I can definitely relate, this sounds just like me last year! I've done things the hard way and it took me 5x longer. I also prefer screencasts to books. I always need to create a project to solidify those fresh skills, otherwise they'll be gone in a month. Also tutorials for things like Backbone assume you know how to use jQuery, Underscore, and things like REST, and JSON responses... this can quickly get confusing if your not familiar with all of these. My largest regret is not building enough practice apps in the last year. I really should have applied more by doing, instead of staying in the theoretical world.

Here are some insights that i've made and the courses/tuts/projects that helped me the most:

Learn the language first:

• https://tutsplus.com/course/javascript-fundamentals/
  
• https://tutsplus.com/course/object-oriented-javascript/
  
• https://tutsplus.com/course/advanced-javascript-fundamentals/
  
• http://eloquentjavascript.net/ If you feel you need more coverage of the same topics (interactive html like CodeCademy).
  
• Build something interesting, things like games seem to also challenge your programming skills at the same time. Something like Whack-a-Mole, Connect 4, etc... Don't worry too much about the looks, unless you want to practice that too. At this point you should be able to do basic dom manipulation, events, and basic logic.
  
• The tut-plus courses cost a little for a few months but they're really high quality... most of them also give you projects too.
  
  

  Set up a comfy environment
  

  
  Take some time to start optimizing your development environment, the Paul Irish explains it very well below, but some of the topics are a bit too advanced for now (modules, build tools, etc...).
  
  

• Javascript Development Workflow of 2013
  
• Setup a jshint plugin (~4min above), read the website/docs for all the options. http://www.jshint.com/
  
  
• A more entry level talk on setting up your environment Front-end Tools for the Young Developer
  
  
  

  Learn the native DOM and it's API
  

  
  

• http://domenlightenment.com/
  
• Create your own DOM manipulation library
  
• While this one is a book, it's small and has js-fiddle examples for every code block to try it out... i'm currently going through this and it's great! They have a free HTML version (not final edit) and a cheap softcover on amazon. This will make using jQuery much easier and less 'mysterious'.
  
  

  Learn jQuery
  

• https://tutsplus.com/course/30-days-to-learn-jquery/
  
• https://tutsplus.com/tutorial/jquery-anti-patterns-and-best-practices/
  
• http://fixingthesejquery.com/#slide1
  
• https://tutsplus.com/course/jquery-plugin-development-best-practices/
  
• Re-write one of your previous apps to use jQuery instead of vanilla.
  
• While I love vanilla, jQuery just saves time. Learn when you can easily not use jQuery to gain some easy performance.
  
  

  Read "The Good Parts"
  

  
  Though very cliche at this point, read through this classic. If you don't really understand it all 100%, make sure you hang on to it though as it gets better with age. Try and follow it as close as possible, then later feel free to break the rules. By then you'll know why you can break them.
  
  

• JavaScript the Good Parts
  
  

  Learn Underscore
  

  This is a great library that gives you a lot of cross browser ES5 features and features that should be in JS. Not a lot of tuts on this one, reading the docs and source helps a ton here.
  
  

• http://net.tutsplus.com/tutorials/javascript-ajax/getting-cozy-with-underscore-js/
  
• http://vimeo.com/60216668
  
• http://underscorejs.org/
  
• https://github.com/bestiejs/lodash
  
  

  Learn Backbone
  

  There are lots of these libraries but Backbone is the most popular and easiest to learn. Keep in mind this is a library, not an entire framework like ember. This means in a larger app you will essentially use Backbone to help build you own SPA framework for your app.
  
  

• https://tutsplus.com/course/connected-to-the-backbone/
  
• https://tutsplus.com/course/advanced-backbone-patterns-and-techniques/
  
• http://addyosmani.github.io/backbone-fundamentals/ Great book!
  
• Build a Todo app with backbone
  
• Build a backbone powered Reddit mobile web app, read the following posts for inspiration.
  http://cheeaun.com/blog/2012/03/how-i-built-hacker-news-mobile-web-app
  http://cheeaun.com/blog/2012/03/how-i-built-hacker-news-mobile-web-app_26
  
  

  Learn Node
  

  
  

• https://tutsplus.com/course/introduction-to-node-js/
  
• Build a command line app ( I built a scaffolding app to spit out my boilerplates, and a really janky language transpiler)
  
  

  General Front-End, Programming
  

• Baseline for front end developers
  
• So you want to be a front end engineer
  
• http://pineapple.io/wiki
  
• https://www.edx.org/courses/HarvardX/CS50x/2012/about
  
• I can't stress how helpful the CS50 course has been to me, even on the front end.
  
  

  Read a comprehensive JS book
  

  I really like Nicholas Zakas's book over the definitive guide. I find that he is able to tell more of a story and makes it easier for me to absorb.
  
  

• Professional JavaScript Development
  
• JS the Definitive Guide
  
• Re-read "The Good Parts", this should make much more sense than the first time you read it.
  
  

  Testing
  

  
  Make sure you're comfortable with everything before moving onto testing... this includes frameworks etc.. Learning testing will only slow down the learning process if you're not comfortable with the rest. Mocha is the newer test runner and is better with async. However, Jasmine is very popular and time tested. The "Lets code javascript" below is an awesome course. Don't let the first sections turn you off, they may seem tedious at first (integration server, etc...) so feel to skip to dom/browser testing and then loop back when testing is more normal.
  
  

• http://www.youtube.com/watch?v=eVpXkyN0zOE - Short intro to Jasmine and TDD
  
• https://tutsplus.com/course/javascript-testing-with-jasmine-2/ - Nice n Easy course to Jasmine & TDD
  
• http://www.letscodejavascript.com/ - epic comprehensive JS TDD course from server to browser
  
• 
  
• http://visionmedia.github.io/mocha/ - My favorite runner (with Chai)
  
• http://karma-runner.github.io/ - Test in mult. browsers from the command line (advanced)
  
• https://github.com/rmurphey/js-assessment - test your skills (no pun intended)
  
  

  --
  

  I just started sketching out a website to try and solve this problem. It has different paths to follow to fill in gaps of JS knowledge quickly (much like hackdesign.org)... unfortunately it's not finished yet! Watch LevelUpJS on Github in the future. I also have some more links on app architecture and things like modules but this list is getting a bit large!
  
  Cheers and good luck!
  

Sorry for getting all dramatic, but for me you're asking a red pill/blue pill question. I applaud your curiosity and can only recommend you follow your gut and take the red pill. The truth is by asking the question you already know what to do next. Just keep going. However I'll give you a few ideas because you got me excited.

1. Get in touch with your osx terminal
   
2. Get linux ASAP
   
3. Learn the command line
   
   

   OSX Terminal
   

   
   Underneath the shiny GUI surface of your mac you have an incredible unix style OS just waiting to be played with and mastered. A few tips to get you going.
   
   
   

   Download iTerm 2. Press cmd-return, cmd-d and command-shift-d.
   

   
   Congrats. you now have a hollywood hacker style computer
   
   

   Copy and paste this line into your terminal and say yes to xcode.
   

   
   ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
   
   Awesome you now have homebrew. A linux style package manager.
   
   

   May as well get cask too.
   

   
   brew install caskroom/cask/brew-cask
   
   Now you can install programs by typing a couple of words.
   
   try
   
   brew cask install virtualbox
   
   

   Get Linux ASAP
   

   
   Linux is relatively easy to get up and running and awesome fun. try any of these options
   
   

• Download virtual box and install a 'virtual machine' to run linux on your mac (see above).
  
• Buy a Raspberry Pi.
  
• Create a bootable usb and install refind on your mac.
  
• Take a friends old laptop and install linux on it from your live usb distro.
  
  If any of the above seems slightly daunting don't sweat it. Be confident and you may just surprise yourself at how much you can learn in such a short amount of time.
  
  

  Learn the command line
  

  
  The command line opens up the wonderfully powerful and creative world of unix. Push on.
  
  

• Get the basics down with codecademy
  
• Play with some books (this or this for eg)
  
• Watch some youtube videos (this guy's good for webdev)
  
• Learn a text editor (Try Vim. You already have it. Type 'vimtutor' in your terminal to get started)
  
  

  Play, Play, Play
  

  
  Do what gets you excited.
  
  I got a big kick out of learning ssh and then pranking my friends with commands like
  
  say hello friend, i am your computer. i think your friend two-gun is very handsome. Is he single?
  
  or
  
  open -a "Google Chrome" https://www.youtube.com/watch?v=X0uYvQ_aXKw
  
  Do what you find fun. Oh and check out Richard Stallman. He's a good egg.
  
  Enjoy.
  
  

  edit-0
  

  forgot iTerm link
  

  edit-1
  

  Wow! Gold! Ha! Thank you. This is so unexpected! I'd like to thank the academy, my agent, my mom...

A few of my favorite books I reference and recommend. Just a note, many of these are older and can be purchased used for much less. Also if you can afford it, get a Safari subscription. I use my work Safari subscription but this alone has saved me from my book buying habit. Now I only buy "must have" books. :)

Official Ubuntu Server book - I really like this book as the writing style helped me "get it" with Linux. Kyle Rankin has a very good method of showing you the technology and then a quick run down to get the server working, followed by some admin tips. It's a just scratching the surface type of book but it's enough to get you started. I rarely use Ubuntu now, but this book helped me understand DNS and other topics that were IMHO harder to grasp from other books.

As a bonus, this book also has an entire chapter dedicated to troubleshooting. While this sounds obvious, it's a great read as it talks about dividing the problem, how to approach the facts, etc. Stuff a seasoned admin would know but might be hard to explain to a new admin.

The Linux Command Line: A Complete Introduction - You can read this book for free on the site, but having a paper copy is nice. As mentioned, you should have a very solid understanding of the command line. In my experience, I have seen co-workers struggle with basic shell scripting and even understanding how to make a single line for loop. This book covers the basics, moving to shell scripting and I think it's a good solid reference guide as well.

DevOps Troubleshooting: Linux Server Best Practices - This book is referenced a few times here but I'll throw another comment for it. Another book from Kyle Rankin and has the same straight to the point writing style. It's very quick reference and simple enough that you could give this to a new sysadmin and he or she could get started with some of the basic tools. While the book covers a good selection of basic services and tools, it's easy to get deeper into a chapter and find it's only discussing a handful of troubleshooting steps. The idea with this book is it's a quick reference guide, and if you want to get deeper into troubleshooting or performance, take a look at other books on the market. Either way, this is a great book I keep on my desk or reference through Safari.

UNIX and Linux System Administration Handbook (4th Edition) - Another popular book based on the comments here. This is a pretty big book, thin pages, but it's like a small brick of UNIX/Linux knowledge. While it's starting to get dated, it does give a great reference to many topics in the system administration world. The chapters can dive deep into the subject and offer more than enough information to get started but also understand the technology. The e-mail chapter I thought was great as well as the DNS. I think of this book as a overall guide and if I want to know more, I would read a book just on the subject, that's if I need more information. One thing to point out is this book makes use of different OS's so it's filled with references to Solaris, different UNIX versions, etc. Not a problem but just keep in mind the author may be talking about something outside the scope of vanilla Linux.

Shell Scripting: Expert Recipes for Linux, Bash and more - I found this book to be a good extenstion of the Linux Command Line book, but there are many many other Bash/Shell scripting books out there. The author has many of the topics discussed on his site but the book is a good reference for scripting. I can't stress enough how important shell scripting is. While it's good to know a more formal language like Python/Perl/etc, you are almost certain bash will be on the machine you are working on.

Systems Performance: Enterprise and the Cloud - I can't comment on this book beyond the first chapter, I'm still reading it now but it's reading similar to Brendan Gregg's site, and that's a great thing. If you don't know who this guy is, he's one of the top performance guys in the Solaris and now Linux world. He has some great infographics on his site, which I use for reference.

Use method for Linux

Linux Performance

Example of Linux performance monitoring tools

Hope this helps!

Start by trying to understand the CSS and HTML on the sites you like going to. If you haven't already, become familiar with the F12 developer tools each browser provides. You'll want to get comfortable with them all because early on you will want to discover why your pages aren't looking the same in one browser to the next. Using the dev tools in the browser you can actually change the way the page is styled by literally changing the CSS in the developer tools. Or you can add styles as well which is GREAT when modifying your own site so you dont have to go back and republish it each time you make a change. IE's dev tools are actually pretty great. You can also simulate older browsers by changing the document/browser mode in the Emulation tab (this isn't perfect btw, but works well for the most part)

Next start using JSFiddle.net or CodePen.io and try to recreate some elements on a site you like. Do this daily, and do not get frustrated. By using the dev tools you can see how they used CSS to get the style you like, and the surrounding divs/spans/p/etc around it. You can also right click on the page and select "inspect element".

Codecademy is GREAT but one thing it doesn't do well is using real world tools since you are using their environment. You will learn far more by manipulating the dom in F12 or using JSFiddle/CodePen. Plus you can post a page you are working on in JSFiddle/CodePen to a forum like this one for help with what you are working on for a lot better discussion.

Another good site to keep in your toolbox is Can I use. This will help you with understanding which CSS can and can't be used for your specific browser support needs. One example that comes to mind is wanting to use text-shadow which isn't supported in IE9.

Because this is a post in a CSS sub, I'm not sure if you are going down the web developer route, but if you are, then continue reading. Otherwise, feel free to skip to the last paragraph.

Next you will want to move on to the final tool in your front end development toolbox you will want to master and that is JavaScript. Learn straight JavaScript first, and avoid mixing in jQuery until you feel like you have a great understanding of how JS works on its own. I believe the JS tutorial on Codecademy mixes jQuery early on, and if you are just starting out you may not realize the difference. Don't get me wrong, learning jQuery is almost as important as learning JavaScript, it's just important to understand it is a library for JavaScript, and as a framework has its uses and limitations. I really liked the JavaScript tutorial on Code School, so that would be a great place to start. It's not free, but I believe they have a free trial. Otherwise everyone will tell you JavaScript: the Good Parts and Eloquent JavaScript (which is online and free) are required reading.

After that you'll want to learn some of the more popular libraries and frameworks for CSS & JS, such as LESS, Sass, jQuery, AJAX, node.js, backbone.js, and Bootstrap to name a few.

