(Part 2) Top products from r/ITCareerQuestions

I’ve been working on this for a while, so I might as well drop it here. It should provide an authoritative answer for “How do I get started in CyberSecurity”

Before I get started, there are a few things I need to explain about cybersecurity - There are a ton of different areas of “CyberSecurity”.

This post is specifically catered around the core concepts of cybersecurity.

The most basic thing you need to understand about cybersecurity: It revolves around stuff communicating with other stuff. Anything from side-channel attacks to large-scale DDoS’ - stuff is insecure because stuff communicates with other stuff. Communication can be hard understand and even harder to define (let alone secure). I know this is a very vague statement, but it’s one of the core, fundamental concepts of cybersecurity.

The second most basic thing about cybersecurity you need to understand - “hacking” (I hate that word) as it’s known is not some bond-villain type activity. It’s intentionally mis-using something that already exists in a way that introduces a security flaw into the environment. Sometimes the right circumstances line up and this flaw can be leveraged into something, but sometimes it can’t.

I split up my resources into offensive-based and defensive-based because it’s important for you to understand that while each of these groups are individually important, each knowledge area is not as effective without the an understanding of the other one.

One other thing to note - Certifications are great, but you need to de-couple the idea that certifications=knowledge/skills in this field. There are certainly certifications that break out of that mold, but for the most part, this holds true. I’ve ordered them in the order in which I used/learned with these resources, so you can follow-along directly in order (if you want to). I learned offense first, so that’s the way I’m laying it out here.


Offensive-Based:


I started my career in InfoSec by studying for the most basic, foundational certification: The Security+. This is the best beginner-level cert that says “I know something about security.”

I learned by going through Professor Messer’s entire course, and I felt pretty ready after I went through it all. Here’s the link to his Sec+ course

Now, lets get into some practical stuff. OverTheWire. These are war-games, or CTF’s - challenges designed to test your practical ability in security, but also designed to help you learn new things. CTF’s are the absolute best way I’ve found to learn security. Here’s the link to OverTheWire in case Google is down. If you get stuck, here are some helpful write-up’s.

Do them in this order:

• Bandit
  
• Leviathan
  
• Natas
  
• Narnia.
  
  At this point, you should be set to start with the books and Hacking Labs.
  
  
• Penetration Testing (Book, Follow-along labs)
  
  
  
• Hacking, the Art of Exploitation (2nd Edition, Book, follow-along labs)
  
  
  At this point, I’d recommend going for another certification - CEH. Once you have the CEH, you’re ready to move into more practical-based certifications. Here's what I used to learn and practice the CEH:
  
  Now, lets get into some more practical exploitation. PentesterLabs focuses a bit more on WebApp stuff, but I’ve found its the best intro-environment (as it is relatively scripted scenarios, and you don’t have to do as much recon). They're fairly explanatory, and will walk you through the solution if you get stuck.
  
  
• PentesterLabs
  
  
  Next, lets get into HackTheBox (Exploitable virtual machines, ranging in difficulty. You’re going in mostly blind here, so you have to do your own recon and enumeration): HackTheBox
  
  Here are some helpful write-ups (Written Explanations):
  
  
• GitHub
  
  
• 0xRick Webiste
  
  Also, there’s some super awesome video explanations by IppSec
  
  
  After you get through most of these, you should be set to start on your OSCP. The OSCP contains a course (Penetration Testing with Kali), a lab environment (~50-60 vulnerable boxes), and a practical lab test at the end. OSCP
  
  After you’ve completed the OSCP, then you have enough knowledge to continue directly down the cert path, and the courses (in combination with the certs) put out by Offensive Security contain enough good content to where you don’t have to study other resources. The certification path from here on out splits into two different areas: Technical, and management.
  
  
• Technical:
  
  • OSCE (OSCP 2, basically)
    
  • OSWE (OSCP but for web exploitation)
    
  • OSEE (OSCP 3, really fucking hard).
    
    If you’re at this point, getting past the OSEE, you can pretty much walk into any offensive-based job, slap you’re cert on the table, and they’ll hire you. You don’t need my help anymore here.
    
    Now, here's the management path:
    
    
• Management:
  
  • CISSP
    
  • PMP
    
  • MBA
    
    Having the technical background of the OSCP, plus a CISSP, PMP, and MBA would create an extremely potent executive - one who can understand the technical details and risk, and who then could translate that into verbiage that other executives could understand.
    
