(Part 2) Top products from r/security

Good news is that you've got the educational creds to have a solid foundation for a future career. Now it's time to build the background or at least skillset to prove that you're dedicated to the field. An internship is helpful but you're going to need a lot more than helpdesk. I'd focus on finding a small consulting firm or getting in with IT at a company but treading carefully to not take on a title that states 'help desk.'

Showing that you have raw talent is the most important. Demonstrating skills such as learning python or spinning up your own secure server in Softlayer, AWS, or another provider is a massive resume booster and it shows you mean business. I'm not saying that you should sink a bunch of cash, but figure out a small server that you can use, secure, and play around with it over a period of a few months. There's a wealth of information you can pull from just 'doing' without having direct work experience.

Help desk can be a trap, so avoid that and go the networking route or sys-admin path by learning Unix. Help desk seldom leads to better roles in that it's catered to keep you trapped in tier 1 - 2 IT hell. Take it from me as someone who learned quickly that it's a dead end if you want to progress your career.

Hope this comment helps. In an attempt to help you find some good resources I'll post a few below.

Start to Python
https://learnpythonthehardway.org/book/

Secure AWS:
https://benchmarks.cisecurity.org/tools2/amazon/CIS_Amazon_Web_Services_Foundations_Benchmark_v1.0.0.pdf

Helped me get my CCNA:
Read up on GNS3 LAB, it's not supported by Cisco so I wont officially endorse, however you can Google and learn about this on your own.

https://www.freeccnaworkbook.com/

http://www.9tut.com/ - study before your test.

KB for general security. There's a lot out there but this is an easy start.
https://www.cybrary.it/

For learning application security, you'll need to know burp. I'd take a look at this link, and then see if you like what you're reading, do the right thing and go buy this from Amazon if you continue down this path.

https://leaksource.files.wordpress.com/2014/08/the-web-application-hackers-handbook.pdf

If you learn BURP or Python, you should own this book:
https://www.amazon.com/Tangled-Web-Securing-Modern-Applications/dp/1593273886

Mastering Bitcoin by Andreas M. Antonopoulos.

It isn't meant for the average Bitcoin enthusiast, but is more aimed at the technically minded/coders/cryptographically minded user. Many security researchers may well (IMO) have to deal with blockchain related security in the future, so having a decent knowledge of how Bitcoin (the tech) and bitcoin (the currency) works can only be advantageous as this field develops. Even if you don't think that your current role in security won't have to deal with this field, I would still advise you read the book as it is a fascinating read. There is also another version called The Internet of Money that is aimed at those who may not be so technically minded, but still have a genuine interest.

The ever-excellent Khan Academy has produced a very nice and short series of videos explaining how cryptography works. Anyone who understands basic high school arithmetic can follow this. If you have ever been interested in the science of codes, ciphers, breaking them, etc. this is worth a look:

http://www.khanacademy.org/science/brit-cruise/cryptography

More in-depth treatments of cryptography can be found here:

https://www.coursera.org/course/crypto

and here:

http://www.youtube.com/playlist?list=PL71FE85723FD414D7&feature=plcp

And for the truly hard-core some of best books on crypto are:

http://www.amazon.com/Applied-Cryptography-Protocols-Algorithms-Edition/dp/0471117099/ref=sr_1_1?s=books&ie=UTF8&qid=1340524661&sr=1-1&keywords=applied+cryptography

and

http://www.amazon.com/Practical-Cryptography-Niels-Ferguson/dp/0471223573/ref=sr_1_1?s=books&ie=UTF8&qid=1340524712&sr=1-1&keywords=practical+cryptography

and

http://www.amazon.com/Cryptography-Engineering-Principles-Practical-Applications/dp/0470474246/ref=sr_1_2?s=books&ie=UTF8&qid=1340524751&sr=1-2&keywords=practical+cryptography

I'm familiar with the Art of War, and definitely appreciate the translation rec.

Can you recommend any other texts that are similarly good as far as situational awareness and strategy/tactics?

Oh, and I found this to be a great read once upon a time - would probably be good to revisit it, myself: The Seven Military Classics of Ancient China

Ross Andersons Security Engineering. Could be a bit outdated in some places, but overall a tremendous read.

Luckily, its available free in here. There's also a kindle and hardcover versions available here.

I found this book quite useful for explaining crypto and its practical applications in your everyday life.

I am a self-taught security guy so I was familiar with how things worked but this book really explained how they worked scientifically which I found awesome.

Edit:
Fixed link.

Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman is similar to the OSCP syllabus and a good introduction.

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws 2E is the web application hacking bible.

Don't take any shortcuts, if you don't understand any topics read around them and make sure you do - that is usually a good start.

Great article. Here’s a 100 page book that focuses just that: Cyber Security Basics

First things first. Learn to google. it will be invaluable to your security career.

Secondly, try these links:

• http://www.fromdev.com/2013/07/Hacking-Tutorials.html
  
• https://hackerone.com/
  
• https://www.cybrary.it/coursecatalog/
  
• https://krebsonsecurity.com/
  
• https://www.amazon.com/CISSP-All-One-Guide-Seventh/dp/0071849270
  
• https://www.owasp.org/index.php/Education/Free_Training
  
• http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20OWASP%20testing%20guide%20v4.pdf
  
• https://www.udemy.com/courses/search/?q=ethical%20hacking%20and%20penetration%20testing&lang=en
  
• http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
  
• https://www.root-me.org/?page=news&lang=en
  
  And there are plenty more out there.
  IT security is about learning what the industry is doing. Staying fluid is key. keeping upto date it the most important part of it.

It's less likely, but depends on how good the security is on your router/wireless gateway. The other risks I mentioned are still present. Is there a reason the neighbor can't sign up for cell-based Internet?

Also, see https://www.amazon.com/When-Say-No-Feel-Guilty/dp/0553263900/

read the CISSP book, it has tons of info on best practices.

http://www.amazon.com/CISSP-Boxed-Second-Edition-All-/dp/0071793089/ref=sr_1_1?ie=UTF8&qid=1406055613&sr=8-1&keywords=cissp

https://www.amazon.com/Tribe-Hackers-Cybersecurity-Advice-World/dp/1793464189 That was quick!

​

Edit: lol already 1 used for sale. (not mine)

I'd recommend for social engineering specifically:

https://www.amazon.com/Art-Intrusion-Exploits-Intruders-Deceivers/dp/0471782661

Phisphing as a concept isn't a very difficult one to grasp -

I'd say read the wiki's for it:

https://en.wikipedia.org/wiki/Phishing

This was your original comment:

>3d printing is not accurate enough.

This statement is inaccurate and I pointed that out.

>they used 3d printer (resin) in the range of half thousand dollars.

You can pick up a Resin Printer now for less than 200.

>mythbuster used a normal printer (>300dpi) you can get in your hardware store for less than 50$ paper and ink included.

Mybusters did this back in 2011, no where near the tech today and is does not carry over at all as the tech today uses "depth" sensors to measure space between ridges and ridge length. You can't do that on a flat 2D print.

A study guide should be more than enough.
https://www.amazon.co.uk/gp/product/1118875079/ref=pd_sbs_14_t_1?ie=UTF8&psc=1&refRID=FJ778RBW4HCTJN0TG0Y8

https://www.amazon.com/Hacking-Dummies-Kevin-Beaver/dp/1118380932

As a Researcher, Hacking, The Art of Exploitation, Without question...