After this, then you'll need to decide if you prefer to lean more to the designer side or the back-end developer side. Front-end developers are usually the bridge between the designer and back-end developer.

In my experience though, you fall in to either being an all-in-one or the designer who does front-end work. Learning designer tools like Illustrator and Photoshop will be helpful if you are asked to or need to create your assets. I actually prefer Fireworks (though I hear it is being discontinued) for creating quick assets I couldn't create with CSS instead of Illustrator because its a little less robust and for someone new its much easier to learn. Otherwise if you are going the back-end route you'll probably want to research which server-side language you want to start with like PHP, Ruby, Python, .NET, etc and then what database such as MySQL, MSSQL, etc.

The best advice I can give you though, is don't be a "master of none" web developer. Become a master at CSS before you move to JavaScript. Then become a master at JavaScript before you move to another language, or whichever language you choose next. When I started out I tried to learn CSS, JavaScript, ASP, PHP, jQuery, C#, AJAX, SQL, and a few others because I wanted to get started quickly...along with pressure from the company I worked at. You will get overwhelmed, burnt out, and start making mistakes, or even worse, not get to the bread and butter of the language you are trying to learn.

I've posted this before but I'll repost it here:

Now in terms of the question that you ask in the title - this is what I recommend:

Job Interview Prep

1. Cracking the Coding Interview: 189 Programming Questions and Solutions
   
2. Programming Interviews Exposed: Coding Your Way Through the Interview
   
3. Introduction to Algorithms
   
4. The Algorithm Design Manual
   
5. Effective Java
   
6. Concurrent Programming in Java™: Design Principles and Pattern
   
7. Modern Operating Systems
   
8. Programming Pearls
   
9. Discrete Mathematics for Computer Scientists
   
   

   Junior Software Engineer Reading List
   

   
   

   Read This First
   

   
   

10. Pragmatic Thinking and Learning: Refactor Your Wetware
    
    

    Fundementals
    

    
    

11. Code Complete: A Practical Handbook of Software Construction
    
12. Software Estimation: Demystifying the Black Art
    
13. Software Engineering: A Practitioner's Approach
    
14. Refactoring: Improving the Design of Existing Code
    
15. Coder to Developer: Tools and Strategies for Delivering Your Software
    
16. Perfect Software: And Other Illusions about Testing
    
17. Getting Real: The Smarter, Faster, Easier Way to Build a Successful Web Application
    
    

    Understanding Professional Software Environments
    

    
    

18. Agile Software Development: The Cooperative Game
    
19. Software Project Survival Guide
    
20. The Best Software Writing I: Selected and Introduced by Joel Spolsky
    
21. Debugging the Development Process: Practical Strategies for Staying Focused, Hitting Ship Dates, and Building Solid Teams
    
22. Rapid Development: Taming Wild Software Schedules
    
23. Peopleware: Productive Projects and Teams
    
    

    Mentality
    

    
    

24. Slack: Getting Past Burnout, Busywork, and the Myth of Total Efficiency
    
25. Against Method
    
26. The Passionate Programmer: Creating a Remarkable Career in Software Development
    
    

    History
    

    
    

27. The Mythical Man-Month: Essays on Software Engineering
    
28. Computing Calamities: Lessons Learned from Products, Projects, and Companies That Failed
    
29. The Deadline: A Novel About Project Management
    
    

    Mid Level Software Engineer Reading List
    

    
    

    Read This First
    

    
    

30. Personal Development for Smart People: The Conscious Pursuit of Personal Growth
    
    

    Fundementals
    

    
    

31. The Clean Coder: A Code of Conduct for Professional Programmers
    
32. Clean Code: A Handbook of Agile Software Craftsmanship
    
33. Solid Code
    
34. Code Craft: The Practice of Writing Excellent Code
    
35. Software Craftsmanship: The New Imperative
    
36. Writing Solid Code
    
    

    Software Design
    

    
    

37. Head First Design Patterns: A Brain-Friendly Guide
    
38. Design Patterns: Elements of Reusable Object-Oriented Software
    
39. Domain-Driven Design: Tackling Complexity in the Heart of Software
    
40. Domain-Driven Design Distilled
    
41. Design Patterns Explained: A New Perspective on Object-Oriented Design
    
42. Design Patterns in C# - Even though this is specific to C# the pattern can be used in any OO language.
    
43. Refactoring to Patterns
    
    

    Software Engineering Skill Sets
    

    
    

44. Building Microservices: Designing Fine-Grained Systems
    
45. Software Factories: Assembling Applications with Patterns, Models, Frameworks, and Tools
    
46. NoEstimates: How To Measure Project Progress Without Estimating
    
47. Object-Oriented Software Construction
    
48. The Art of Software Testing
    
49. Release It!: Design and Deploy Production-Ready Software
    
50. Working Effectively with Legacy Code
    
51. Test Driven Development: By Example
    
    

    Databases
    

    
    

52. Database System Concepts
    
53. Database Management Systems
    
54. Foundation for Object / Relational Databases: The Third Manifesto
    
55. Refactoring Databases: Evolutionary Database Design
    
56. Data Access Patterns: Database Interactions in Object-Oriented Applications
    
    

    User Experience
    

    
    

57. Don't Make Me Think: A Common Sense Approach to Web Usability
    
58. The Design of Everyday Things
    
59. Programming Collective Intelligence: Building Smart Web 2.0 Applications
    
60. User Interface Design for Programmers
    
61. GUI Bloopers 2.0: Common User Interface Design Don'ts and Dos
    
    

    Mentality
    

    
    

62. The Productive Programmer
    
63. Extreme Programming Explained: Embrace Change
    
64. Coders at Work: Reflections on the Craft of Programming
    
65. Facts and Fallacies of Software Engineering
    
    

    History
    

    
    

66. Dreaming in Code: Two Dozen Programmers, Three Years, 4,732 Bugs, and One Quest for Transcendent Software
    
67. New Turning Omnibus: 66 Excursions in Computer Science
    
68. Hacker's Delight
    
69. The Alchemist
    
70. Masterminds of Programming: Conversations with the Creators of Major Programming Languages
    
71. The Information: A History, A Theory, A Flood
    
    

    Specialist Skills
    

    
    In spite of the fact that many of these won't apply to your specific job I still recommend reading them for the insight, they'll give you into programming language and technology design.
    
    

72. Peter Norton's Assembly Language Book for the IBM PC
    
73. Expert C Programming: Deep C Secrets
    
74. Enough Rope to Shoot Yourself in the Foot: Rules for C and C++ Programming
    
75. The C++ Programming Language
    
76. Effective C++: 55 Specific Ways to Improve Your Programs and Designs
    
77. More Effective C++: 35 New Ways to Improve Your Programs and Designs
    
78. More Effective C#: 50 Specific Ways to Improve Your C#
    
79. CLR via C#
    
80. Mr. Bunny's Big Cup o' Java
    
81. Thinking in Java
    
82. JUnit in Action
    
83. Functional Programming in Scala
    
84. The Art of Prolog: Advanced Programming Techniques
    
85. The Craft of Prolog
    
86. Programming Perl: Unmatched Power for Text Processing and Scripting
    
87. Dive into Python 3
    
88. why's (poignant) guide to Ruby

It depends on what you already know.

​

Do you have any prior programming experience? If not, start there. My no. 1 recommendation here would be Allen B. Downey's free Think Python book. Others might come along and recommend something like SICP, which is a good book, but perhaps a bit hard for an absolute beginner. Downey also has a version of his book that uses Java, so if you know for a fact that this is the language your introductory programming class will be using, then that could be a better option (Python is a simpler language, which makes it easier for you to focus on the actual concepts rather than the language itself, but if you know that you'll be using Java, you might as well kill two birds with one stone).

​

If you do have prior programming experience, you have all sorts of options:

• You could learn a functional language, like a Lisp (Clojure, Racket, Scheme, LFE, ...) or something in the (extended) ML family (Standard ML, OCaml, F#, Haskell, Elm, ...).
  
• Or, you could go the other way and learn something low-level, like C. You could even learn about C and Lisp at the same time by building your own.
  
• Or learn a logic programming language, like Prolog.
  
• Or, if you really want to understand object-oriented programming (and how languages like Java managed to stuff it up), you could learn Smalltalk.
  
• If you don't know what a unit test is or how to write one, you should learn.
  
• Learn about data structures and algorithms. As a CS student, you'll be learning about them at some stage anyway, so there's no harm in starting early. Some people might recommended CLRS for this, but for someone just starting out, I'd recommend something a bit friendlier, such as this series of videos from Princeton (presented by Robert Sedgewick, author of one of the most popular books on the subject). If you'd prefer a book, this free one from Allen B. Downey (who also wrote the introductory programming text I recommended earleir) looks quite good.
  
• Work your way through NAND2Tetris. It will take way longer than a month, but it will definitely set you apart from the rest of the class. Even if you don't do this now, you should definitely plan to do it at some point.
  
• Learn about databases. Again, you'll have to study them eventually, so why not start early? You could start by trying to build something that uses a database, like a simple todo utility.
  
  ​
  
  Regardless of whether or not you have programmed before, I would also recommend doing the following:
  
  
• Learn some basic Unix skills. It doesn't have to be too much – just enough to be able to sit down at the command line and have a vague idea of what you're doing is fine for now. You'll learn more as you use it more. That said, if you really want to dive in and learn how everything works, then something like How Linux Works could be a good read.
  
• Learn some discrete mathematics. As a CS student, you'll be required to learn it at some stage – it's the mathematical backbone of CS, much like calculus is to physics – so you might as well start early. This free, book-length set of notes from MIT is very well-regarded (but don't expect to get through it all in a month!). There is also a set of video lectures if you prefer. If you're keen on learning functional programming, another option could be to integrate that with your discrete maths studies by reading Thomas VanDrunen's Discrete Mathematics and Functional Programming (if the physical book is a bit expensive for you, there's also a cheaper ebook version available).
  
• For bonus points: learn to use either Vim or Emacs. There probably isn't a massive practical advantage to using these this early in your career (although they could certainly come in handy later), but if other students see you writing code in one of them, you'll look like an absolute badass. Your teachers will probably be quietly impressed, too.
  
  ​
  
  if you have any questions about my above suggestions, let me know, and I'll see if I can point you in the right direction.
  
  ​
  
  Good luck!

Programming is a tool. I suggest finding another interest that you can apply it to. Robots, graphics, music, animation, sports, economics -- the possibilities are endless. Pick your favorite area, look at what kind of problems there are in that area that people use programs to solve, figure out how those sorts of programs work, and try to solve some of those problems yourself.

A few interesting examples:

• Project Euler has a set of challenges relating to both math and computer science that will stretch you to learn more about both.
  
• Python Challenge is basically a series of puzzles that challenge you to do new and interesting things with Python. Granted, several of the puzzles are quite similar and some of the libraries they reference are deprecated, but it's a place to start for programming challenges.
  
• Programming Computer Vision With Python talks all about using programs to do things like find objects in pictures and track them even at different sizes and angles. Lots of great examples.
  
• Programming Collective Intelligence talks about putting together data from different sources (primarily websites) and finding patterns. It deals with many machine learning concepts in ways that are practical and interesting. Things like modelling and predicting, optimizing, clustering (finding similarities), searching and ranking, and pattern recognition.
  
• Arduino Robotics describes many robots you can build with relatively common parts that can be programmed using the inexpensive, C-based Arduino microcontroller platform. I've made several of these myself.
  
• Digital Signal Processing is all about writing software that takes advantage of advanced math to manipulate signals in many ways. It's invaluable for audio, but you see it used with graphics, digital communications, and many other areas.
  
• There is a subset of sports fans that really enjoy statistics and software can be very valuable for them. Things like comparing players across eras, predicting future performance, and helping to find high-value players. The general field is called Sabremetrics. I looked deep into it in relation to major league baseball. Two books that I found valuable are The Book: Playing the Percentages in Baseball and Baseball Between the Numbers.
  
• Programmable games are cool too. Things like CROBOTS, CoreWar, RoboWar, and Robot Game. It's just as fun building the simulation environment as it is building the bots that compete within them.
  
• Pick up any book on algorithms. Learn to apply the basics like binary search, insertion sort, radix sort, memoization and linear programming, Dijkstra's algorithm, and Newton's method for root finding.
  
• Grab another book on data structures. Make sure you understand the differences between arrays, linked lists, hash tables, and trees. Learn about unique and useful things like binary trees, radix trees, heaps, and queues.
  
• Learn how to write better code. I recommend books like Code Complete and The Pragmatic Programmer.
  
  Whatever you do, as you clearly pointed out, you have to be interested in it or you'll grow bored and give up. Find something that is interesting to you and pursue it as wide and deep as you can.

https://www.amazon.com/gp/aw/d/1449388396/ref=mp_s_a_1_1?ie=UTF8&qid=1472937169&sr=8-1&pi=SY200_QL40&keywords=hackers+levy&dpPl=1&dpID=51Pbo5LEbFL&ref=plSrch

Description
Amazon.com Review
Steven Levy's classic book explains why the misuse of the word "hackers" to describe computer criminals does a terrible disservice to many important shapers of the digital revolution. Levy follows members of an MIT model railroad club--a group of brilliant budding electrical engineers and computer innovators--from the late 1950s to the mid-1980s. These eccentric characters used the term "hack" to describe a clever way of improving the electronic system that ran their massive railroad. And as they started designing clever ways to improve computer systems, "hack" moved over with them. These maverick characters were often fanatics who did not always restrict themselves to the letter of the law and who devoted themselves to what became known as "The Hacker Ethic." The book traces the history of hackers, from finagling access to clunky computer-card-punching machines to uncovering the inner secrets of what would become the Internet. This story of brilliant, eccentric, flawed, and often funny people devoted to their dream of a better world will appeal to a wide audience.
Product Description
This 25th anniversary edition of Steven Levy's classic book traces the exploits of the computer revolution's original hackers -- those brilliant and eccentric nerds from the late 1950s through the early '80s who took risks, bent the rules, and pushed the world in a radical new direction. With updated material from noteworthy hackers such as Bill Gates, Mark Zukerberg, Richard Stallman, and Steve Wozniak, Hackers is a fascinating story that begins in early computer research labs and leads to the first home computers.

