploitation. PentesterLabs focuses a bit more on WebApp stuff, but I’ve found its the best intro-environment (as it is relatively scripted scenarios, and you don’t have to do as much recon). They're fairly explanatory, and will walk you through the solution if you get stuck.
Next, lets get into HackTheBox (Exploitable virtual machines, ranging in difficulty. You’re going in mostly blind here, so you have to do your own recon and enumeration): HackTheBox
Here are some helpful write-ups (Written Explanations):
Also, there’s some super awesome video explanations by IppSec
After you get through most of these, you should be set to start on your OSCP. The OSCP contains a course (Penetration Testing with Kali), a lab environment (~50-60 vulnerable boxes), and a practical lab test at the end. OSCP
After you’ve completed the OSCP, then you have enough knowledge to continue directly down the cert path, and the courses (in combination with the certs) put out by Offensive Security contain enough good content to where you don’t have to study other resources. The certification path from here on out splits into two different areas: Technical, and management.
If you’re at this point, getting past the OSEE, you can pretty much walk into any offensive-based job, slap you’re cert on the table, and they’ll hire you. You don’t need my help anymore here.
Now, here's the management path:
Having the technical background of the OSCP, plus a CISSP, PMP, and MBA would create an extremely potent executive - one who can understand the technical details and risk, and who then could translate that into verbiage that other executives could understand.
So, you’re overall standard security offensive certification path should look something like:
OR
Now, for the Defensive-based side.
Congrats! If you feel like you're up for a challenge then I'd say go for it as long as you feel like you've got a good support structure in and out of the company. To answer your question, my transition was somewhat mentored by my old boss followed by an abrupt changeout of new-boss-for-newer boss. If I could do anything differently from that time period, it would've been to force the issue of getting performance metrics on my own terms rather than waiting for someone to tell me what my team's metrics would be.
In case any of these might help I'll offer a couple quick considerations/suggestions:
Best of luck!
I mean, the requirements are all spelled out for you in the job description:
KNOWLEDGE, SKILLS, ABILITY(IES):
-----
You need to analyze each of those bullet points and expand on what they mean.
Let's look at the first, and very significant bullet point:
> Knowledge building out a complete IoT solution stack
It should be noted that else where in the job description, the concept of IoT as a component of Smart Cities is added to the conversation.
> identifying gaps with current platform and developing plans to fit those gaps
Gaps in an IoT platform... so some infrastructure and software development systems integration is expected.
You will need to be comfortable with large scale systems design work.
What is a large scale system, and how does one design one? Perhaps starting with smaller scale first might be a wise path...
-----
Now lets take some of those buzzwords and explore them:
https://www.amazon.com/dp/0393082873
https://www.amazon.com/dp/1498702767
https://www.amazon.com/dp/0262527731
I agree with what the others have said.
However, I'll give you some more direction and encouragement. I'm sort of in a similar position as you (except I'm a senior, and have a few years experience working with systems and networking) who is also looking at Security-focused internships.
The CompTIA certificates are okay, especially as a beginner, but they don't hold much weight. They're great for laying down foundational knowledge, and maybe helping you get an interview, but beyond that, they won't do much else.
If I were in your position, I would put my study time into getting the OSCP (Offensive Security Certified Professional). This thing is intimidating. It's one of the harder certificates to get in the industry, and the main reason for that is the exam is a rigorous 24 hour pentest. The payoff is worth it though; the OSCP has an overwhelmingly positive reputation in the industry (don't take my word for it, read up on other's opinions of it). This certificate doesn't expire, and it's something that can help you in your career further down the road (unlike the CompTIA certs). The biggest reason I'm mentioning it is because you can start as a total noob and still pass the exam (all you need is a basic understanding of networking and somewhat familiarity with linux) - be prepared to spend 300-400 hours in a lab environment until you get to that point, though. Start out with the Georgia Weidman book to see it it interests you, if so, go for it and don't look back. Even if you apply to non-offensive/blue team security positions, the OSCP will still put you and your resume near the top of the stack.
