1. HOME
  2. THE HOMEBREW SECURITY BLOG
  3. Top Cybersecurity Resources

Top Cybersecurity Resources

Logan Bennett
6 min read
22 Dec
22Dec

If you're new to the field of cybersecurity, maybe you have a general understanding of what cybersecurity is, but have no idea where to start. Do not worry, as that is normal when starting out in a new area of study. Cybersecurity is a broad discipline with very specialized fields ranging from penetration testing, incident response, risk management, governance and risk compliance (GRC), malware analysis, threat intelligence, auditing and consulting, exploit development, digital forensics, and so on.

Given the diverse nature of the field, it is common for students to feel overwhelmed. However, this also makes it an exciting career to pursue.

For this reason, security professionals need to know where they can find comprehensive, accurate, and reliable information. Furthermore, without a clear guide, studying can become difficult, which can be frustrating and end up wasting valuable time.

In this post, we will talk about using a research strategy for learning new information. Then, I'll provide you a list of effective cybersecurity resources for you to use on a regular basis. Finally, we will go over how you can utilize these resources to get the most out of them.


Planning Strategy

The first thing I do when I decide to study a new topic is to research general information about that topic. For example, say I decide to pursue a popular Linux certification, CompTIA Linux+. However, the only thing I may know about the certification is the name.

Obviously, some work needs to be put in to understand what the certification entails. Below is a list of questions I would ask when planning my research:

  1. What is the CompTIA Linux+ certification?
  2. Why would someone need to be certified?
  3. How does one become certified?
  4. What objectives do I need to learn?
  5. How do I practice those objectives?
  6. How will I monitor my progress?
  7. What are common study options?
  8. Where can I find available resources?

We can find these answers through various ways, but the simplest method is to search Google and go to the hosting organization's website. I am going to show you exactly how I would handle this task as if I were planning to study for the Linux+ certification. Let's do it!

Gathering Information

Below are some search results when I Google the first question on our list.

Immediately we are presented with a link from CompTIA explaining its purpose. The CompTIA Linux+ certification verifies that professionals understand the Linux operating system and its role in the cloud. Let's take a look at the official website.

Here we can scroll down and view more information about the certification, including specific details about how to obtain it.

Already, this has given us valuable information. With this certification, we could apply for roles as a Cybersecurity Engineer, Penetration Tester, Linux Engineer, Network & Server Administrator, and a few others.

Let's verify through a quick job search on Indeed.

Indeed pulled nearly 22,000 job postings that reference some sort of desired Linux experience. That's great news, as this shows there is a high demand for Linux professionals in the industry.

According to CompTIA, to become Linux+ certified we would need to take the current exam version (XK0-005).

The exam is 90 minutes long with multiple choice and performance based questions, and can be taken from home or in a physical testing center. We would need to pass with a score of at least 720 out of a scale of 100 to 900. Depending on your current technical ability, CompTIA recommends one year experience with Linux servers as well training in other certifications from their lineup.

On the right we can put in our contact information and request CompTIA to send us a copy of all the exam objectives, which is a list of topics that candidates must know in order to pass. Looking further through the website, CompTIA offers Linux+ training with labs in their "Exam Preparation" section.

We now have a good picture of what we need to do and can begin planning our own study path. If CompTIA's exam preparation is too costly or not in scope, you can search for alternative resources by Googling "CompTIA Linux+ XK0-005 Exam Study Resources" as shown below.

In the span of 15 minutes we now know what the Linux+ certification is, what roles are available for certified professionals, expected knowledge and skills based on the objectives, and several study materials ranging from official CompTIA training labs to published books and videos from third party trainers.

Creating a Reference Guide

Once it is decided on which materials to use based on course reviews, community recommendations, and the amount of time that can be set aside to study, it is possible to compile all information in a document that outlines which courses/practice tests to take, an estimated timeline and study schedule, total cost of certification, and other supplemental resources. This document can then be a general reference guide for all things relating to the exam.

Following this process saves time in the future and allows you to clearly assess where you currently are relative to your goal. Tools such as Kanban boards can help in the planning process, though a detailed discussion is out of scope for this text. You can customize your planning to be as rigorous or flexible as you prefer, but the purpose is to acquire vital skills and techniques in a way that is effective for you.

I used CompTIA Linux+ as an example, though this can be applied to anything that you might be interested in. As you'll see in the next section, there are several resources out there for studying cybersecurity topics ranging from virtualized hacking environments to free capture the flag (CTF) challenges.