Levy profiles the imaginative brainiacs who found clever and unorthodox solutions to computer engineering problems. They had a shared sense of values, known as "the hacker ethic," that still thrives today. Hackers captures a seminal period in recent history when underground activities blazed a trail for today's digital world, from MIT students finagling access to clunky computer-card machines to the DIY culture that spawned the Altair and the Apple II.



Amazon.com Exclusive: The Rant Heard Round the World
By Steven Levy


Author Steven Levy
When I began researching Hackers--so many years ago that it’s scary--I thought I’d largely be chronicling the foibles of a sociologically weird cohort who escaped normal human interaction by retreating to the sterile confines of computers labs. Instead, I discovered a fascinating, funny cohort who wound up transforming human interaction, spreading a culture that affects our views about everything from politics to entertainment to business. The stories of those amazing people and what they did is the backbone of Hackers: Heroes of the Computer Revolution.

But when I revisited the book recently to prepare the 25th Anniversary Edition of my first book, it was clear that I had luckily stumbled on the origin of a computer (and Internet) related controversy that still permeates the digital discussion. Throughout the book I write about something I called The Hacker Ethic, my interpretation of several principles implicitly shared by true hackers, no matter whether they were among the early pioneers from MIT’s Tech Model Railroad Club (the Mesopotamia of hacker culture), the hardware hackers of Silicon Valley’s Homebrew Computer Club (who invented the PC industry), or the slick kid programmers of commercial game software. One of those principles was “Information Should Be Free.” This wasn’t a justification of stealing, but an expression of the yearning to know more so one could hack more. The programs that early MIT hackers wrote for big computers were stored on paper tapes. The hackers would keep the tapes in a drawer by the computer so anyone could run the program, change it, and then cut a new tape for the next person to improve. The idea of ownership was alien.

This idea came under stress with the advent of personal computers. The Homebrew Club was made of fanatic engineers, along with a few social activists who were thrilled at the democratic possibilities of PCs. The first home computer they could get their hands on was 1975’s Altair, which came in a kit that required a fairly hairy assembly process. (Its inventor was Ed Roberts, an underappreciated pioneer who died earlier this year.) No software came with it. So it was a big deal when 19-year-old Harvard undergrad Bill Gates and his partner Paul Allen wrote a BASIC computer language for it. The Homebrew people were delighted with Altair BASIC, but unhappy that Gates and Allen charged real money for it. Some Homebrew people felt that their need for it outweighed their ability to pay. And after one of them got hold of a “borrowed” tape with the program, he showed up at a meeting with a box of copies (because it is so easy to make perfect copies in the digital age), and proceeded to distribute them to anyone who wanted one, gratis.

This didn’t sit well with Bill Gates, who wrote what was to become a famous “Letter to Hobbyists,” basically accusing them of stealing his property. It was the computer-age equivalent to Luther posting the Ninety-Five Theses on the Castle Church. Gate’s complaints would reverberate well into the Internet age, and variations on the controversy persist. Years later, when another undergrad named Shawn Fanning wrote a program called Napster that kicked off massive piracy of song files over the Internet, we saw a bloodier replay of the flap. Today, issues of cost, copying and control still rage--note Viacom’s continuing lawsuit against YouTube and Google. And in my own business—journalism--availability of free news is threatening more traditional, expensive new-gathering. Related issues that also spring from controversies in Hackers are debates over the “walled gardens” of Facebook and Apple’s iPad.

I ended the original Hackers with a portrait of Richard Stallman, an MIT hacker dedicated to the principle of free software. I recently revisited him while gathering new material for the 25th Anniversary Edition of Hackers, he was more hard core than ever. He even eschewed the Open Source movement for being insufficiently noncommercial.

When I spoke to Gates for the update, I asked him about his 1976 letter and the subsequent intellectual property wars. “Don’t call it war,” he said. “Thank God we have an incentive system. Striking the right balance of how this should work, you know, there's going to be tons of exploration.” Then he applied the controversy to my own situation as a journalism. “Things are in a crazy way for music and movies and books,” he said. “Maybe magazine writers will still get paid 20 years from now. Who knows? Maybe you'll have to cut hair during the day and just write articles at night.”

So Amazon.com readers, it’s up to you. Those who have not read Hackers,, have fun and be amazed at the tales of those who changed the world and had a hell of time doing it. Those who have previously read and loved Hackers, replace your beat-up copies, or the ones you loaned out and never got back, with this beautiful 25th Anniversary Edition from O’Reilly with new material about my subsequent visits with Gates, Stallman, and younger hacker figures like Mark Zuckerberg of Facebook. If you don’t I may have to buy a scissors--and the next bad haircut could be yours!
Review
"A remarkable collection of characters . . . courageously exploring mindspace, an inner world where nobody had ever been before." -- The New York Times
About the Author
Levy is a senior writer for Wired. Previously, he was chief technology writer and a senior editor for Newsweek. Levy has written six books and had articles published in Harper's, Macworld, The New York Times Magazine, The New Yorker, Premiere, and Rolling Stone. Steven has won several awards during his 30+ years of writing about technology, including Hackers, which PC Magazine named the best Sci-Tech book written in the last twenty years and, Crypto, which won the grand eBook prize at the 2001 Frankfurt Book festival.
From The Washington Post
"Fascinating . . . A huge job hugely well done."

Good on you for looking to grow yourself as a professional! The best folks I've worked with are still working on professional development, even 10-20 years in to their profession.

Programming languages can be thought of as tools. Python, say, is a screwdriver. You can learn everything there is about screwdrivers, but this only gets you so far.

To build something you need a good blueprint. For this you can study objected oriented design (OOD) and programming (OOP). Once you have the basics, take a look at design patterns like the Gang of Four. This book is a good resource to learn about much of the above

What parts do you specify for your blueprint? How do they go together? Study up on abstract data types (ADTs) and algorithms that manipulate those data types. This is the definitive book on algorithms, it does take some work to get through it, but it is worth the work. (Side note, this is the book Google expects you to master before interviewing)

How do you run your code? You may want to study general operating system concepts if you want to know how your code interacts with the system on which it is running. Want to go even deeper with code performance? Take a look at computer architecture Another topic that should be covered is computer networking, as many applications these days don't work without a network.

What are some good practices to follow while writing your code? Two books that are widely recommended are Code Complete and Pragmatic Programmer. Though they cover a very wide range (everything from organizational hacks to unit testing to user design) of topics, it wouldn't hurt to check out Code Complete at the least, as it gives great tips on organizing functions and classes, modules and programs.

All these techniques and technologies are just bits and pieces you put together with your programming language. You'll likely need to learn about other tools, other languages, debuggers and linters and optimizers, the list is endless. What helps light the path ahead is finding a mentor, someone that is well steeped in the craft, and is willing to show you how they work. This is best done in person, watching someone design and code. Also spend some time reading the code of others (GitHub is a great place for this) and interacting with them on public mailing lists and IRC channels. I hang out on Hacker News to hear about the latest tools and technologies (many posts to /r/programming come from Hacker News). See if there are any local programming clubs or talks that you can join, it'd be a great forum to find yourself a mentor.

Lots of stuff here, happy to answer questions, but hope it's enough to get you started. Oh, yeah, the books, they're expensive but hopefully you can get your boss to buy them for you. It's in his/her best interest, as well as yours!

> Could you please go more in-depth on what you mean by seeing how the components work in harmony and understanding the needs of the different ones?

The absurdly short and easy for me response is:

https://www.amazon.com/Network-Warrior-Everything-Need-Wasnt/dp/1449387861

https://www.amazon.com/Practice-System-Network-Administration-Enterprise/dp/0321919165

The longer and more useful response would best be shared in a pub, assisted by frothy adult beverages of wisdom.

But, I'll give it a shot using the restrictive written word as a medium.

The CCNA certification will teach you the fundamentals of network design & configuration.
The MTA or MCSA certifications will teach you the fundamentals of Windows client and server design & configuration.

But what they don't tell you is when is a Catalyst 2960-series switch the right tool for a task, and what is something beefier like a Nexus 3K or 5K series device the more appropriate tool.

The driving factors behind appropriateness is in the details of the requirements.

Client devices (if we ignore WiFi) seldom have redundant network connections.
So laptops & desktops do not require redundant Layer-1/2 connectivity.
But all servers have, or should be equipped with redundant NICs, capable of some form of teaming configuration to form an active/active, or active/passive redundant team. The LAN solution must be compatible with this.

Then traffic volume. Client devices do not generally require frequent, sustained high volume network flows. Most client systems burst occasionally while they open a file, then settle back down to idle-chatter as they check e-mail every minute or so.

Some servers, like a DNS server receive never-ending, continuous bursts of small packet exchanges. Ass-loads of them. From thousands of source-addresses. Just a dozen packets in the conversation, which is then broken down and ended - conversation over.

Other servers, like a Hadoop cluster-member will chuck along fairly-quietly for short to medium periods of time, then engage in massive, sustained bursts of replication traffic or query exchanges.

Small, short conversations do not require extensive network buffering capability, and are not generally latency-sensitive. So general-purpose LAN hardware might be an appropriate tool for the job.

But very heavy workloads, or loads that ARE latency-sensitive (High Performance Computing, for example) might demand specialized network hardware designed for such activities.

-----

Beyond the network, one must understand the application workloads.
Some applications or systems might make ass-loads of DNS lookups.
A DNS query is not a complicated, or network-capacity intensive workload.
But if you know the application will be doing it, and will benefit from low-latency access to a DNS server, deploying an additional DNS server very close to the application might make a lot of sense.


-----

> There is one other school I have been considering. <AAS @ Green River>

I roll my eyes at the inclusion of CompTIA A+ material in a college curriculum.
That just strikes me as such a trade-school topic.
It's not bad material, but its like learning to change automotive oil as part of a mechanical engineering curriculum.

I see two Linux classes and two Network classes, so those things make me happy.
But I don't get a sense that this degree will transfer well.
I see things that should make you employable though.

The A+ cert won't get you a guaranteed job.
But the A+ and Sec+, combined with that array of associated educational topics should prepare you to hold your own in a reasonable interview.
Nothing is guaranteed, but that should be adequate.

-----

> How do you feel about a Business Degree with an (M)IS major vs a Bachelors of Science in Information Technology (maybe with a business minor)?

No objection from me on these degrees. Some of them do a better job of making sure you can see & speak-to the bigger picture, or higher altitude view of why these IT systems are important to the business.

IMO: Project Management is NOT an early-career role, but Systems Analysts, as players on a project team is certainly something early-career staff can perform.


> Do you think having a BBA would be detrimental for a career in technology?

Nope. knowledge trumps education.

> I hear some people say that MIS degrees aren't technical enough, or that they have a hard time finding a job after graduation.

Well, an MIS degree probably isn't technical enough for some job roles or position descriptions.
But an MIS degree with a CompSci minor might do the trick, for some roles.

But let's be honest, an MIS degree, all by itself is not the right degree for a position like "Lead Enterprise Architect for Mobile Application Development".

But an MIS degree, plus 9 years of experience developing software might be the right combination of education & experience for that role.

Let's also look at MIS v/s CS and IS/IT objectively, analytically.


Every single student in a college or university damned well knows that a CompSci degree is a fast-path to stable employment.
It's not quite a golden ticket for fame & fortune, but its among the most in-demand and immediately employable degrees available.

Employers & recruiters / placement agencies are actively searching for graduates that can survive a basic interview without drooling on themselves or sexually assaulting the recruiter.

There is a fixed and steady pipeline for CompSci graduates.

But CS includes a lot of big scary math, some of the biggest math requirements for any undergraduate degree track. And this scares away a lot of applicants.

A pecking order of "CompSci-light" degree options forms up, with these students all trying to get a degree that qualifies them to attend the Technology career fair, but protects them from evil math.

InfoTech, with it's focus on the nuts & bolts of operating systems, databases, networks & security proudly in a top-level tier beneath CompSci, and Computer Engineering. We rub elbows with Software Engineering grads who swear SoftEng is better, & more useful than CompSci.

InfoSystems, is watered-down InfoTech with more database and business-focus, and fewer nuts & bolts courses.

Management Info Systems is even more watered down technology material, with even more emphasis on business administration & data.


IS & MIS ARE useful degrees, and those roles ARE truly beneficial to the organization.
But the pipeline is smaller for those degrees within the Technology Career Fair.

But here is the fun fact for IS and MIS degrees:
They can attend the non-technology career fair if they want to.

IS & MIS might not have been highly in-demand at the technology career fair, but you have a whole different recruiting team with a completely different variety of slots to fill at the non-tech fair. IS & MIS starts looking much better & more attractive in this environment where they are actually hiring more project managers & analysts as opposed to developers & engineers.

-----

Some colleges, especially community colleges might only have a single career fair, but the concept still applies. MIS is valid for both technology and non-technical (less-technical) positions.

When I was 15, my uncle got me a summer job on the landscaping crew for the hospital he worked at. At six feet and two hundred twenty pounds I was physically capable, but I was still a kid out there with the grown men. The summer was full of hot, sweaty triple digit days with lots of lawn mowing, weed eating, raking, gardening, and planting. It sucked. Many time I'd hear the men I worked with say, "You'll never catch me in any office! I love being out here in the fresh air!" Frankly I thought they were nuts. This was about the moment in my life when I decided my future work environment was going to have full time A/C, a water cooler, a big comfy office chair, and unmonitored break times. My uncle did me a solid that summer, and that's what I'll try to for you now.

​

If your goal is a paying job in cybersecurity, here is your blueprint for the first two to three years. Advanced math and programming skills are definitely not needed, math was my worst subject in school by far. College degree also not needed, my best friend is literally a high school dropout and he makes $150K as an AWS cloud architect for NASA, no BS. Intelligence is also helpful but not absolutely critical, I worked at IBM for five years with a woman that could not have been more average in every way. The only thing she was exceptional at was taking notes, any time she or anyone else did something it went in her notebook. If she need an answer for a problem later, she'd look in the notebook. Advanced equipment is not necessary, a second hand laptop and cable modem speed internet connection should be more than sufficient. Frankly, the "what to do" is the easy part. Actually sacrificing hours a day to learn the skills and execute the career plan is the hard part. By far the most important trait is determination, just a refusal to give up. Remember, if it was easy, everyone would do it.