    
    So, you’re overall standard security offensive certification path should look something like:
    
    
• Security+
  
• CEH
  
• OSCP
  
• OSCE
  
• OSWE
  
• OSEE
  
  OR
  
  
• Security+
  
• CEH
  
• OSCP
  
• CISSP
  
• PMP
  
• MBA
  
  Now, for the Defensive-based side.

Congrats! If you feel like you're up for a challenge then I'd say go for it as long as you feel like you've got a good support structure in and out of the company. To answer your question, my transition was somewhat mentored by my old boss followed by an abrupt changeout of new-boss-for-newer boss. If I could do anything differently from that time period, it would've been to force the issue of getting performance metrics on my own terms rather than waiting for someone to tell me what my team's metrics would be.

In case any of these might help I'll offer a couple quick considerations/suggestions:

1. Find out who you're accountable to (which keep in mind, that probably won't be just your boss) and what they define as success. When that definition is vague or unrealistic, help them come to a definition that's specific and attainable. But either way, reach out to them. Meet with them on a regular basis. If they say they don't want to do a standing meeting then set a weekly or monthly or quarterly reminder (depending on how things are going) to reach out to them.
   
2. Depending on the structure and the size of the team, it's important to identify if you're managing individual contributors or if you're managing managers. The two are very different animals; I'd normally expect a director position to be mostly the latter but companies vary.
   
3. I can't recommend reading The First 90 Days enough. It was written for people like us.
   
4. Chances are, you have in your head a handful of experiences that have struck you as good technology leadership and a handful that are not-so-good. Succinctly capture your takeaways from those; those help to define your core principles and it's important not to lose sight of them.
   
5. Don't be bashful about asking what your predecessor did well and what (s)he could have done better. Ask that of your superiors, your peers, and the people on your team.
   
6. Very early on, find out not only what procedures are documented (and how up-to-date they are) but especially find out what kind of emergency response procedures exist. If they don't, get a basic one together asap and do a test activation of it. An emergency will definitely happen during your first year; you have no control over that. What you can control is the degree to which you and your team are prepared to respond to it. Few statements are more reassuring coming from someone in your position than "Okay guys, bad thing X happened and it's going to be a rough day at the office. But we have a plan for responding to it and it's time for us to execute that plan. Let's go to work."
   
7. Most importantly: chances are you're a dependable engineer and the people you've worked for have come to trust you as their go-to guy or gal. You need one of those. Several if possible, for different facets of the team's operations.
   
   Best of luck!

I mean, the requirements are all spelled out for you in the job description:

KNOWLEDGE, SKILLS, ABILITY(IES):

• Knowledge building out a complete IoT solution stack, identifying gaps with current platform and developing plans to fit those gaps
  
• Knowledge planning and building demo centers for specific vertical solutions
  
• Knowledge develop plans to scale an IoT practice at the City of Dallas as standalone or cross-functional entity
  
• Effective oral and written communication skills
  
• Ability to lead technical conversations with customers to design and execute pilots
  
• Ability to Collaborate internally with relation functions
  
• Ability to develop plans for training
  
• Ability to work directly with business representatives to understand the specific requirements that are driving the need for a solution to be designed; then plan and implement the design activities required.
  
• Ability to develop plans to scale an IoT practice at the City of Dallas as standalone or cross-functional entity.
  
• Ability to lead technical conversations with vendors to establish valuable partnerships.
  
  -----
  
  You need to analyze each of those bullet points and expand on what they mean.
  
  Let's look at the first, and very significant bullet point:
  
  > Knowledge building out a complete IoT solution stack
  
  
• What is IoT?
  
• What are the components of an IoT stack?
  
  It should be noted that else where in the job description, the concept of IoT as a component of Smart Cities is added to the conversation.
  
  
• What is a Smart City?
  
• How is IoT used to create a Smart City?
  
  > identifying gaps with current platform and developing plans to fit those gaps
  
  Gaps in an IoT platform... so some infrastructure and software development systems integration is expected.
  You will need to be comfortable with large scale systems design work.
  
  What is a large scale system, and how does one design one? Perhaps starting with smaller scale first might be a wise path...
  
  -----
  
  Now lets take some of those buzzwords and explore them:
  
  https://www.amazon.com/dp/0393082873
  
  https://www.amazon.com/dp/1498702767
  
  https://www.amazon.com/dp/0262527731
  
  
  
  
  

I agree with what the others have said.