As your interest progresses in the Security industry, know that it's essential to have a thorough understanding of systems and networking - and how everything connects to each other.
Best of luck!
Never lie. That said I have been "unqualified/underqualified" for every position I have held if you look at measures like years of experience. This isn't a deal breaker. Put yourself in the hiring managers shoes. If you want to have a team that is working on bleeding edge technology and projects you have to make some compromises on experience. Particularly if you don't have a enormous budget to throw around. The critical things I look for are below.
Smart - I deal with complex problems everyday. A requirement for working with my team is that you can keep up.
Passion - Am I hiring someone who is passionate about the work and role. Do you work with this stuff in the spare time or just for a paycheck.
Ambition - If their is a gap in skills is the applicant going to work hard to fill the gap as quickly as possible. Would you read books and do research to learn the concepts.
Attitude - Are they a good fit for the team. Can I explain what needs to be done and count on you to solve problems and proactively tell if you are struggling.
Look for smaller companies where you will have the opportunity to wear as many hats as possible. The pay will be lower but your playing a long game with your career :) get the experience and find out which hat you like best.
Here is are two great books on the topic.
https://www.amazon.com/Smart-Gets-Things-Done-Technical/dp/1590598385
https://www.amazon.com/gp/aw/d/1119087252/ref=mp_s_a_1_6?ie=UTF8&qid=1484396909&sr=8-6&pi=SL75_QL70&keywords=stretch+book
Good luck!
Oh and when you land that next position. This book will help get you off on the right foot.
https://www.amazon.com/gp/aw/d/1422188612/ref=mp_s_a_1_1?ie=UTF8&qid=1484397012&sr=8-1&pi=SL75_QL70&keywords=first+ninety+days
Oof, literally no one except one other user gave you territory-specific advice to Los Angeles. Guys, just because your career strategy worked in your territory does not mean it'll work in hyperscale cloud-computing dominant Silicon Beach Los Angeles. Classic example of survivor bias, people... We're talking about a territory that has Dollar Shave Club, Tencent, Alibaba, Tinder, Grinder, OkCupid, Verizon DMS, CloudFlare, Akamai, Fastly, Limelight, Amazon Web Services, Google Cloud Platform, Microsoft Azure, and so so so so much more.
Alright, Los Angeles is not a territory where you can take the traditional approach of "just get A+ certified, write some simple but communicative resume and hope for the best on a helpdesk role". The last employer I had right before this, I was a DevOps Engineer. Through automation, we reduced our helpdesk footprint from 15 to 3. By the time I left, only 2 people were left.
And since moving on from that job/employer, I now work for a premier-certified multi-cloud consultancy partner with multiple partner competencies including DevOps Competency and Managed Service competency. Los Angeles is a territory I cover, and let me tell you, the Silicon Valley mantra "move fast and break things" couldn't be more true here compared to other territories I cover.
Los Angeles is a territory where you need to hustle. Plain and simple.
Go to MeetUp events. One MAJOR advantage you have living in Los Angeles is the abundance of cloud-centric MeetUp events. At one, I met Mitchell Hashimoto, the inventor of Terraform . At another MeetUp event, I met Randall Hunt, a chief evangelist of Amazon Web Services. At another MeetUp, I met the senior product director of Fender Digital (Fender Guitars). At a tech conference MeetUp, I met Corey Quinn, a prominent figure/critic of AWS. And there, I also met Dave Bullock, who articulated on blue/green deployment best practices at AWS Anaheim Summit, a free conference for anyone to attend. All of these could be job prospects, but you need to go out there and make yourself visible.
Not to mention the agency recruiters I met along the way, folks from cream-of-the-crop Jefferson Frank (which in territories like Toronto, basically only place AWS Engineers that make upwards of $120,000+ CAD) to middle-of-the-road Workbridge Associates and Jobspring Partners (sibling companies), to bottom of the barrel Robert Half.