You should be aiming to eventually get a position as a Security Operations Center (SOC) analyst.

A SOC analyst position gives you some insight into a whole range of different information security problems and practices. You'll see incoming recon and attacks, your org's defenses and responses, and the attacker's counter responses. You'll get experience using a SIEM. You'll become familiar with all of the tools in place and start to figure out what works and what doesn't. You'll learn the workflow of a security team and what the more senior engineers do to protect the enterprise. After a couple of years, you'll probably have a much better idea about your own interests and the path you want to pursue in your career.

​

Here's how you get there:

​

Step 1: Get the Network+ certification (Skip the A+, it's a waste of time for your purposes). You MUST understand IPv4 networking inside and out, I can't stress that enough. A used Net+ study guide on Amazon should be less than $10. Professor Messer videos are great and free: https://www.youtube.com/user/professormesser

​

Mike Meyers has about the best all in one Network + book out right now, you can get that from Amazon. You can also check out Mike Meyers' channel on Youtube, he has a lot of Network+ videos: https://www.youtube.com/watch?v=TcIV\_qc-eOU

​

Step 2: Start learning some basic Linux. The majority of business computing is done on a unix type platform, this will not change anytime soon.

​

For Linux, I'd highly recommend "Unix and Linux System Administration Handbook" by Evi Nemeth, et al. The information is presented in a way that is comprehensible to regular people. You can get a used copy of the fourth edition for about $15.00. The second edition got me through my first three jobs back in the day :) https://www.amazon.com/UNIX-Linux-System-Administration-Handbook/dp/0131480057/ref=sr_1_fkmrnull_1?keywords=evi+nemeth+4th+edition&qid=1551450119&s=gateway&sr=8-1-fkmrnull

​

Step 3: Get a techie job, probably in entry level tech support or helpdesk. You have to do a year or two here to get some practical experience.

​

Step 4: Get the Security+ certification.

​

Step 5: While in your tech support job try to do every security related task you can.

​

Step 6: Attend Bsides conferences (very cheap), there is almost certainly one within a couple hours of you. http://www.securitybsides.com/w/page/12194156/FrontPage

​

Step 7: Join a local hackers group similar to NoVA Hackers or Dallas Hackers.

​

Step 8: Network with everyone you can at security conferences and in your hackers group.

​

Step 9: After you get those certs and some technical work experience, apply for every SOC position you can.

​

Step 10: Take the free online Splunk class while you're waiting.

​

Step 11: Keep going until you get that SOC analyst job.

​

Guess what, you're an infosec professional!

​

That SOC analyst job should pay between $50K and $60K. You'll stay there for a year to eighteen months and get a couple more certifications, then leave for a new job making $75K to $85K. After five years in the tech/cybersecurity industry you should be at $100K+.

​

Feel free to PM me with questions.

While being a self taught sys admin is great, learning the internals of how things work can really extend your knowledge beyond what you may have considered possible. This starts to get more into the CS portion of things, but who cares. It's still great stuff to know, and if you know this you will really be set apart. Im not sure if it will help you directly as a sys admin, but may quench your thirst. Im both a programmer and unix admin, so I tend to like both. I own or have owned most of these and enjoy them greatly. You may also consider renting them or just downloading them. I can say that knowing how thing operate internally is great, it fills in a lot of holes.

OS Internals

While you obviously are successful at the running and maintaining of unix like systems. How much do you know about their internal functions? While reading source code is the best method, some great books will save you many hours of time and will be a bit more enjoyable. These books are Amazing
The Design and Implementation of the FreeBSD Operating System

Linux Kernel Development
Advanced Programming in the UNIX Environment

Networking

Learning the actual function of networking at the code level is really interesting. Theres a whole other world below implementation. You likely know a lot of this.
Computer Networks

TCP/IP Illustrated, Vol. 1: The Protocols

Unix Network Programming, Volume 1: The Sockets Networking API

Compilers/Low Level computer Function

Knowing how a computer actually works, from electricity, to EE principles , through assembly to compilers may also interest you.
Code: The Hidden Language of Computer Hardware and Software

Computer Systems: A Programmer's Perspective

Compilers: Principles, Techniques, and Tools

That's a good setup you have going on, honestly. If you're looking for more resources, I can think of a few resources to supplement what you're already reading/doing

The Tangled Web - https://www.amazon.com/Tangled-Web-Securing-Modern-Applications/dp/1593273886

SQL Injection Attacks and Defense - https://www.amazon.com/gp/product/1597494240

Hacking Exposed: Web Application - https://www.amazon.com/HACKING-EXPOSED-WEB-APPLICATIONS-Edition/dp/0071740643/

https://pentesterlab.com/bootcamp - At this point, you can probably filter out what's relevant to you or not, this will map out other topics related to what you need to know, and may fill in any gaps you have at this point.

OWASP - https://www.owasp.org/index.php/Main_Page [Borderline vital to web app exploitation, Highly recommend if you haven't explored this site yet]

Now, the books and study materials are nice and all, but the most important thing is practical experience, and I see you've identified that by engaging yourself in DVWA. A few additional hands on labs you could dive into are vulnhubs that target the web (Broken Web Applications Project by OWASP is a must):

https://www.vulnhub.com/?q=Web&sort=date-asc&type=vm

Wargames (Overthewire / Smashthestack):

http://overthewire.org/wargames/natas/

SecurityInnovation (canyouhack.us):

http://canyouhack.us/ - It will start off with web challenges, feel free to stop when it starts getting into binary exploitation. What you've learned up to this point should carry you through the web application portion of this challenge, although some lateral thinking is required, which is also a skill you'll need for the GWAPT.

Google-Gruyere - https://google-gruyere.appspot.com/

Since you stated that you were going through the WAHH book, the labs over at mdsec may be a good investment for you at this point to follow along (although not exactly required if you properly use the resources above)

http://mdsec.net/labs/

https://www.wechall.net/challs - Again, filter out what you need to practice here. Lots of good challenges for multiple different areas of study.

CTF's: Be on the lookout for CTF's on http://ctftime.org and put a focus on the web challenges. These challenges will encourage lateral thinking like the securityinnovation challenge.
http://shell-storm.org/repo/CTF/ is an archive of older CTF's if you're having a hard time finding upcoming CTF's with good web exploitation sections. In my opinion, CSAW is especially good when it comes to web challenges, but check most of them out if you get time.

Another recommendation to you is to develop a decent understanding of how a web application is structured. It becomes easier to visualize how to attack a web application, when you can engineer one. So I will recommend that you learn:

HTML/CSS - don't spend way too much time on this, codecademy should suffice here

Javascript: The source of the client side exploits you will find in the future. Get your feet wet in javascript via codecademy, and progress further.

PHP: Source of the majority of server side exploits you will find (RFI/LFI, SQL Injection, etc). As with javascript, get your feet wet through codecademy, and try to progress further from there.

SQL: Important to know for SQL Injection. PHP is responsible for the implementation that leads to SQL Injection, but you should really know SQL to actually manipulate the DBMS to your needs.

With the web languages I listed, the end goal for you, should be to identify vulnerable source code, as well as being able to intentionally develop vulnerable source code, and fix it.

At this point, you should be relatively comfortable with the concepts covered in the GWAPT, however if not, take a look at the bulletin/syllabus of the actual exam, and individually research each topic.

http://www.giac.org/certification/web-application-penetration-tester-gwapt

Looking at the syllabus for the actual course that maps to GWAPT may provide some insight as well.

https://www.sans.org/course/web-app-penetration-testing-ethical-hacking

Hope I was able to help. Best of luck to you, and if you have any questions, feel free to let me know.

The usual advice is "get out and program!" and that works, but it can be very tricky coming up with something to write that's also satisfying. The idea is that you learn best by doing, and that many topics in programming can't really be learned without doing. All that stuff is true and I'm not denying that at all, but some of us need more. We need something juicier than spending hours configuring a UI for a project we couldn't care less about. It shouldn't be an exercise in masochism.

I guess what I'm saying is that there are a lot of ways to learn to write code and books are great if you can really sink your teeth into them (a lot of people can't). Code Complete is a great book on the practice of programming. You also say that you "get" OO pretty well, but it might open your eyes to read up on design patterns (e.g., Head First Design Patterns). You have a long way to go before you really get it

In addition to those, you could delve deeper into your languages of choice. There's no way around JavaScript if you're a web programmer, and a book like JavaScript: The Good Parts is pretty enlightening if you've got some experience in JavaScript already. It's a pretty interesting and unusual language.

But sometimes programming is about building gumption, so instead of just being practical, try to figure out what you like about computers and keep going deeper into it. If you have an interest in computer science and not in just building apps, then something like Structure and Interpretation of Computer Programs could instill in you an enthusiasm for computers that trickles down to everything else you do. If you're more interested in web design, there are probably similarly interesting books on artistic design principles.

I think what I'm ultimately saying is that you should find what you enjoy doing and just go deeper down the rabbit hole, getting your hands dirty when it's appropriate and interesting.

Heh, sure.

A lot of people are fans of Code Complete. I tried reading it after being in industry for a decade, and I found it to be very dry and boring. The general consensus from people that I've talked to is that it's more useful when you're just starting out. Maybe I just came to it too late.

A better book (in my opinion) in that same vein is Clean Code. Clean code is shorter, more focused, and has better real-world examples. It feels less "complete" (hue hue) than Code Complete, but to me, that's a strength. As a quick point of comparison: Code Complete devotes 32 pages to the chapter on identifier naming; Clean Code devotes just 14.

I got a lot out of Design Patterns. I seem to recall that the pattern fad was in full swing back when I read this in 2005-ish. I think I had independently discovered some of the patterns already at that point, but this book helped me to codify those ideas and also showed me some new ones. Some of these patterns are now seen as antipatterns (I'm looking at you, Singleton!), and all of the patterns have an object-oriented bias. But there's still something useful in the pattern language, and this book is a reasonably comprehensive start. The book is somewhat dry, and some people report that Head First Design Patterns is a gentler and friendlier introduction. Head First Design Patterns hits the essential patterns, but misses a lot of the less popular ones.

Eventually, you'll need to work in a codebase with some technical debt. Maybe it's debt that somebody else put there, or maybe it's debt that you introduced. Working Effectively with Legacy Code is still my go-to recommendation. It defines technical debt as code that is not under test, it introduces the idea of "seams" that you can use to pry apart code that's too tightly coupled, and it then provides a cookbook of specific scenarios and reasonable approaches.

If you're looking for thought-provoking videos, I recommend anything by Rich Hickey. I don't know if I've watched all of those, but I remember good things about Hammock Driven Development and especially Simple Made Easy.

Get comfortable with a source control system. I didn't use source control in college, since it wasn't needed for any classes, and that was a missed opportunity. The whole world loves Git, so you'll probably want to learn it if you haven't already. But I'll also toss out a recommendation for Mercurial. I haven't used it in years, but I remember finding it to be quite good.

Good luck!

Okay then. I'm glad that you have a can-do attitude and sound hungry. First let's get something settled. You're nearly as high up in the certifications chain as you can be with Microsoft and you're noticing it's not getting you the places you need to go. This is a supply and demand problem. Employers can get people like you on the cheap from contracting agencies, and often they needn't even be in the united states. You need to increase your value. Here's what you do, you're going to dive in head first. There are two distributions of Linux that are widely known to have some level of enterprise support, which means enterprises (the companies that will pay you lots of money) will be attracted to them. These distrubutions are Red Hat Enterprise Linux (RHEL) and Ubuntu Server Edition. I recommend that you start with Red Hat, but not necessarily because it's a better distro but because they have a well-designed certification program.

• Subscribe to /r/linuxadmin
  
  
• You're currently using Windows. This is going to be extremely uncomfortable for you at first but you will need to start using Linux on the desktop, and this shouldn't be your side project, this should be your daily laptop you rely upon for everything. There are two distributions that match RHEL exactly in every way but remove the redhat enterprise stuff so you don't have to pay for a license. These distros are Scientific Linux and CentOS. They're both fine to use for the desktop, i'd recommend going Scientific just a matter of personal preference.
  
  
• I typed the previous because of some encounters I've had with Windows admins who have been forced to learn the bare minumum of linux and hated it. They installed it on some ancient piece of crap computer or just on a virtual machine on Windows. They didn't have to rely upon it and therefore learned basically nothing. Linux isn't a toy for you to play with on the side, it's your primary computer now. I cannot stress enough how important this is if you are going to be successful. Sometimes things aren't going to work and you're going to have to figure it out.
  
  
• Go to IRC on Freenode when you have questions and can't find the answers from googling, there are general ##linux channels but there are also ones more specific to your distro like #centos or what you are trying to accomplish like #bash or #nginx
  
  
• From your linux laptop set up VM's there for your research. you can use virtualbox for a straight VM or it would be much more career relevant to learn how to use docker. You can also get a small number of free AWS machines in their free teir program.
  
  
• Your goal is to obtain an RHCE. Red Hat Certified Engineer. As a prerequisite, you will need an RHCSA, a Red Hat Certified Systems Administrator.
  
  
• It seems that now even every linux bash command has a video for it on youtube. There's a ton of resources on youtube now for linux training. Utilize them.
  
  Books
  
  
  • Red Hat RHCSA/RHCE 7 Cert Guide: Red Hat Enterprise Linux 7 (EX200 and EX300)
    
    
  • How Linux Works: What Every Superuser Should Know
    
    
  • Classic Bash Scripting
    
    Start drilling yourself. There's another less impressive certification called the LPIC which has three tests, there's sample tests all over the web for free, i recommend taking them often and when you don't get a question correct go into your VM and use what you were asked
    
    
• With linux you have the ability to, for free, set up any number of web servers, databases, authentication services, filesystems and security features. The only way you are going to learn is by doing, check out this post which is basically an outline of setting up every major system for an enterprise environment running 100% on linux. You could build up an entire company's infrasructure by learning how to do this, with no software licensing costs whatsoever.
  