However, I'll give you some more direction and encouragement. I'm sort of in a similar position as you (except I'm a senior, and have a few years experience working with systems and networking) who is also looking at Security-focused internships.

The CompTIA certificates are okay, especially as a beginner, but they don't hold much weight. They're great for laying down foundational knowledge, and maybe helping you get an interview, but beyond that, they won't do much else.

If I were in your position, I would put my study time into getting the OSCP (Offensive Security Certified Professional). This thing is intimidating. It's one of the harder certificates to get in the industry, and the main reason for that is the exam is a rigorous 24 hour pentest. The payoff is worth it though; the OSCP has an overwhelmingly positive reputation in the industry (don't take my word for it, read up on other's opinions of it). This certificate doesn't expire, and it's something that can help you in your career further down the road (unlike the CompTIA certs). The biggest reason I'm mentioning it is because you can start as a total noob and still pass the exam (all you need is a basic understanding of networking and somewhat familiarity with linux) - be prepared to spend 300-400 hours in a lab environment until you get to that point, though. Start out with the Georgia Weidman book to see it it interests you, if so, go for it and don't look back. Even if you apply to non-offensive/blue team security positions, the OSCP will still put you and your resume near the top of the stack.

As your interest progresses in the Security industry, know that it's essential to have a thorough understanding of systems and networking - and how everything connects to each other.

Best of luck!

Never lie. That said I have been "unqualified/underqualified" for every position I have held if you look at measures like years of experience. This isn't a deal breaker. Put yourself in the hiring managers shoes. If you want to have a team that is working on bleeding edge technology and projects you have to make some compromises on experience. Particularly if you don't have a enormous budget to throw around. The critical things I look for are below.

Smart - I deal with complex problems everyday. A requirement for working with my team is that you can keep up.
Passion - Am I hiring someone who is passionate about the work and role. Do you work with this stuff in the spare time or just for a paycheck.
Ambition - If their is a gap in skills is the applicant going to work hard to fill the gap as quickly as possible. Would you read books and do research to learn the concepts.
Attitude - Are they a good fit for the team. Can I explain what needs to be done and count on you to solve problems and proactively tell if you are struggling.

Look for smaller companies where you will have the opportunity to wear as many hats as possible. The pay will be lower but your playing a long game with your career :) get the experience and find out which hat you like best.

Here is are two great books on the topic.

https://www.amazon.com/Smart-Gets-Things-Done-Technical/dp/1590598385

https://www.amazon.com/gp/aw/d/1119087252/ref=mp_s_a_1_6?ie=UTF8&qid=1484396909&sr=8-6&pi=SL75_QL70&keywords=stretch+book

Good luck!

Oh and when you land that next position. This book will help get you off on the right foot.

https://www.amazon.com/gp/aw/d/1422188612/ref=mp_s_a_1_1?ie=UTF8&qid=1484397012&sr=8-1&pi=SL75_QL70&keywords=first+ninety+days

Oof, literally no one except one other user gave you territory-specific advice to Los Angeles. Guys, just because your career strategy worked in your territory does not mean it'll work in hyperscale cloud-computing dominant Silicon Beach Los Angeles. Classic example of survivor bias, people... We're talking about a territory that has Dollar Shave Club, Tencent, Alibaba, Tinder, Grinder, OkCupid, Verizon DMS, CloudFlare, Akamai, Fastly, Limelight, Amazon Web Services, Google Cloud Platform, Microsoft Azure, and so so so so much more.

Alright, Los Angeles is not a territory where you can take the traditional approach of "just get A+ certified, write some simple but communicative resume and hope for the best on a helpdesk role". The last employer I had right before this, I was a DevOps Engineer. Through automation, we reduced our helpdesk footprint from 15 to 3. By the time I left, only 2 people were left.

And since moving on from that job/employer, I now work for a premier-certified multi-cloud consultancy partner with multiple partner competencies including DevOps Competency and Managed Service competency. Los Angeles is a territory I cover, and let me tell you, the Silicon Valley mantra "move fast and break things" couldn't be more true here compared to other territories I cover.

Los Angeles is a territory where you need to hustle. Plain and simple.

Go to MeetUp events. One MAJOR advantage you have living in Los Angeles is the abundance of cloud-centric MeetUp events. At one, I met Mitchell Hashimoto, the inventor of Terraform . At another MeetUp event, I met Randall Hunt, a chief evangelist of Amazon Web Services. At another MeetUp, I met the senior product director of Fender Digital (Fender Guitars). At a tech conference MeetUp, I met Corey Quinn, a prominent figure/critic of AWS. And there, I also met Dave Bullock, who articulated on blue/green deployment best practices at AWS Anaheim Summit, a free conference for anyone to attend. All of these could be job prospects, but you need to go out there and make yourself visible.

Not to mention the agency recruiters I met along the way, folks from cream-of-the-crop Jefferson Frank (which in territories like Toronto, basically only place AWS Engineers that make upwards of $120,000+ CAD) to middle-of-the-road Workbridge Associates and Jobspring Partners (sibling companies), to bottom of the barrel Robert Half.

Point is, like I said before, YOU NEED TO HUSTLE IN LOS ANGELES. There are almost 4 million people that live in Los Angeles alone. Include Los Angeles County, and you're looking at over 10 million. If you want to stand out, you need to put more effort in than in other territories.

If you don't want to put in that level of effort, the traditional "get A+ certified and get a helpdesk job" approach will work in other territories like Arizona just fine. But in California, especially in Los Angeles, you need to network network network, hustle hustle hustle.

Hell, everything I just wrote? Merely scratches the surface. Everything I wrote above is just to establish visibility. I didn't even talk about developing your skills beyond the basic bar, which would easily take another few paragraphs. I'll leave this short by saying, start exploring websites like LinuxAcademy which covers everything from A+ to AWS, Docker to Kubernetes, GCP to Nagios, Puppet to VMWare, YAML and so so so so much more.

As suggested before, this kind of thing for a "career" isn't very sustainable. Coming from an actual phone/tablet repair job, even my boss understood and pointed out this career path is hard to make a career out of when I put in my two weeks. Great skill to pick up and if possible I'd pick it up as a hobbie though you're likely to run into issues and potentially break phones if you don't have a guide/mentor as I did.

For guides I'd use:
Ifixit.com

The website is pretty self explanatory to use and the guides provided are relatively vague but get the job done. My time of employment gave me a more in depth guide on all repairs however that is exclusive to the job. My biggest point of advice if you want to use this is, KEEP TRACK OF YOUR SCREWS AND WHERE THEY GO.

For a tool kit I'd recommend:
XOOL 80 in 1 Precision Screwdriver Set with Magnetic Driver Kit, Professional Electronics Repair Tool Kit with Portable Oxford Bag for Repair Cell Phone, iPhone, iPad, Watch, Tablet, PC, MacBook https://www.amazon.com/dp/B07RDF633L/ref=cm_sw_r_cp_apa_i_GnwhDbMAAX3KJ

It's relatively cheap and comes with all the essentials except for a heat gun (which you'll need to do various android device repairs such as Samsungs and pixels as well as any kind of tablet)

But I agree it is a really awesome and badass feeling to fix phones/tablets since everyone is incredibly dependent on their devices in our era. If you do make it as a hobby, you wouldn't make as much profit so much as to gaining a reputation to fix phones instead. However, parts can get expensive and mistakes can be made especially if you lack a guide/mentor.

In the end, if you can find a job doing this type of stuff, I'd pick up all the skills there and get out asap. These skills can be very useful in the normal everyday life with how many drops and spills friends/family can make with their phones. In California where I was making $14 after mastering all types of repairs, I still felt underpaid for my experience and knowledge of tablets/devices since minimum wage was already $12.

Edit: I just read the title for "side job". By all means if it doesn't get in the way of your priorities then go for it!

Cheers mate!

Certs will always be more reputable in the IT Sec field then a degree (up until you want to get into a management position, then the MS would be worth it) but after your BS go directly for certs.

If you want to get into Web App Pen Testing then I suggest you pickup the basics of networking, how Packets work, how they are transmitted across the internet. OSI Model, HTTP POST, GET, PUSH, DELETE , how Switches and Routers work as well as how backed server functions on Linux such as Ngix, Apache, how does PHP work.

From that you basically need to learn SQL, HTML, PHP, JavaScript, Python (or Ruby) and some C along with basics of Assembly if you want to learn how to make Exploits.

I suggest you pick up the Web Hackers Handbook. It's a great start to learning how to hack websites.

Also learn the OWASP Top 10.

Take in some knowledge on Metasploit Since it goes over basics of using the tool. Also learn how to use Burp Suite since it's going to be your tool of choice for testing websites, and Nmap as well, since it will be your scanner for checking other domains of the website, etc, etc.