Top Cybersecurity Resources

There is a strong online presence for cybersecurity websites and influencers dedicated to training and sharing knowledge. The trick is finding the ones that are comprehensive and thorough while being kept up to date with the ever-evolving landscape. Thankfully, it is not difficult to do; just make sure you do your own research before following an influencer's recommendation on a certain security product, as often times they are paid to promote the product and may overlook important details.

Note that this is not a comprehensive list nor are resources ranked in any particular order. Keep in mind there are hundreds of news letters, podcasts, YouTube channels, training sites, and cybersecurity tools on the web. I encourage you to find your own resources and use what works best for you.

NetworkChuck

NetworkChuck is by far one of my top favorite resources for information technology (IT) and cybersecurity because of his content and enthusiasm. NetworkChuck delivers beginner to advanced level training across many IT subjects including networking, ethical hacking, cyber defense, and system administration. Known for his YouTube videos, academy website, and coffee, he provides many tutorials explaining how to set up different labs with industry standard technologies, which viewers can then explore more of on their own.

For more information, you can visit NetworkChuck's academy website at https://learn.networkchuck.com/

John Hammond

John Hammond's YouTube channel is another great resource for free cybersecurity education. John dives deep into malware analysis, cyber threat intelligence (CTI), CTF walkthroughs, documentaries, and more. If you want to be one of the 'top dogs,' you should get to know some of John Hammond's content.

For more information, visit John Hammond's social media repository at https://jh.live/links

Professor Messer

Professor Messer provides IT certification training for CompTIA A+, Network+, and Security+. He also hosts his own live study sessions and maintains a Discord server for like minded individuals looking to advance their careers. Messer offers free up-to-date training videos covering all exam objectives, which makes him a prime resource for entry level professionals.

For more information, visit Professor Messer's training website at https://www.professormesser.com/

TryHackMe & HackTheBox

TryHackMe & HackTheBox are two similar yet very different competing platforms for cybersecurity training. However, both provide excellent content for blue team and red teamers alike through gamification. Gamification makes learning cybersecurity topics fun and engaging by focusing on small challenges for students to complete. While they may follow a lab structure, points are typically associated with completing each lesson.

For more information, visit TryHackMe at https://tryhackme.com/ and HackTheBox at https://www.hackthebox.com/

Capture The Flag Challenges

CTF challenges continues with the concept of gamified, competitive learning. Challenges usually reflect real-world scenarios, and teams compete to solve the challenges in the fastest time possible. As far as scoring, content, and competition access, each platform may have their own set of rules and frameworks. As you'll find through your career, CTF challenges are great for putting your technical skills to the test.

Since there are far too many CTF competitions to explain each one in detail, here are some of my personal favorites:

picoCTF: https://picoctf.org/

OverTheWire Wargames: https://overthewire.org/wargames/

HackThisSite: https://www.hackthissite.org/

CTFlearn: https://ctflearn.com/

There are many more resources out there, but these are more than enough to get you started. As you explore each site and see what each resource has to offer, begin to think about how you can use them to your advantage.


Utilizing Resources

Simply having links to resources will not help you unless you plan to use them. You should be actively keeping up with these every week to maximize your gain. However, that is not to say you can't have fun while doing so!

Many people watch YouTube in their spare time for entertainment purposes. If you're anything like me, start making a conscious effort to swap out videos of the latest video game playthrough for how-to tech videos teaching you how to build your own IT infrastructure from home. Eventually you will start to develop a learning habit, which will replace mindless scrolling with practical, useful knowledge.

Application is just as important as staying relevant with the latest security trends and certifications. For starting out, one option is to spend 15-30 minutes a day solving CTF challenges. You could also build a CTF competition team with other students to join more advanced competitions. Not only will you be progressing and sharpening your skills each day, you will also be building rapport with peers, teaching others with your newly found knowledge, and forming lifelong relationships that will create future opportunities for your career.

All of this can be included in your professional resume and can only help you stand out from other candidates. While having the CompTIA Security+ certificate does have merit, so does being in the top 5% of competitors in an annually held world-wide cybersecurity competition.


Conclusion

Cybersecurity can be both exciting and daunting. The abundance of resources may seem overwhelming at first, however this can be mitigated with detailed planning and a well executed strategy.

There are several resources professionals can use to advance their skillset. The best way to utilize them is to start implementing them in your daily routines. Consistency and thoughtful consideration of material is key to effective learning.

Good luck in your cybersecurity journey, and have fun with these new resources!

20Dec
The Homebrew Security Blog
01Jan
Step-By-Step Networking: A Project-Based Approach
08Jan
Step-By-Step Networking: The Foundation