  Pick a language, I recommend first getting really good at BASH then Python.
  
  Don't stay at jobs. We get raises by moving to new companies. Your median stay should be about 18 months if it seems like you've topped out. Don't be afraid to GTFO of Florida. I stayed close to home for too long and wasted a lot of time limiting myself in the Midwest. If you are able to relocate and have an RHCE i guarantee your salary will double in 3 years. DOUBLE. And it will keep increasing. And you'll be working on way more interesting stuff.

I'm going to go against the grain here with my recommendation. I'm a guy who was in a similar position years ago. I've since transitioned from web development to game programming and have working knowledge of 7+ languages.

Dude, don't sweat these feelings you're having. You're just at a wall. We all reach different kinds of walls in this career and they're really the best thing ever. It means you're about to jump ahead in skill by at least 10x. You just got to find the trigger for it. Be patient and try different things. Go check out Udacity and do some courses on there. Also this is the time to start reading books. Not just any cheap book you find. Good books that will give you the perspective of an industry professional. Books like JavaScript: The Good Parts, Code Complete, The Pragmatic Programmer, or The Little Schemer. Also it doesn't matter what language the books are in to enjoy it. 98% of all programming languages are the same anyways, which you'll soon learn. For the most part, they just have moderately different ways and syntax to do the same thing.

I would recommend not switching platforms from the web. One of the most important skills guys like us can have is seeing where technology is heading and betting on the right horse. It's very clear that webapps are going to be even more important in the future. You can already make desktop apps with web technology naively in pretty much all major OSs now.

I say learn JavaScript front and back. Read JavaScript: The Good Parts and JavaScript: The Definitive Guide cover to cover. Once you learn JavaScript it'll be very easy to transition to any C-based language, which is most of them. In fact I credit JavasScript for giving me the basics to jump to just about any language comfortably and pick it up in a few weeks.

After that, learn a good server side language like Java, Python, or C#. (C# is in very high demand, and has many applications) Or learn all three and you'll be very well positioned career wise. Well, make sure to get some experience with SQL too for good measure.

Also if you want to have a good challenge instead of being bored on those easy things, like drawing shapes, why don't you try Udacity's fine WebGL course? Jumping in the deep end isn't bad as long as you don't expect it to be easy.

Part of me wants to say just do it. The course starts at a beginner level, but bear in mind that most people, myself included spend between 2-4 weeks of the precious lab time doing the course. Unfortunately there is no way to get the course material ahead of time, so factor that in when choosing how much lab time to prepare.

Having said that, I highly recommend reading Georgia Weidman’s book prior as this covers a lot of the same material as the PWK and is a great way to prep for the coursework so some of the ideas presented are not completely new to you

https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641

Depending on your ease with programming, you may want to bone up on some python fundamentals as well. I did about 1/4 of this Udemy course before starting

https://www.udemy.com/the-modern-python3-bootcamp/learn/lecture/7991038#overview

Here’s a great guide from Abatchy on OSCP Prep, although a lot of the stuff he discusses in the guide are covered in the OSCP course

https://www.abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob.html

There is also a YouTuber named IPPSEC that does video walkthroughs for retired Hackthebox machines. some of the machines are very CTF like, so Just watch the OSCP Like ones in this playlist.

https://www.youtube.com/playlist?list=PLidcsTyj9JXK-fnabFLVEvHinQ14Jy5tf

Finally, if your willing to shell out some money, 30 days on Virtualhackinglabs.com is a great way to practice. Their course is very OSCP like and a good way to jump right in.

https://www.virtualhackinglabs.com

Of course Hackthebox is always a great resource to practice your pwnage skills.

https://www.hackthebox.eu

Don’t feel like you have to do ALL of this before the OSCP, the list I gave is pretty much every resource outside of the PWK course I used to pass the exam.

If you only did one thing before you start the course, Definitely read Georgia’s book. Everything else can be used in conjunction with the course if you need extra help.


There is also an active discord channel for PWK students, use it!

I’ve been working on this for a while, so I might as well drop it here. It should provide an authoritative answer for “How do I get started in CyberSecurity”

Before I get started, there are a few things I need to explain about cybersecurity - There are a ton of different areas of “CyberSecurity”.

This post is specifically catered around the core concepts of cybersecurity.

The most basic thing you need to understand about cybersecurity: It revolves around stuff communicating with other stuff. Anything from side-channel attacks to large-scale DDoS’ - stuff is insecure because stuff communicates with other stuff. Communication can be hard understand and even harder to define (let alone secure). I know this is a very vague statement, but it’s one of the core, fundamental concepts of cybersecurity.

The second most basic thing about cybersecurity you need to understand - “hacking” (I hate that word) as it’s known is not some bond-villain type activity. It’s intentionally mis-using something that already exists in a way that introduces a security flaw into the environment. Sometimes the right circumstances line up and this flaw can be leveraged into something, but sometimes it can’t.

I split up my resources into offensive-based and defensive-based because it’s important for you to understand that while each of these groups are individually important, each knowledge area is not as effective without the an understanding of the other one.

One other thing to note - Certifications are great, but you need to de-couple the idea that certifications=knowledge/skills in this field. There are certainly certifications that break out of that mold, but for the most part, this holds true. I’ve ordered them in the order in which I used/learned with these resources, so you can follow-along directly in order (if you want to). I learned offense first, so that’s the way I’m laying it out here.


Offensive-Based:


I started my career in InfoSec by studying for the most basic, foundational certification: The Security+. This is the best beginner-level cert that says “I know something about security.”

I learned by going through Professor Messer’s entire course, and I felt pretty ready after I went through it all. Here’s the link to his Sec+ course

Now, lets get into some practical stuff. OverTheWire. These are war-games, or CTF’s - challenges designed to test your practical ability in security, but also designed to help you learn new things. CTF’s are the absolute best way I’ve found to learn security. Here’s the link to OverTheWire in case Google is down. If you get stuck, here are some helpful write-up’s.

Do them in this order:

• Bandit
  
• Leviathan
  
• Natas
  
• Narnia.
  
  At this point, you should be set to start with the books and Hacking Labs.
  
  
• Penetration Testing (Book, Follow-along labs)
  
  
  
• Hacking, the Art of Exploitation (2nd Edition, Book, follow-along labs)
  
  
  At this point, I’d recommend going for another certification - CEH. Once you have the CEH, you’re ready to move into more practical-based certifications. Here's what I used to learn and practice the CEH:
  
  Now, lets get into some more practical exploitation. PentesterLabs focuses a bit more on WebApp stuff, but I’ve found its the best intro-environment (as it is relatively scripted scenarios, and you don’t have to do as much recon). They're fairly explanatory, and will walk you through the solution if you get stuck.
  
  
• PentesterLabs
  
  
  Next, lets get into HackTheBox (Exploitable virtual machines, ranging in difficulty. You’re going in mostly blind here, so you have to do your own recon and enumeration): HackTheBox
  
  Here are some helpful write-ups (Written Explanations):
  
  
• GitHub
  
  
• 0xRick Webiste
  
  Also, there’s some super awesome video explanations by IppSec
  
  
  After you get through most of these, you should be set to start on your OSCP. The OSCP contains a course (Penetration Testing with Kali), a lab environment (~50-60 vulnerable boxes), and a practical lab test at the end. OSCP
  
  After you’ve completed the OSCP, then you have enough knowledge to continue directly down the cert path, and the courses (in combination with the certs) put out by Offensive Security contain enough good content to where you don’t have to study other resources. The certification path from here on out splits into two different areas: Technical, and management.
  
  
• Technical:
  
  • OSCE (OSCP 2, basically)
    
  • OSWE (OSCP but for web exploitation)
    
  • OSEE (OSCP 3, really fucking hard).
    
    If you’re at this point, getting past the OSEE, you can pretty much walk into any offensive-based job, slap you’re cert on the table, and they’ll hire you. You don’t need my help anymore here.
    
    Now, here's the management path:
    
    
• Management:
  
  • CISSP
    
  • PMP
    
  • MBA
    
    Having the technical background of the OSCP, plus a CISSP, PMP, and MBA would create an extremely potent executive - one who can understand the technical details and risk, and who then could translate that into verbiage that other executives could understand.
    
    
    So, you’re overall standard security offensive certification path should look something like:
    
    
• Security+
  
• CEH
  
• OSCP
  
• OSCE
  
• OSWE
  
• OSEE
  
  OR
  
  
• Security+
  
• CEH
  
• OSCP
  
• CISSP
  
• PMP
  
• MBA
  
  Now, for the Defensive-based side.

Hey /u/Xerack! I'm the original author of the post linked here.

Appreciate the feedback! If you think I could clarify anything better, please let me know.

As far as resources for Reverse Engineering, I can provide you with a baseline that I would recommend starting with.

x86 Assembly:


If you don't know assembly language at all, this list of videos was where I picked up a decent amount of x86 assembly language.


A few good books would be:

• Hacking: The Art of Exploitation I am a huge advocate for this book. I learned a lot from this and have read it multiple times. It is written very well and teaches someone with no experience how to do C programming and assembly. This is mainly a book for learning exploitation/vulnerability research, but that can play hand and hand with Reverse Engineering. It will show you the assembly language break down of basic exploits and this can help you with RE.
  
  
• Practical Reverse Engineering I read through the beginning of this book and it gave me some good foundations of understanding memory and computer architecture for RE along with assembly of course
  
  
• Secrets of Reverse Engineering This book is a bit in depth, but the beginning gives another good foundation for Comp Architecture and assembly stuff.
  
  
• The IDA Pro Book Haven't personally read this book yet, but I have been told it is the defacto standard for learning IDA Pro, and it has examples you can learn from.
  
  Hands On:
  
  
  
• Legend of Random Very useful hands on with tutorials. Mainly based on cracking, but that requires reverse engineering. Highly recommend this!
  
  
• Lenas Tutorials Again, another awesome hands on tutorial, mostly based on cracking as well.
  
  
• Crackmes These are more of challenges once you start to have a little understanding down
  
  Courses:
  
  Tons of courses on youtube. I learn well from visual, so I recommend these youtube videos:
  
  
  
• Basic Dynamic Analysis
  
• Real World Decompilation There are a few videos to this series and he disassembles a game, definitely nice to learn from.
  
  
  Beyond that, Google will always be your friend, and /r/reverseengineering. I also have a bunch of material for Malware RE, but that's a bit different than Software RE, though it is relatable.

Hey /u/Dude_with_the_pants! So this is a wall off text now that I've written it..sorry about that but honestly when I start talking PowerShell I can go on forever (as my peers at work can attest). So I hope this is kind of useful for you.

So you're looking for some real-world examples...so here goes from where I sit. I've been using PowerShell since it was in beta...so a long time. Prior to PowerShell I was a point-n-click guy. No scripting experience (beyond embarrassingly bad batch files). I'd open VB scripts and kind of zone out. PowerShell really opened a door for me. For the past 20 years I've been working for some really large companies (5,000 - 160,000) as an Exchange\AD guy with my current stint...about the last 13 years or so, I've worked for the same company. This has been an evolution of sorts, but ever since PowerShell v1.0 dropped in my lap during the Exchange 2007 beta I was hooked and started to automate and built tools.

This was a long time ago now, so my skills and uses have matured quite a bit (at least I'd like to think so). Looking through this thread you've already gotten a lot of really good responses. In terms of using PowerShell and where to start I like what others have said. When you reach for the mouse and start clicking on stuff to complete a task, note somewhere what that task was and then when you have down time, look up how to do it with PowerShell. Odds are really good, especially now, that there is a way to do it with PowerShell. If I may be so bold, but I'd recommend taking a look at Learn Windows PowerShell in a Month of Lunches. I recently did a manuscript review of it for the publisher which required me to slowly read through every single page. It's a good staring point and I highly recommend it.

That all said, daily PowerShell usage.. So I've spent the last decade automating and tool-making which my employer has really taking a liking to (not sure why, but I enjoy myself). Here are some examples of what I've done with PowerShell:

• Designed a centrally managed PowerShell console that is extended by custom functions that various IT teams manage. When I user logs in to my custom PowerShell console it looks over what groups they're a member of and customizes they're PowerShell environment based off that. This includes loading custom modules, establishing remoting connections to Exchange\Skype, and so on. Currently used by ~100 or so IT folks. I built this, in my free time, about 6 years ago after I was tired of seeing everyone doing things differently (and inefficiently) and pointy-clicky on things when I knew I could make it faster for them.
  
• When ever a user changes their password I have an hourly script which detects that change and notifies them via email as well as SMS that their password was changed and gives them some steps on what to do (such as change their password on their mobile devices and such).
  
• Designed a PowerShell, PHP (for PowerShell backed web services), & PSSQLite architecture (thanks /u/ramblingcookiemonste!) which I've used to link together separate Active Directory forests and track various acquisitions. Basically this system tracks groups (and their memberships), users, and computers as they are migrated from one forest into the other. We do a lot of ..ahem.. acquisitions so this is a HUGE time saver. For example, when the project manager for an acquisition needs an update on what percentage of an office has migrated to our forest instead of hounding me (or the tech lead who is running an acquisition) they can just view a few web pages to get the info they need. No more bugging me so I can get back to my code! Did this in my spare time so the PM's would leave me alone...and it worked...so much so they asked for an official framework which I'm working on still.
  
• I have a suite of tools that I wrote which query Splunk's REST API to pull data out for various tasks. For example, not long ago I was asked to provide a detailed report on the exact last logon time for approximately 300 people...who were no longer in our AD. My Splunk module made quick work of that. Took me about 10 minutes to get that info for the auditors. In the old days this kind of request would make me cry.
  
• A long time ago we used to have real pains over unused accounts (both users and computers). I wrote an automation process which completely automates the detection of stale\unused accounts and send them through a workflow that I designed so that they are first identified, their contacts notified (manager..if they're a user, or admin contact if they're a machine), then they are disabled, and then eventually deleted after further notifications. All automated so I (or my peers) need to worry about it.
  