Point is, like I said before, YOU NEED TO HUSTLE IN LOS ANGELES. There are almost 4 million people that live in Los Angeles alone. Include Los Angeles County, and you're looking at over 10 million. If you want to stand out, you need to put more effort in than in other territories.
If you don't want to put in that level of effort, the traditional "get A+ certified and get a helpdesk job" approach will work in other territories like Arizona just fine. But in California, especially in Los Angeles, you need to network network network, hustle hustle hustle.
Hell, everything I just wrote? Merely scratches the surface. Everything I wrote above is just to establish visibility. I didn't even talk about developing your skills beyond the basic bar, which would easily take another few paragraphs. I'll leave this short by saying, start exploring websites like LinuxAcademy which covers everything from A+ to AWS, Docker to Kubernetes, GCP to Nagios, Puppet to VMWare, YAML and so so so so much more.
As suggested before, this kind of thing for a "career" isn't very sustainable. Coming from an actual phone/tablet repair job, even my boss understood and pointed out this career path is hard to make a career out of when I put in my two weeks. Great skill to pick up and if possible I'd pick it up as a hobbie though you're likely to run into issues and potentially break phones if you don't have a guide/mentor as I did.
For guides I'd use:
Ifixit.com
The website is pretty self explanatory to use and the guides provided are relatively vague but get the job done. My time of employment gave me a more in depth guide on all repairs however that is exclusive to the job. My biggest point of advice if you want to use this is, KEEP TRACK OF YOUR SCREWS AND WHERE THEY GO.
For a tool kit I'd recommend:
XOOL 80 in 1 Precision Screwdriver Set with Magnetic Driver Kit, Professional Electronics Repair Tool Kit with Portable Oxford Bag for Repair Cell Phone, iPhone, iPad, Watch, Tablet, PC, MacBook https://www.amazon.com/dp/B07RDF633L/ref=cm_sw_r_cp_apa_i_GnwhDbMAAX3KJ
It's relatively cheap and comes with all the essentials except for a heat gun (which you'll need to do various android device repairs such as Samsungs and pixels as well as any kind of tablet)
But I agree it is a really awesome and badass feeling to fix phones/tablets since everyone is incredibly dependent on their devices in our era. If you do make it as a hobby, you wouldn't make as much profit so much as to gaining a reputation to fix phones instead. However, parts can get expensive and mistakes can be made especially if you lack a guide/mentor.
In the end, if you can find a job doing this type of stuff, I'd pick up all the skills there and get out asap. These skills can be very useful in the normal everyday life with how many drops and spills friends/family can make with their phones. In California where I was making $14 after mastering all types of repairs, I still felt underpaid for my experience and knowledge of tablets/devices since minimum wage was already $12.
Edit: I just read the title for "side job". By all means if it doesn't get in the way of your priorities then go for it!
Cheers mate!
Certs will always be more reputable in the IT Sec field then a degree (up until you want to get into a management position, then the MS would be worth it) but after your BS go directly for certs.
If you want to get into Web App Pen Testing then I suggest you pickup the basics of networking, how Packets work, how they are transmitted across the internet. OSI Model, HTTP POST, GET, PUSH, DELETE , how Switches and Routers work as well as how backed server functions on Linux such as Ngix, Apache, how does PHP work.
From that you basically need to learn SQL, HTML, PHP, JavaScript, Python (or Ruby) and some C along with basics of Assembly if you want to learn how to make Exploits.
I suggest you pick up the Web Hackers Handbook. It's a great start to learning how to hack websites.
Also learn the OWASP Top 10.
Take in some knowledge on Metasploit Since it goes over basics of using the tool. Also learn how to use Burp Suite since it's going to be your tool of choice for testing websites, and Nmap as well, since it will be your scanner for checking other domains of the website, etc, etc.
Start practicing at home. Build a small lab with Kali installed on a VM.
You can practice hacking the Damn Vulnerable Web App
Check out VulnHub for more resources on vulnerable VMs to practice hacking.