Start practicing at home. Build a small lab with Kali installed on a VM.

You can practice hacking the Damn Vulnerable Web App

Check out VulnHub for more resources on vulnerable VMs to practice hacking.

And also follow Pentest Lab Bootcamp to learn the basics of web app hacking as well. I highly suggest you follow this outline as it will teach you the basics of Web App Hacking and will also provide you with VM's to practice SQL Injection, XSS, CSRF, etc.

As for certificates, since you are doing Web App Pen Testing don't go with the CCNA or CCNA Security, since those are mainly associated with Network Security. You need to understand how networks work, yes, but you don't need to have a deep end knowledge of it.

I suggest you go for Security+ since it will teach you security basics and securing firewalls, routers, switches, etc. After that pursue the OSCP and OWSE from Offensive Security as they are highly regarded in the Pen Testing field.

You might need to also take the CISSP since some companies will require you, but by then you should be able to work for a firm and get the CISSP over time.

Hope this helps, cheers!

It's never too early to familiarize yourself with best and current practices within the field.

I'm not sure what your financial situation is as a student, but I would start by locating and getting in contact with the IIBA or PMI local chapter closest to your home or university. It is an invaluable way to build your professional network, discuss the field, and listen to lectures and presentations built on real world experience.

There are also a number of websites which have useful information about the field (white papers, articles, etc.):

• BA Times
  
  
• Modern Analyst
  
  
• Bridging the Gap
  
  
• Mastering Business Analysis - Dave Saboe also hosts a great podcast of the same name
  
  If you are inclined to purchase books, I've found the following very useful in my career:
  
  
• Software Requirements 3rd edition
  
  
• User Stories Applied: For Agile Software Development
  
  
• User Story Mapping
  
  I would say start with the free websites, immerse yourself in the culture/field and take in all you can. Participate in the r/BusinessAnalysis forum. Finally, network your butt off get a job and start your career.
  
  If you have any other questions feel free to ask or PM me.
  

The following is pretty good - https://www.amazon.com/300-101-300-115-300-135-Routing-Switching/dp/B00SA7XKZC

Though, I would recommend replacing the C2950 with another C3750. It may not be the latest and greatest but it will give you real hands on experience for cheap. This way you will be prepared for the theoretical and hands on type interviews. If you can set everything up (cabling, racking, flashing, configuration, routing, switching, security, etc.) with everything being factory fresh and uncabled you will more than likely get the job if you can go from the basics all the way to multiple types of network routing and high availability setups. With the addition of them talking about the person that just set it all up from scratch right there without any problems fast which would normally get a you a nice premium on top of what they were originally thinking about offering you.

If you can set things up with that and want to work with the latest and greatest you can then have your company pay for Cisco Lab time and potentially your certs after they hire you.

Yes, most Gov jobs require at least Sec+.

Depending on how much you did as an LEO you may look into computer forensics. Network Security etc. You may also want to beef up knowledge of networking as well. So either the Net+ and/or CCNE cert.

Books are always a good place to start. I don't know about this one but have read a few other books by this publisher that have been pretty good.

Ones I have read/skimmed:

• Social Enginnering Penetration Testing
  
• The Basics of Inormation Security: Understanding the Fundamentals of InfoSec in theory and Practice
  
• The Basics of Hacking and Penetration Testing
  
  
  Haven't picked this one up myself, but it has good reviews
  
  
• RTFM: Red Team Field Manual
  
• The Hacker Playbook
  
  
  

Absolutely love being a pentester and the cyber security industry. If you are willing to put in the time and study it can be very rewarding. CEH is a good step in the right direction and should open doors for you.
For entry level positions, pentesting is usually split into two areas, web application and internal/external infrastructure. It's good to have knowledge of both but it's worth choosing which area interests you the most. Personally, I specialise in web applications & API and there is a lot of online resources to help you. (As you have mentioned owasp top 10, I'll assume web apps is your interest)


The best way to learn a vulnerability and get a good understanding is to create vulnerable web pages (this also gives you something to take into an interview). I would suggest doing some basic LAMP stack (Linux, Apache, Mysql, PHP) - Don't let this put you off as it's actually pretty simple. If you can make a few vulnerable pages to display vulnerabilities, you will fly through entry level interviews.


it's really simple to do.. Here is a form that is vulnerable to cross-site scripting. (a few lines of php with some html)
---

<form method="POST" action="">

<p> <input type="text" name="xss"/></p>

<input type="submit">

<?php
$value = $_POST['xss'];
echo $value;
?>

Reading Material:

https://www.amazon.co.uk/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470

https://www.amazon.co.uk/Network-Security-Assessment-Know-Your/dp/149191095X


Practical learning
DVWA (Damn Vulnerable Web App) - Purposely vulnerable web pages to practice exploiting.
http://www.dvwa.co.uk/


Once you have a bit of experience have a look at hackthebox

https://www.hackthebox.eu/

I'm actually starting this path myself.