• We don't use Active Directory for DNS, and so I had to write a tool which interrogates our DNS system to pull out subnet info (new subnets, changes, and deletes) and then pass that into Active Directory. This also heavily uses PSSQLite...I might be a little obsessed with this little database technology. With this I don't need to worry about what subnets are (or are not) in AD and if they're associated with the right AD site. Quite a few teams are quite happy with my tool, in particular the software distribution team as they're tools can now properly work with clients and find them in the right AD site.
  
• By far my more heavily used tool is a directory searching tool. See where I work we don't have just AD (~140 DC's I might add), but other LDAP based directories and we needed a tool that could search any of them. Instead of having 15 ways of getting at that data I have 1. A single module where I can pass in a few basic parameters and get my LDAP query back.
  
  For day-to-day stuff, not long ago I needed to query the Windows time configuration status of all our domain controllers. Using remoting this was trivial. If you had 2 DC's then I guess it isn't a big deal, but for us fanning out through remoting to audit this data is absolutely necessary. I find remoting is a quality of life kind of thing. Yes I could RDP into something, but 9/10 times it is way faster to just run
  
  Invoke-Command -ComputerName machineName -ScriptBlock {do something}
  
  So day-to-day, for what I do, I'm honestly writing tools or working in automation projects 90% of the time. I only get into the shell to do something if something is really broken and none of my automation tools have already handled it. Not everyone has that luxury (and it is btw). If I was you I'd look for every opportunity to learn how to do stuff with PowerShell. I think you'll find that in most cases it will free you up to do other things. It'll be awkward at first as you fumble around, but you'll soon find ways to speed things up.
  
  I wouldn't be too obsessed with just looking at remoting stuff. It's true that this does expose some of the power of ..well.. PowerShell, but there is sooo much more to it. Look for ways to improve your daily life. Jot down the stuff you do a lot (and repeatedly). Those are your prime targets. It could even be something as simple as processing your mail in the morning. If there are certain patterns you follow and do a lot of...you can absolutely hook in PowerShell into that too if writing Outlook rules won't do what you need (I've done this too).
  
  Good luck and happy shelling!

The jQuery documentation is very, very helpful. Every piece of jQuery has example code and a user comment section to provide extra insight. Don't be afraid to check it out, even if you are an absolute beginner. I actually "learned" how to use jQuery before I learned how plain JavaScript works, so it makes for a good introduction to the language because of how easy it is to use. If you learn by doing, then it's a great place to start.

However, you must have a full understanding of JavaScript to get the most out of jQuery in the long run, so you should definitely look into learning JavaScript without jQuery when you are comfortable enough to do so.

I would recommend the text I used in college for learning JavaScript, but I've since learned that it has a 2-star rating on amazon.com and it is still very expensive. It did a good job of teaching a practical application of JavaScript for beginners, but it has a lot of typos that may trip you up if you do the practice examples, and for the price it really should be perfect. If you can find it for cheap, pick it up.

A cheaper alternative that I have not read is JavaScript Step by Step by Steve Suehring. Much cheaper than a college text and highly recommended. An introduction to getting a grasp on JavaScript is most definitely worth more than the 25 bucks you'll spend.

When you start to feel like you could do some damage (in a good way) with JavaScript, you should definitely check out JavaScript: The Good Parts. It will shed a whole new light on JavaScript and help you realize both how powerful and strange the language is. I don't know if your job duties or passion for programming would lead you this deep into JavaScript, but if your goal is enhancing your career, JavaScript is most definitely the next step in the world of web.

When people ask me what JavaScript is to a web developer, I tell them this: HTML makes up the bones of a website. CSS is the skin. JavaScript is the muscles that makes your website live and breathe. Learning it is essential!

Best of luck!

> windows server/services?

Microsoft's TechNet and MSDN are Microsoft's main reference portals for operations and development, respectively.

For structured learning, Microsoft offers their MCSE Program. Each exam covers a specific topic, and there are learning objectives and links to reference material available. Microsoft Press will usually have a self-study guide available for each exam.

There's also the Microsoft Virtual Academy, but I've never used it and can't vouch for its quality. Of course, it's free, so....

> linux server/common services? (Could be distro specific)

For professional use, the most commonly used Linux distributions are RHEL/CentOS and Ubuntu. (Debian is also popular, but it's close enough to Ubuntu that you can lump the two together.)

Both RHEL and CentOS have documentation available:
RHEL Documentation Page
Ubuntu Server Guide

RHEL's documentation is far more thorough and complete. However, Ubuntu has community support in the form of the Ubuntu Forums and Ask Ubuntu, and I've personally found it easier and faster to find specific information and solutions for Ubuntu.

For structured learning, Red Hat has a certification track available (which is obviously focused on Red Hat technologies), and LPI has a certification track that is more vendor-neutral. There are self-study books available for Red Hat's certifications, but they are all outdated for the current exams, and I don't recommend buying them until they're revised for RHEL 7.

For self-study, the closest thing to a Linux system administration bible that currently exists is the UNIX and Linux System Administration Handbook. However, it's a bit dated in certain respects.

Linux support and documentation, like its development, is spread out over the Internet. If you're looking for how to do something, usually the best place to start is Google. Searching for "[stuff] Ubuntu" or "[things] CentOS" will usually send you to the right place. Stack Exchange is also a pretty good resource:

• Stack Overflow, for scripting and coding questions
  
• Server Fault, for questions regarding system and network administration
  
• UNIX and Linux, for questions about Linux in general
  
  > Networking
  
  Networking education is split into two worlds: theoretical/academic computer networking, and practical, vendor-specific networking.
  
  For theoretical networking, your best bet is to pick up a textbook. We recently had a thread discussing recommendations.
  
  For practical, vendor-specific networking, the big player is Cisco. Cisco has a certification track available with course objective and reference materials. For self-study, anything written by Wendell Odom is gold; however, bear in mind that you really need a lab for self-study to be effective.
  
  Other companies, like Juniper or HP, also have networking certifications available, but I only recommend them as a supplement.
  
  Lastly, while I describe Cisco's training as "practical," that doesn't mean that the theoretical aspect of networking is unimportant for a professional. There is an industry-wide push toward software-defined networking, and if your SO wants to get in on that, she'll need to have a firm understanding of computer networking theory.
  
  > NetSec
  
  Hardcore NetSec isn't really my field, but /r/netsec has a Getting Started Guide with some resources available.

That's sort of a tricky one, because there are two distinct aspects to learning JavaScript. The first aspect is figuring out how to solve problems using code, and the second aspect is understanding the nuances of JavaScript. (Ideally, the second phase should require much less time, but unfortunately, JavaScript is a bit of a quirky language so even developers who are experienced at solving problems in other languages might need some adjustment time to get used to the unexpected bits).

Regarding the first aspect, I'm unfortunately a little out-of-touch with the JavaScript ecosystem, and am not aware of too many resources that I think do a good job of teaching you how to problem-solve using JavaScript (which, I should emphasize, is different, and probably harder challenge then just teaching you JavaScript).

That said, freecodecamp seems like a potentially good one. If you care only about JavaScript, you're probably going to want to skim through the first bits on HTML and CSS, but the exercises and projects they provide seem pretty damn solid.

Eloquent JavaScript might also be a good one -- the only main problem is that I think it ramps up a little too quickly in places (in particular, the chapters about writing objects). This might be a good "second resource", after you complete a more basic tutorial and have one or two projects under your belt.

Beyond taking courses, the best thing you can do for yourself is just constant practice, whether it's by working on exercises or working on your own personal projects. The only way to get better at problem-solving is via constant practice.

Regarding the second aspect, here are some good resources that I think do a good job of teaching the nuances and tricky bits of JavaScript. I would consider these beginner-intermediate resources -- they might not be entirely appropriate for somebody completely new to programming, but certainly would be useful for somebody who's completed one or two projects and wants a deeper understanding of JavaScript, or for an experienced programmer who hasn't used JavaScript before and needs to ramp up quickly:

• JavaScript: The Good Parts -- it's a pretty small book, and does a good job of giving a very concise and precise definition of what clean JavaScript code looks like.
  
• MDN's JavaScript guide -- this is a no-nonsense set of guides to JavaScript, and has a variety of different tutorials targeted towards different audiences.

One of the biggest issues I see with some of the dev's I work with is that they easily get lost in their work. We refer to it as shaving a Yak. Let's say you need to go pick up some milk at the store, but before that you need to fill up your gas tank. But before that you need to change the oil in the car. But before that you need to help your parent access their email. The next thing you know you're in your living room shaving a Yak asking yourself how you got into this situation. All you wanted to do was get some milk.

You would be better off identifying the core features of your project and concentrating on them, one at a time. What are these core features, what is the value of this feature, and what is the minimum amount that would satisfy that feature. If you're creating a car, you would need a motor to drive the wheels, but a a motor has nothing to do with how to steer a car. You've identified two separate features, one for the motor and one for the steering. I'm not talking about sitting down and writing out full specs and requirements. Just get a basic idea of what are the different parts of what you are building. You'll miss some but that's ok. Find a few features, pick one, and start.

Stay focused on that feature. Hack it together, make it work. But make sure that what you're hacking together is only for that feature. The code you're writing at the time should be responsible for solving that feature, alone. Even if you think that what you're creating can be used for another feature, or that you're repeating something that you made earlier, or you've discovered some new feature that you missed initially (and you will), ignore the impulse to optimize or start adding new features in the middle of your task, you will come back to it later. Just make sure you make notes about those things discovered.

When you're code does what it is supposed to and you've proven it with unit tests (you do have unit test right?), then you can start refactoring. Clean it up, move it around, optimize it, look for areas that a design pattern can fix. Give it a good S.O.L.I.D. overview (if you're working in an OOP language). As long as you have unit tests covering the core responsibilities of your features, you can make changes with confidence.

Once you're satisfied, you can move on to the next feature and repeat. As you complete more features, you can re-address some of the completed code during subsequent refactors. Working like this will ensure that
a) your code works as intended because you've proven it with unit tests
b) your code will be loosely coupled because you were forced to work on a single responsibility at a time.

Refactoring is probably the main take away. But being able to pick specific milestones along the way is important. If you leave it all up to the last minute, it will be easy to get overwhelmed.

So book recommendations:
Martin Fowler's Refactor - https://martinfowler.com/books/refactoring.html
Uncle Bob's Clean Code - https://www.oreilly.com/library/view/clean-code/9780134661742/
Steve McConnell's Code Complete - https://www.amazon.com/Code-Complete-Practical-Handbook-Construction/dp/0735619670

TL;DR Improve yourself, invest in your future, don't worry about the mistakes...read the books listed at bottom, and practice!

Few months ago I royally fucked up an interview at Microsoft. A really simple question. But I had no experience doing coding on paper instead of a computer.

I spent a lot of time studying various books and paper coding to make sure it wouldn't happen again.

I then had an interview for another (in my mind at the time) dream job. I did fine for all the phone interviews and they flew me over to the west coast for an in person interview for the day. I did well for the first bit until they started pulling out dynamic programming and integer programming questions on me and expecting me. Once again something I didn't prepare for, and f'd up. Didn't get this job either. For the longest time I was really hard on myself at fucking up on both these interviews one after another. Especially this second one since a lot more was riding on it than just the job (another story).

But then I decided I didn't want to have this sort of experience again and expected better of myself. I made myself further improve and brush up on all those concepts as well. Did a few mock interviews with friends, spent some time working on interview type questions on both the computer and on paper. A month or two later I started interviewing again. By this point I was an interviewing machine - and I'm now able to do just about anything thrown at me. I've had my choice of employers and until just recently, was in the situation where I had so many offers I didn't know which one I wanted most. I'll be heading to silicon valley soon at one of the top tech companies in the world with a fantastic offer considering I just graduated.

The point is - learn from the mistakes and improve yourself. I realize you don't want to be that guy spending heaps of time coding outside of work or whatever... but this is an investment in yourself and your career. Do it once, and then just brush up on your skills from time to time. Get into the interviewing mindset and just rock them so you can have your choice of job - and then you can go about your thing once you have the job locked. The up front investment will be worth it!

Things that helped me:

• www.hackerrank.com - practiced a lot of questions on here
  
• www.careercup.com - another great site for questions
  
• Cracking the Coding Interview More help on questions, but also some great insights into the interview process for the larger tech companies and many hints and tips on how to go about solving the more complex problems
  
• Code Complete A great book for helping you to refresh or learn about software design
  
• Eternally Confuzzled Great resource to learn how to think about common data structures and algorithms
  
  Having trouble with Algorithm design/analysis? These are some of the go-to books for that:
  
  
• The Algorithm Design Manual Probably the defacto for learning about algorithm design and analysis
  
• Introduction to Algorithms A great book with many different algorithms and data structures to learn about
  
• Algorithm Design A great book if you want to dive deeper into more complex subjects like graph theory, dynamic programming, search algorithms, etc.. etc..

I've seen other users on this sub saying that the LPI certs are either next to worthless to nice to see someone have but not something that guarantees a job. Still, I'm working on getting the LPIC-1 regardless. It's a good refresher to help keep my skills sharp while I look for work (and fill in some gaps in my knowledge), it most definitely carries more weight in the industry than the Linux System Administration cert I got from my local community college, and well, it's relatively cheap. I've not much better to do at the moment, so it can't hurt.

I've seen it said here (and heard from others in the business) that the RHEL cert is definitely the cert to get if you're interested in being a system administrator, but that it's also cert that's geared towards someone that's already got some hands-on experience in an enterprise setting and not really for beginners. I've also seen it said by some on this subreddit that, like the LPI certs, the RHEL cert is nice to see but they still don't care if you have it. I guess it's up to you if you want to plunge headfirst into it. Immersion seems to be the traditional Linux/open source way, but I say do what works for you--if you want to build up to it over time, then do that. If not, grab a VM and CentOS and have at.

Really, if it's one thing I've learned while going to school and looking for work, it's that requirements game is pretty much a crapshoot. Some companies want those certs and degrees, some don't care and want experience, some want a mix of those and experience, and some will only care if someone in the company knows/likes you (and even then it still might not happen for you). I say, grab the LPIC (which as /u/sudoatx said, it's actually three industry certs now) while volunteering somewhere (I'm getting a volunteership set up right now with my college's IT department, they've got some Linux boxes jammed away in there) to get the best of both worlds.

As for studying, the LPI website has links to free study materials geared specifically to prep you for their test. That doorstop /u/mynamewastakenagain mentioned is definitely really good, I have it on extended loan from my college library (working for them has it's perks ;)). I've also found the Linux Bible to be quite good, although I don't know of it's reputation in these parts.

Only have a few minutes to elaborate, but I'd recommend familiarizing yourself with the in and outs of the OSI networking stack like you plan to, and also study Operating Systems. A traditional OS class would be nice, but if you can complement that with a forensics class you will be balling.

It's also a good idea to figure out what subfield(s) of security you would like to pursue. Security is becoming so big and technical that it is almost impossible to be an expert in all aspects of security, so try them all and stick with 2-3 that you like - if the subfields complement each other you will make yourself an even stronger professional.

There's a ton of good resources online; if you make it a habit of browsing the links /u/eooe provided, you will learn about a lot more resources that will help. I would recommend the Life of Binaries class on http://opensecuritytraining.info/, and to add to the fun, Practical Malware Analysis by Sikorski is an amazing book on malware analysis that comes with exercises and labs that you can run with a pretty simple VM setup. The book describes how to set that up as well.

Like qaisjp said, do a lot of CTFs.


Cyber security is a vast field with many potential sub-categories you can delve into: software reverse engineering, hardware reverse engineering, pentesting, cryptography, steganography etc. - The list is long.


For more info about ctf's and which ones are hosted:

• https://ctftime.org/ctf-wtf/
  
  
  CTF's are usually separated into different subcategories and many people specialize in a few of them (not necessarily all), so I'd recommend you take a look around and see what you find interesting.
  
  
  Useful sites to visit:
  
  
• https://www.hackthebox.eu/
  
• https://overthewire.org/wargames/
  
• https://ringzer0ctf.com
  
• https://cryptopals.com/
  
• http://ae27ff.meme.tips/
  
• https://ctftime.org
  
• https://nostarch.com/ (very HQ technical books)
  
  
  Reading CTF write-ups is also very useful, taking a look at how challenges are structured and how people solved them will give you insight into different ways of thinking about various problems. Reading a few might be a good idea, and perhaps you fill find a few categories that might be interesting: https://ctftime.org/writeups (Other write-ups may be found just by googling, a lot of blogs and github's out there)
  
  
  Personally, I am very reverse engineering focused so I will mostly be able to help you with resources in that area.
  
  
  RE links to take a look at:
  
  
• https://github.com/wtsxDev/reverse-engineering
  
• http://amzn.to/2jljYqE (Must read book if you want to delve into RE)
  
• https://beginners.re/
  
• https://revers.engineering/applied-reverse-engineering-series/ (a blog my friend made)
  
  
  If you do RE, coding is also vital (people tend to do C++ and/or C together with x86/x64 ASM, the latter which is essential for RE in the first place), but it is not exclusive to RE, coding is crucial in many if not all CTF categories and I think having a start as a programmer is a good way to enter parts of cyber security.
  
  
  There is also a reverse engineering discord, which I think you could benefit from, a lot of information can be found on there about various kinds of reversing:
  
  https://www.reddit.com/r/ReverseEngineering/comments/9n2qcb/join_the_reverse_engineering_discord_active/
  
  
  I think a lot also boils down to reading books, blogs etc. and having good knowledge of how various things work, the links above should be of help, and should lead you to other useful resources as well. You do not necessarily have to switch majors, good computer knowledge is very helpful, and most cyber sec people I know do either compsci, math + compsci, or just math. In the end it just boils to doing things however, and ctf's are a great way to do that.
  
  PS. With reversing you can also delve into game hacking which is super interesting and a lot of people do really funky shit with things like the windows kernel!
  
  If you have any questions about anything, feel free to ask.

Many people may disagree with me, but as a Linux user on the younger side of the spectrum, I have to say there was one thing that really worked for me to finally switch for good- books.

There's tons of wikis and forums and of course Reddit to ask questions, but it is hard to get good answers. You may end up paying for books (unless you look on the internet for books) but it doesn't beat having a hard copy in front of you. It boils down to a time vs money trade off. The only wiki I would follow is one directly from the developers that act as documentation, not a community wiki. Also worth nothing certain wikis are more tied to linux and the kernel than others, meaning some are comparable/interchangable with the distro you may be using. Still, a novice would not easily put this together.

Forums are also useless unless you have the configuration mentioned in the post or that forum curates tutorials from a specific build they showcase and you as a user decided to build your system to their specifications. There's way too many variables trying to follow online guides, some of which may be out of date.

This i've realized is very true with things like Iommu grouping and PCI Passthrough for kernel based virtual machines. At that point you start modifying in your root directory, things like your kernel booting parameters and what drivers or hardware you're gonna bind or unbind from your system. While that does boil down to having the right hardware, you have to know what you're digging into your kernel for if you dont follow a guide with the same exact parts that are being passthrough or the cpus or chipsets are different.

Books are especially handy when you have a borked system, like you're in a bash prompt or an initramfs prompt or grub and need to get into a bootable part of the system. Linux takes practice. Sometimes its easier to page through a book than to search through forums.

Another thing about being an intermediate or expert Linux user is that you don't care much about distros or what other users or communities do. It wont matter as under the hood it's all the same, spare the desktop and the package managers. Once you're out of that mentality you just care about getting whatever you want done. I'm not one of those guys that's super gung-ho FOSS and open source. I just use what gets the job done. Also from a security perspective, yes Linux is in theory MORE secure but anything can be hardened or left vulnerable. It's more configuration tied than many uses and forums or threads lead it on to be.

My workload involves talking to servers and quite a bit of programming and scripting, in a variety of capacities. That's what led me to linux over the competitors, but I'm not so prudent to never ever want to use the competitor again or have a computer with it. With understanding Linux more, I use it more as a tool than to be part of the philosophy or community, though that enthusiasm pushes for new developments in the kernel.

I'm assuming you're a novice but comfortable enough in linux to get through certain things:

In any computer related thing, always TEST a deployment or feature first- From your linux system, use KVM or Virtualbox/vmware to spin up a few linux VMs, could even be a copy of your current image. This way any tweaks or things you want to test or try out is in an environment you can start over in.

The quickest way to "intermediate-expert" Linux IMO is learning system administration.

My go to book for this is "The Unix and Linux System Administration Handbook 5th edition"

https://www.amazon.com/UNIX-Linux-System-Administration-Handbook/dp/0134277554/ref=sr_1_1?keywords=The+Unix+and+Linux+System+Administration+Handbook+5th+edition&qid=1564448656&s=books&sr=1-1

This edition is updated recently to cover newer kernel features such as could environments and virtualization. This book also helps when learning BSD based stuff such as MacOS or FreeBSD.

Another good read for a "quick and dirty" understanding of Linux is "Linux Basics for Hackers" It does focus on a very niche distro and talks about tools that are not on all Linux systems BUT it does a good concise overview of intermediate things related to Linux (despite being called a beginners book).

https://www.amazon.com/Linux-Basics-Hackers-Networking-Scripting/dp/1593278551/ref=sr_1_3?crid=396AV036T1Y0Q&keywords=linux+basics+for+hackers&qid=1564448845&s=books&sprefix=linux+bas%2Cstripbooks%2C119&sr=1-3

There's also "How Linux works" but I cannot vouch for this book from personal use, I see it posted across various threads often. Never read this particular one myself.

https://www.amazon.com/How-Linux-Works-2nd-Superuser/dp/1593275676/ref=pd_bxgy_14_img_2/137-6604082-4373447?_encoding=UTF8&pd_rd_i=1593275676&pd_rd_r=feffef24-d3c3-400d-a807-24d8fa39cd1e&pd_rd_w=8GX0o&pd_rd_wg=3AMRB&pf_rd_p=a2006322-0bc0-4db9-a08e-d168c18ce6f0&pf_rd_r=WBQKPADCVSABMCMSRRA1&psc=1&refRID=WBQKPADCVSABMCMSRRA1

​

If you want a more programming oriented approach, if you're confortable with the C language, then you can always look at these books:

The Linux Programming Interface

https://www.amazon.com/Linux-Programming-Interface-System-Handbook/dp/1593272200/ref=zg_bs_3866_1?_encoding=UTF8&psc=1&refRID=5YN3316W22YQ4TSMM967

Unix Network Programming VOL 1.

https://www.amazon.com/Unix-Network-Programming-Sockets-Networking/dp/0131411551/ref=sr_1_1?keywords=Unix+Network+Programming+VOL+1.&qid=1564448362&s=books&sr=1-1

Advanced Programming in the Unix Environment

https://www.amazon.com/Advanced-Programming-UNIX-Environment-3rd/dp/0321637739/ref=zg_bs_3866_2?_encoding=UTF8&psc=1&refRID=5YN3316W22YQ4TSMM967

These books would take you to understanding the kernel level processes and make your own and modify your own system.

As many have mentioned, you can go into these things with "Linux from scratch" but it's also feasible to do Linux from scratch by copy/pasting commands. Unless you tinker and fail at certain things (hence do it on a vm before doing it to the main system) you won't learn properly. I think the sysadmin approach is "safer" of the two options but to each their own.

Start here.

Read those left to right. You will learn a lot about networking, a lot about Python and how that is commonly used to hack, and then a lot about Kali Linux. You won't learn how to use the tools, but you will learn what they are.

I would also recommend "Operating System Concepts" but it is a bit pricey. I like that book because it doesn't teach you how to use a bunch of commands in linux, rather it teaches you how operating systems work and why they work that way. Very interesting, and there is an entire section on security. Also, "Penetration Testing" is a good one, and it is cheap too. You will learn how to use some Kali tools, but you'll also learn the important stuff. Buffer overflows and format string attacks are what you need to know how to do. You need to know how to look at and manipulate memory.

If you want to figure out how to do it yourself, read the first four books. If you want a step-by-step guide of exactly what to do, read the last book. It is also pretty important, IMHO, to know a bit about operating systems, but honestly you don't need that one. It just tells you why things are the way they are, which is sometimes helpful when you're like "oh I wonder if I can hack in like this" but then you remember that you could, but they changed it because you could.

Good luck on your endeavors!

Edit: I looked at the sidebar and it agrees with me about learning how OS's work. It says: I think the best place to start is to get a solid understanding of OS concepts first. The combo of Linux, C, and ASM are almost essential to really understanding how everything melts together. I like this resource: http://wiki.osdev.org/Expanded_Main_Page.

Sorry for getting back to this so late, it's been a long week.

1. You will need a good understanding of HTML/CSS, mostly how to manipulate and traverse the DOM tree. Luckily, this is very simple and straightforward once you figure out how the pieces fit together. On top of that, Javascript does a great job of hiding the need to actually write HTML or CSS markup, though you should still understand how it works. The better you understand the pieces of the puzzle, the more interesting and creative graphics and visualizations you can create!
   
   
2. The graphics are very easy to show off, seeing as they live on the web :) There are a ton of ways to host graphics, either on your own website, or on one of the many free online platforms like Github and CodePen.
   
   
3. As far as preserving interaction outside of the web, I do not have any knowledge of how to do that with Javascript (not to say that it doesn't exist).
   
   
4. As far as resources, I highly recommend reading Javascript: The Good Parts to understand how the language is put together, why it was put together that way, and how to take advantage of its unique style. It is a pretty short read. As far as learning visualizations, I learned most of my fundamentals from taking courses on Lynda, and then used good old Stack Overflow to figure out how to create the specific things I wanted to do in my visualizations. Other good sources for video tutorials are Pluralsight and sometimes Youtube.
   
   
5. YES! That is the beautiful part of creating visualizations on the web, you can power them with any web technology. Most of my visualizations retrieve data from some web API and use that to build graphics or show an interactive dashboard, meaning they look different every time I load them up. This gives you a ton of freedom and flexibility to create graphics that are both pretty AND useful. It's very common to hook them up to databases to query and display data.
   
   
6. As far as IDE's, I absolutely love Visual Studio Code if you have a Mac. It is VERY different from regular Visual Studio and has some great features like a built in terminal window, built in git support, a very lightweight directory structure, and a good community for 3rd party add-ons. It was built with Javascript in mind but I now use it for C++ and Python as well. If you run a windows, I use Sublime Text 2 which has many of the same features. If you want something with a bit more out of the box, Atom is a good IDE that lets you view your site as you build it and also deploys a small web server which is useful if you are not running your own.

Are you a beginner to programming, or have you been programming for a while in other languages and are just getting started with JS?

If you're a beginner to programming altogether, this is a good resource, but I'd also recommend some dead-tree books. I've heard good things about Javascript: The Good Parts, though I've never read it myself.

Edit: One thing to be careful of when you're just getting started, by the way: try not to focus too much on any single language and its features. You want a good solid base of fundamentals, you don't want to hyper-specialize from the start. Don't just learn Javascript, for example. Try Java and Clojure and C and Haskell too, and any other language you can get your hands on. They all have their own idioms and lend to certain styles of problem solving, it's good to be able to figure out which one is best for the task you're facing.

If you've done some coding before, and are branching out into JS as a new language, there's no better way than reading about it and then trying it out on your own. JSFiddle is a great resource for just playing around. You could try implementing solutions to Project Euler puzzles in JS. Or you could pick a pet project you want to work on that has some client-side behavior and implement it in HTML5/JS. Or server-side behavior and do it in node.js. Or you can find an open-source project using JS that you're interested in, and get involved there.

Edit: Also, Stack Overflow has dozens of JS-related questions answered every hour. Sometimes those answers come attached to a lot of useful information. Try browsing there, and if you have questions, ask them. It's a great resource.

So, everyone has different learning styles and there's no completely "best" way to learn something. Here's a couple suggestions on how I'd recommend starting:

• The simplest starting point would be to follow an online tutorial. It's been too long since I learned my first bits of javascript, so I don't remember what I used, but after a bit of looking, this one looks decent: https://javascript.info/ EDIT: Like /u/HothMonster recommended, I've heard good things about CodeAcademy. A friend went their their javascript course and found it useful. Haven't done it myself, but worth a look too.
  
