When learning complex subjects with a large range of variety it can often be overwhelming to find what you need to learn in order to get “good” at your chosen discipline. Many discussions center around advice such as you need to know “everything” or other unhelpful, unspecific outlines. I’ve made an infosec mind map for my own learning which I hope you find useful. The purpose of this is to break down different topics into bite sized chunks of learning. By bite sized it may still take you a week or two to get a handle on any one topic within the map, but if you can successfully check off each item you should have a good handle on each discipline listed.
After taking on the challenge of Offensive Securities “Pentesting With Kali” (PWK) course I knew I was addicted. The buffer overflow section was so much fun I knew I needed more. There was something about subverting a program to do your own bidding by sending it a special string that to me was the epitome of hacking. Considering the extremely good experience I had with Offensive Security they were the natural choice for my next training step into the world of exploit development.
Recently I’ve been reading a ton of questions, posts and general discussion about getting into the ‘Information Security’ game, and in my opinion at least it’s typically followed up by a fair amount of misleading information. That might be a little harsh considering I’m sure it’s good intentioned, it’s also even possible that the advice worked for them (there is no one size fits all advice) but I thought I’d lay my thoughts out here in the hope of helping a new budding hacker move forward.
There are a ton of certification’s in the information security space. While some certifications are ‘good’ and some are ‘bad’, often it’s more a case of different certs for different purposes. If you want to tick a box on a resume you go for CEH, if you want to focus on the theoretical side you go for CISSP, if your boss is paying you go for SANS, and if you want to learn you go for Offensive Security. Okay okay, perhaps that’s a little harsh on the others but in my opinion Offensive Security offers by far the best value for money certifications on the market today.