I think I'm going to be starting with these books:

https://www.amazon.com/Windows-Server-Complete-Study-Guide/dp/111885991X/ref=sr_1_1?ie=UTF8&qid=1466108469&sr=8-1&keywords=mcsa+server+2012

Or the individual books if I can find them.

I would recommend if you can afford the $99 for CBT Nuggets to check those out too

The other nice thing is I think that the certs are good as long as the software is used - Server 2012 is valid for support until 2023 so it's a nice long duration cert to have

Thanks!

it is not necessary, but it improves your quality of life exponentially.

​

master this book (concrete mathematics: a foundation in computer science 2nd edition). it wont be easy. get a tutor if you can to make it easier. definitely use khan academy to brush up on your algebra, trig, and calculus


edit: this book is insanely hard, but this book is a standard for exactly what you are asking. it is absolutely worth it but you need to be patient.

Not an expert but I have read a lot of posts saying that 2016 is still young. Take the 2012 first. I am currently reading from this book and I find it great :

https://www.amazon.com/dp/111885991X/ref=tsm_1_fb_lk

You might want to pair it with : Learning Powershell in a month of lunches. It's a bestseller on Amazon and highly recommended.

Edit : what did you use for CCNA ? I have started it in the past but I find the prices exorbitant for seminars !

Most people in IT are actually introverts. But many of them have learned that they have to "turn on" being extroverted in certain situations. One key thing to note is that you will never be able to just avoid people and not interact with them. That is just a core tenet of working in a support and service field.

I would highly recommend reading Quiet since it can give a lot of good insights on ways to approach being an introvert successfully.

Thank you for the very detailed reply. Where does VMware and other virtualization fit into that as well if you don't mind, a lot of the entry jobs around here will probably be dealing with that as I'm near a port city and heavy industry is huge here. Everything they do is on VMware usually to train their employees, etc. Is a CCNA/CCNP cert going to cover most of the bases on virtualization? They also just opened an Amazon warehouse here one reason why I thought the right thing to do was to pick the brains of some seasoned IT professionals and ask about AWS.

Here is what I was looking at picking up to learn.

https://www.amazon.com/gp/product/1587205815/

https://www.amazon.com/gp/product/1587205904/

https://www.amazon.com/gp/product/B00SA7XKZC/

Read a book called 60 Seconds and You're Hired

If your GPA is that fantastic, you may just need to fine tune your interview skills. I love this book and I'm only half way through it. Very practical, not a lot of drawn-out narrative.

> MSCA: SQL Server

Is a good choice. At the same time I see such programs and certificates as credentials for those who already have some experience.

If you

> have a good working knowledge of relational databases in general and know the general dialect of SQL pretty well already

it might be the right choice. It is not perfect but quite good.

> I've done a bunch of practice on sqlzoo.net and gone through a few database/SQL courses on Lynda.com

Take a look at https://lagunita.stanford.edu/courses/Home/Databases/Engineering/about and https://academy.vertabelo.com/blog/18-best-online-resources-for-learning-sql-and-database-concepts/ also.

A bit more:

Books from

https://en.wikipedia.org/wiki/Christopher_J._Date

https://www.amazon.com/Seven-Databases-Weeks-Modern-Movement/dp/1934356921/

https://www.amazon.com/Database-Systems-Complete-Book-2nd/dp/0131873253

Learn the fundamentals of devops and how it relates to your company's technology usage and process.

Read the Phoenix Project, it will give you a better insight on how devops fits in with IT in general.

https://www.amazon.com/Phoenix-Project-DevOps-Helping-Business/dp/0988262592

For technical skills it wouldn't hurt to know improve your scripting/programming skills.

Read this, https://www.amazon.com/Phoenix-Project-DevOps-Helping-Business/dp/0988262592