Ah, knowledge, you slippery little minx. How can we hold on to you? Do we even need to chase you? Well, if you want to succed here in the world of cybersecurity, you will definitely need to chase and grab a tight hold on knowledge. In today's episode, I describe my process of acquiring knowledge. It really is only one part of an overall strategy to develop your skill set. You need knowledge, but then you need practice. Today, we will discuss knowledge.
Does your process differ from mine? Let me know how you succeed! Any blogs or other resources you think need to be added? Let me know that as well!
During this podcast, I break down where we gain knowledge:
- Social Media
- Blog Posts (like these!)
- Company
- News
- Personal
- Vulnerabilites / Threats
One of the best ways to consume this is through a RSS Feed Reader. Many applications will even bring in subreddits and Twitter feeds. This will ensure you stay out of the social media black hole during your research time.
Feedly - RSS Reader, cross platform. Free, but has a yearly premium cost of $99. This adds the ability to add Twitter feeds and Reddit subreddits.
Inoreader - RSS Reader, cross platform. Free, but has a yearly premium cost of $90. This adds the ability to add Twitter feeds (among other things). The ability to add Reddit subreddits is in their Free Tier.
NetNewWire - This is an open source RSS Reader. Mac only.
Pocket and Instapaper: These are good repositories for links you read and want to keep around.
For note taking, this will be highly personal.
That being said, my recommendation is Craft Docs. It is highly flexible and allows you to really organize your notes very well. Remember: you want to capture what you are researching. Make notes about points you feel are important. Add a "so what" section. And a section for "Follow up" topics.
These are other apps that work well for note taking:
Now for the links. This is going to just be a dump of links without much context. Enjoy them. Look over them. Make them your own: remove ones that don't interest you and add ones that do!
https://twitter.com/anton_chuvakin
https://twitter.com/briankrebs
https://twitter.com/sansforensics
https://twitter.com/EricRZimmerman
https://twitter.com/13CubedDFIR
https://twitter.com/schneierblog
https://twitter.com/offsectraining
https://twitter.com/taosecurity
https://www.reddit.com/r/netsec/
https://www.reddit.com/r/cybersecurity/
https://www.reddit.com/r/AskNetsec/
https://www.reddit.com/r/Cybersecurity101/
https://www.reddit.com/r/netsecstudents/
https://www.reddit.com/r/blueteamsec/
https://www.reddit.com/r/redteamsec/
https://www.reddit.com/r/linuxquestions/
https://www.reddit.com/r/securityCTF/
https://www.reddit.com/r/ReverseEngineering/
https://www.reddit.com/r/computerforensics/
https://www.reddit.com/r/Malware/
https://www.reddit.com/r/crypto/
Blogs
Company
https://www.mandiant.com/resources/blog
https://www.trellix.com/en-us/about/newsroom/stories.html
https://www.crowdstrike.com/blog/
https://www.malwarebytes.com/blog
https://nakedsecurity.sophos.com/
https://www.offensive-security.com/blog/
News
https://www.bleepingcomputer.com/
Personal
https://taosecurity.blogspot.com/
https://medium.com/katies-five-cents
Vulnerabilities / Threats
https://www.cisa.gov/uscert/ncas/bulletins
https://www.cisa.gov/uscert/ncas/current-activity
https://www.cve.org/Media/News/AllNews
https://packetstormsecurity.com/
https://seclists.org/#fulldisclosure
Member discussion: