Infosec Pro, Train Thyself

I dig working in infosec, but I have to admit: keeping my skills up-to-date is one of the most challenging aspects of the job. Infosec is a busy field, and infosec pros are expected to know a little bit of everything. If you’re in the same field, feel free to leave an “Amen, brother,” in the comments.

Attending conferences is a great way to stay in the know, assuming that you have both the cash and the time to step away from your day-to-day long enough to soak up some knowledge. Likewise, training classes from organizations like SANS and MIS Training Institute are great ways to dive deep into a specific subject area, when you can afford them.

If you’re pressed for cash, that’s still no excuse to let your skills waver. Thanks to the magical combination of the interwebs and the uncannily generous infosec community, you can stay in the know and continue to grow as an infosec pro. (For the record, the rhyming was absolutely unintentional, but I dig it, so it stays.)

If you want to pick up some infosec knowledge on the cheap, here are a few resources I strongly recommend you check out. And remember: have fun!

General Hackery

There’s more to security than hacking, but hacking is pretty entertaining. Want to get your feet wet? Then these links are for you.

Web App Security

Maybe you’re wired more for web app sec. What better way to learn than by attacking deliberately vulnerable web applications?

  • WebGoat – An oldie, but a goodie. I cut my web app pen testing teeth on WebGoat. In actuality, OWASP hosts something like a billion web app security projects (including the Broken Web Applications Project). Don’t like WebGoat? Then pick something else and give it a whirl.
  • Mutillidae – If you’re more a PHP hacker, check this project from Irongeek and webpwnized.
  • McAfee HACME tools – Here, you can download six different HACME apps to hammer against. While WebGoat and Mutillidae feel more like tutorials, I wanted to mention the HACME apps because they’re presented more like commercial websites.

Professional Groups

Get out from behind your desk and talk to people! I find that infosec networking events that involve beer are almost always worth your time.

I’m local to CMH, and we’re damn lucky to have all of these orgs represented (and then some). I wanted to give a quick shout-out to a few of the local infosec groups I’ve participated in at one time or another.


And when the time comes that you DO have the cash to attend a conference, here are a few you might want to put on your shortlist.

This list isn’t by any means comprehensive. If I have any glaring omissions, feel free to enlighten me in the comments.


One thought on “Infosec Pro, Train Thyself”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s