And also follow Pentest Lab Bootcamp to learn the basics of web app hacking as well. I highly suggest you follow this outline as it will teach you the basics of Web App Hacking and will also provide you with VM's to practice SQL Injection, XSS, CSRF, etc.
As for certificates, since you are doing Web App Pen Testing don't go with the CCNA or CCNA Security, since those are mainly associated with Network Security. You need to understand how networks work, yes, but you don't need to have a deep end knowledge of it.
I suggest you go for Security+ since it will teach you security basics and securing firewalls, routers, switches, etc. After that pursue the OSCP and OWSE from Offensive Security as they are highly regarded in the Pen Testing field.
You might need to also take the CISSP since some companies will require you, but by then you should be able to work for a firm and get the CISSP over time.
Hope this helps, cheers!
It's never too early to familiarize yourself with best and current practices within the field.
I'm not sure what your financial situation is as a student, but I would start by locating and getting in contact with the IIBA or PMI local chapter closest to your home or university. It is an invaluable way to build your professional network, discuss the field, and listen to lectures and presentations built on real world experience.
There are also a number of websites which have useful information about the field (white papers, articles, etc.):
If you are inclined to purchase books, I've found the following very useful in my career:
I would say start with the free websites, immerse yourself in the culture/field and take in all you can. Participate in the r/BusinessAnalysis forum. Finally, network your butt off get a job and start your career.
If you have any other questions feel free to ask or PM me.
The following is pretty good - https://www.amazon.com/300-101-300-115-300-135-Routing-Switching/dp/B00SA7XKZC
Though, I would recommend replacing the C2950 with another C3750. It may not be the latest and greatest but it will give you real hands on experience for cheap. This way you will be prepared for the theoretical and hands on type interviews. If you can set everything up (cabling, racking, flashing, configuration, routing, switching, security, etc.) with everything being factory fresh and uncabled you will more than likely get the job if you can go from the basics all the way to multiple types of network routing and high availability setups. With the addition of them talking about the person that just set it all up from scratch right there without any problems fast which would normally get a you a nice premium on top of what they were originally thinking about offering you.
If you can set things up with that and want to work with the latest and greatest you can then have your company pay for Cisco Lab time and potentially your certs after they hire you.
Yes, most Gov jobs require at least Sec+.
Depending on how much you did as an LEO you may look into computer forensics. Network Security etc. You may also want to beef up knowledge of networking as well. So either the Net+ and/or CCNE cert.
Books are always a good place to start. I don't know about this one but have read a few other books by this publisher that have been pretty good.
Ones I have read/skimmed:
Haven't picked this one up myself, but it has good reviews
Absolutely love being a pentester and the cyber security industry. If you are willing to put in the time and study it can be very rewarding. CEH is a good step in the right direction and should open doors for you.
For entry level positions, pentesting is usually split into two areas, web application and internal/external infrastructure. It's good to have knowledge of both but it's worth choosing which area interests you the most. Personally, I specialise in web applications & API and there is a lot of online resources to help you. (As you have mentioned owasp top 10, I'll assume web apps is your interest)
The best way to learn a vulnerability and get a good understanding is to create vulnerable web pages (this also gives you something to take into an interview). I would suggest doing some basic LAMP stack (Linux, Apache, Mysql, PHP) - Don't let this put you off as it's actually pretty simple. If you can make a few vulnerable pages to display vulnerabilities, you will fly through entry level interviews.
it's really simple to do.. Here is a form that is vulnerable to cross-site scripting. (a few lines of php with some html)
---
<form method="POST" action="">
<p> <input type="text" name="xss"/></p>
<input type="submit">
<?php
$value = $_POST['xss'];
echo $value;
?>
Reading Material:
https://www.amazon.co.uk/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470
https://www.amazon.co.uk/Network-Security-Assessment-Know-Your/dp/149191095X
Practical learning
DVWA (Damn Vulnerable Web App) - Purposely vulnerable web pages to practice exploiting.
http://www.dvwa.co.uk/
Once you have a bit of experience have a look at hackthebox
https://www.hackthebox.eu/
I'm actually starting this path myself.
I think I'm going to be starting with these books:
https://www.amazon.com/Windows-Server-Complete-Study-Guide/dp/111885991X/ref=sr_1_1?ie=UTF8&amp;qid=1466108469&amp;sr=8-1&amp;keywords=mcsa+server+2012
Or the individual books if I can find them.
I would recommend if you can afford the $99 for CBT Nuggets to check those out too
The other nice thing is I think that the certs are good as long as the software is used - Server 2012 is valid for support until 2023 so it's a nice long duration cert to have
Thanks!
it is not necessary, but it improves your quality of life exponentially.
&#x200B;
master this book (concrete mathematics: a foundation in computer science 2nd edition). it wont be easy. get a tutor if you can to make it easier. definitely use khan academy to brush up on your algebra, trig, and calculus
edit: this book is insanely hard, but this book is a standard for exactly what you are asking. it is absolutely worth it but you need to be patient.
Not an expert but I have read a lot of posts saying that 2016 is still young. Take the 2012 first. I am currently reading from this book and I find it great :
https://www.amazon.com/dp/111885991X/ref=tsm_1_fb_lk
You might want to pair it with : Learning Powershell in a month of lunches. It's a bestseller on Amazon and highly recommended.
Edit : what did you use for CCNA ? I have started it in the past but I find the prices exorbitant for seminars !
Most people in IT are actually introverts. But many of them have learned that they have to "turn on" being extroverted in certain situations. One key thing to note is that you will never be able to just avoid people and not interact with them. That is just a core tenet of working in a support and service field.
I would highly recommend reading Quiet since it can give a lot of good insights on ways to approach being an introvert successfully.
Thank you for the very detailed reply. Where does VMware and other virtualization fit into that as well if you don't mind, a lot of the entry jobs around here will probably be dealing with that as I'm near a port city and heavy industry is huge here. Everything they do is on VMware usually to train their employees, etc. Is a CCNA/CCNP cert going to cover most of the bases on virtualization? They also just opened an Amazon warehouse here one reason why I thought the right thing to do was to pick the brains of some seasoned IT professionals and ask about AWS.
Here is what I was looking at picking up to learn.
https://www.amazon.com/gp/product/1587205815/
https://www.amazon.com/gp/product/1587205904/
https://www.amazon.com/gp/product/B00SA7XKZC/
Read a book called 60 Seconds and You're Hired
If your GPA is that fantastic, you may just need to fine tune your interview skills. I love this book and I'm only half way through it. Very practical, not a lot of drawn-out narrative.
> MSCA: SQL Server
Is a good choice. At the same time I see such programs and certificates as credentials for those who already have some experience.
If you
> have a good working knowledge of relational databases in general and know the general dialect of SQL pretty well already
it might be the right choice. It is not perfect but quite good.
> I've done a bunch of practice on sqlzoo.net and gone through a few database/SQL courses on Lynda.com
Take a look at https://lagunita.stanford.edu/courses/Home/Databases/Engineering/about and https://academy.vertabelo.com/blog/18-best-online-resources-for-learning-sql-and-database-concepts/ also.
A bit more:
Books from
https://en.wikipedia.org/wiki/Christopher_J._Date
https://www.amazon.com/Seven-Databases-Weeks-Modern-Movement/dp/1934356921/
https://www.amazon.com/Database-Systems-Complete-Book-2nd/dp/0131873253
Learn the fundamentals of devops and how it relates to your company's technology usage and process.
Read the Phoenix Project, it will give you a better insight on how devops fits in with IT in general.
https://www.amazon.com/Phoenix-Project-DevOps-Helping-Business/dp/0988262592
For technical skills it wouldn't hurt to know improve your scripting/programming skills.
Read this, https://www.amazon.com/Phoenix-Project-DevOps-Helping-Business/dp/0988262592