• Are you the type that'd like a book to guide you through? There's one that I read and loved while I was learning: Javascript: The Good Parts. If you google it, there's a PDF in the top few results too, but I have no idea if that's legal or not.
  
  Using tutorials or a book, get a basic start going. Once you have a little bit of HTML/JS knowledge going so that you can make a index.html file and have it load a javascript file that does anything, like log to the console, then you're started. Go through a tutorial/book to get a bit more understanding and then.... build something.
  
  It's hard to choose a topic, but try to find something that you're interested in. Then work on making it. You'll learn an incredible amount by doing it. Don't try to master the language first, just make something with it. Then you can ask specific questions about the parts that you're having trouble with and it will help guide you through it and people will generally be willing to help someone that's working.
  
  Plus, getting help is easier when it's a specific use case that someone can help with vs. "Please teach me everything about this language" because even those of us that have worked with a language for quite a while often don't know all of it. :P

Instead of buying tons of books, you might want to look at Safari Books. I have the 10-book bookshelf subscription, and it is seriously plenty. Pros, you have instant access to a massive library of tech books. Cons, you are stuck reading on your computer/tablet/phone (I did try reading a few chapters on my Kindle, but the didn't care for the experience).

Books I would suggest:

• UNIX and Linux System Administration Handbook - this is seriously a great book, that will make any admin better.
  
• Time Management for Systems Administrators - has a lot of good tips for time management, but some things are a little dated.
  
• The Practice of System and Network Administration, Second Edition - This is a great read on how to be a better system administrator.
  
  I'm not a huge fan of training videos, but generally watch recordings from conferences. Although, I do really enjoy the format of vimcasts though.
  
  As for general advise, I did see someone recommend looking for an MSP. If you are looking to be a Linux SysAdmin, I wouldn't recommend this route as you are going to be supporting MS installations. Personally, I started doing help desk for a web company and moved up from there. Also, I worked hard to create my opportunities within each position. You'll have to put yourself out there and be patient, It took me 4 years to earn the official title of Systems Administrator (in a small-ish town). The key to this is finding a good Sr. SysAdmins who are willing to mentor you, and some environments/people aren't conducive to this.
  
  EDIT:
  
  BTW, I have a B.A. in Political Science, so don't be ashamed to rock that Philosophy degree. You will see a lot of posting that are looking for a B.S. in Computer Science/Computer Engineering/Rocket Surgery, but seriously don't even worry about that. Most job postings are a list of nice to haves, and most places really only care that you have a degree.
  
  I've been recruited by and interviewed with some very respectable tech companies. I just usually have to explain how I got into tech with a political science degree. In an interview, having the right attitude and knowing your stuff should say more than your major in college. But, you will also run into elitist douche bags who knock your degree/doubt your abilities because you don't have a B.S. in CS/CE. If you work with these people, your work should speak for itself. Don't try and get caught up into a pissing match with them. If it is an interview (as in someone you might work for), practice interviewing never hurts.

Servers should always be hardened and because everyone likes long guides the National Vulnerability Database actually maintains a lot of information regarding hardening servers. So for the actual server itself can be hardened using the following guide located here. That is for Red Hat Enterprise Linux 5. It will change from distro to distro, but some things are pretty standard. I agree with PalermoJohn as well that learning more about networking will certainly help you in securing your server and network.

For applications running on your web server the link for OWASP Top 10 that Rsaesha posted will help you. If you have more time and would like to learn about Application Security, The Web Application Hacker's Handbook is a great resource to learn a lot about security in Web Applications.

Both application and network level security are required to truly secure your web server.

Cheers!

Depending on the company and organization you're a part of, the SDET role can sometimes be flexible enough to begin blending into DevOps (Infrastructure) or Tooling territory.


I'm an SDET myself and I imagine I'll eventually find my way to a DevOps/SWE/SDE/Infosec type role myself. But in the meantime, I enjoy what I do. A friend of mine was an SDET and was able to demonstrate his SDE-specific skills and land a full time SDE role with a Big 4 company. So definitely possible, just make sure you're strong on coding and algorithmic understanding / problem solving.


I do have some specific feedback to assist with your goals though:


> Some other interests of mine that I don't get to really work with are linux administration, front-end web development, data analyst/sql stuff, and information security.


Some of these can be incorporated into your work depending on your role:

• Front-end web dev: Build out some internal tools to assist with different QA or Test specific tasks (or take existing test tools or scripts) and put them into a React or Angular app. Lets you build out something interesting while still being related to your role and work responsibilities.
  
  
  
• Data Analyst/SQL stuff: Build out some dashboards or other reports to show QA or Test coverage, better aggregate test records over time (how often has this test passed or failed historically, etc). Will provide value to others and help with oversight/insight into test - best to work with potential stakeholders (Managers, Directors) who may be interested in this data after you have a basic proof of concept, see if they can support (or would like) this data.
  
  
  
• Information security: Start reading up on some resources to support your testing of potentially vulnerable systems or web apps that you support (ie, read up on https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470 if you test web applications). Obviously this type of testing would be best carried out in a sandbox test environment, to give you better logs and if you discover something impactful it is contained to a test machine you can just rebuild if it breaks.
  
  
  Hope this helps and good luck!

so everyone seems to be giving some good but general answers so here's a few specifics. They'll be most useful for learning unix but will also give you a good overview for any administration.

The Design of the UNIX Operating System
http://www.amazon.com/Design-Operating-System-Prentice-Hall-Software/dp/0132017997/ref=sr_1_1?ie=UTF8&qid=1344385714&sr=8-1&keywords=the+design+of+the+unix+operating+system
Very good book to understand how a kernel works and interacts with different functionality of an operating system.


TCP/IP Illustrated
http://www.amazon.com/TCP-Illustrated-Vol-Addison-Wesley-Professional/dp/0201633469/ref=sr_1_1?s=books&ie=UTF8&qid=1344385781&sr=1-1&keywords=tcp+ip+illustrated
Basically the bible of anything tcp/ip related. Volume 1 is the most important. Volume 2 and 3 are good as well but require knowing some calculus.

Really anything by W. Richard Stevens is great, though some of it is more on the programming side
http://www.amazon.com/W.-Richard-Stevens/e/B000AP9GV4/ref=ntt_athr_dp_pel_1

Then there's the man pages.
Go into /bin/, /sbin, /usr/bin/ and /usr/sbin/ and just read the man page for every command.

If you want to learn how mail works, learn how (buy books or whatever you can find online) the protocols work not the applications. So learn how smtp, pop3, imap all work. Read what you can find, read RFCs for the protocols, etc. Then once you know how the protocols work you can read how an application like sendmail or qmail works. Books by oreilly are usually pretty good for this as well.

Set up linux systems, slackware is a great distro to learn linux from, and just setting up things like a lamp server, mail server, etc. Don't install applications from a repository, compile applications when you want to install them.

If you search my comments far enough back (maybe a month?) I posted something for someone asking a similar question and went into a lot more depth and a lot more chronological of what to do to become a unix sys admin.

edit: oh the two most important things about being a sysadmin.

• It's not about how much you know, it's about how fast you can figure out what you need to know.
  
• A good sysadmin has automated everything. Sysadmins are inherently lazy and hate to have to do anything twice.

You may want to narrow that down a bit, but okay, here are some highlights, with amazon links to help disambiguate.

• Game Programming Gems series -- (8 books currently) Lots of snippets and articles contributed from developers across the game industry.
  http://www.amazon.com/Game-Programming-Gems-Adam-Lake/dp/1584507020/
  
  
  
• Game Engine Architecture by Jason Gregory -- Great intro to the details of how game engines are built. It's a good balance for detail and readability for a beginner. Even for someone just using engines such as UDK or Unity3d I would recommend this to understand what is going on under the hood.
  www.amazon.com/Game-Engine-Architecture-Jason-Gregory/dp/1568814135/
  
  
  
• 3D Game Engine Design -- More technical and detailed descripting of designing and developing a game engine, but not as noob friendly as Game Engine Architecture
  http://www.amazon.com/Game-Engine-Design-Second-Edition/dp/0122290631/
  
  
  
• 3D Game Engine Architecture -- Follow up to 3D Game Engine Design that goes in to lower level detail and general updates.
  http://www.amazon.com/Game-Engine-Architecture-Engineering-Applications/dp/012229064X/
  
  
  
• Artificial Intelligence for Games by Millington / Funge -- I believe this is the current "must read" for game AI. The only book I've seen that goes in to Behavior Trees and other modern concepts.
  http://www.amazon.com/Artificial-Intelligence-Games-Second-Edition/dp/0123747317/
  
  
  
• AI Programming Wisdom series -- 4 books, like Game Programming Gems but for AI. Not a must have but I'd recommend them. They seem to be out of print though, so good luck finding them.
  http://www.amazon.com/AI-Game-Programming-Wisdom-CD-ROM/dp/1584500778/
  
  
  
• Real Time Rendering -- One of the better books on rendering. I'm not a big render guy but this is the book that everyone recommends to me.
  http://www.amazon.com/Real-Time-Rendering-Third-Edition-Akenine-Moller/
  
  
  
• Real Time Cameras -- THE book on how to implement cameras well, written by THE guy when it comes to video game camera systems.
  http://www.amazon.com/Real-Time-Cameras-Mark-Haigh-Hutchinson/dp/0123116341/
  
  
  
• Code Complete -- The only book not game related I'm listing, it's basic stuff to help you learn to write better code. There are parts that I (and many others) disagree with but in general it's a lot of good advice.
  http://www.amazon.com/Code-Complete-Practical-Handbook-Construction/dp/0735619670/
  
  
  There are many others, but looking at my shelf these are the big ones that stick out for recommendations.

This is kind of a side-answer, but it looks like you are just compiling a list of things that are super popular at the moment.

> React.js with Flux seems more hot than all other frameworks

What concerns me is that you seem to not be concerned with what is the best framework for your project(s), but rather what is "hot".

For a long-term career I would recommend focusing on improving your understanding of concepts and theory that these ever-changing tools are built on rather than trying to chase what people think is cool.

The people who spent time learning JavaScript rather than simply "mastering" jQuery were in a significantly better position when client-side frameworks came out because they knew the underlying concepts.

If you haven't mastered these things yet, I think they have more value than most of the list of specific tools I see listed:

• Eloquent JavaScript & JavaScript: The Good Parts - Master the ins & outs of the language
  
• Understand common design patterns - New frameworks are going to be building with these components, what better way to have a jump on the "next big thing" than by understanding the blocks that it's built with?
  
• Functional Programming - React (and to a lesser extent Angular) are increasingly utilizing this paradigm and it is a jumping off point for more advanced techniques like Reactive Programming that lets you leverage an incredible amount of power especially in the big data space.

I was in your same shoes 3 years ago when I took my first SA internship. I was the only person on site for 8 employees locally, 30 around the country.

I was scared to make actions at first but the first thing you need to do is learn your network in and out and document the shit out of everything before you even make a change. After that, you will be confident and I am sure of it.

1.) Begin a document called "IT Department Handbook" - add everything you find to it, except passwords. Refer to it, love it, it will always save you. Include disaster recovery in it. Make it so that a third grader can understand it. I have one thats 50 pages right now. This will save you as it has saved me so many times. Make it confidential though, because it will end up holding information you don't want people to see on the outside such as IP addresses and your network map.

2.) Keep passwords file but separate from the system and indistinguishable. I actually keep a password file on my phone in my memo's app but I don't have the full account usernames associated with each one. I provide really indistinguishable hints to the username, usually riddles that only I would know.

3.) Get Veeam endpoint backup and find a place to backup your DC (full backup) and any databases at the very least. You can create a standard for backups later.

3a.) Find the Domain Controller's recovery password immediately.

3b.) Create a recovery USB for all your servers and put them in a location where you can find them later.

4.) Get a Network Diagram going, then after that...

5.) List all Roles and Features each server has on the network diagram, what each server stores, what applications run on them and how essential they are to the business. Example: Domain Controller. No domain controller, no work can be done. CRM: No crm, people can't keep of their cases on the webserver but rather locally, they can live without it for a short time. Start thinking about disaster recovery.

6.) Develop a Khanban System. It's an agile project management method I learned from reading This Book -- I highly suggest buying this to help you better your practice. Put tasks in the backlog and move the ones you think need to be done sooner than others to your daily or weekly sprint.

7.) Find out who uses what server for certain tasks. This may take a while but it helps.

8.) Something I do personally before doing any changes to Group Policy or Regedit is I save their current configurations before making changes. Therefore, if something doesn't work right after a setting is changed, you can quickly revert back to it's last state.

9.) If you have the capability and hardware, get clustering going. So if a DC1 fails, DC2 takes over and everyone can still authenticate and work.

10.) If you have the capability and hardware, create a test environment reflecting your live network on a very small scale but enough to test "Ok so if I make this change, can people from workstations still login, can they still access the development server... etc." - you can create a test domain under your current forest and have it remain separate in this test environment.

11.) If it's not already in place (this might take some time) create a naming nomenclature standard. I.E. DC1.example.com (domain controller 1), DC2.example.com, PS1.example.com (production), WEBS1.example.com (webserver), TE1.example.com (test env.), WK1.example.com (workstation number 1...2...), VM1.example.com (virtual machines). This will help when it comes to debugging issues. My boss likes to make personal names for his servers which drives me fucking nuts because we have 20 servers between us and our clients that we manage. It's a lot better for him to mention "yea I cant get into PS1." rather "I cant get into rabbit" - and there I am trying to remember which server rabbit is and what features it holds off the top of my head; which is where a network diagram can come into play.

So essentially a chat service? You're right that a LAN is simply a network of devices, not necessarily connected to the Internet, but from a machine perspective, communicating over LAN vs over the internet isn't all that different. It's what you want to do with the devices in your LAN that makes things more challenging.

At a super high level, you'd have your "server" code on your macbook, which would manage the devices attached to it, and your clients, which would reach out to the server. When you type a message, it will get sent to the macbook (server), which will then relay the message to all the other devices. This is something that can most definitely be done in Python (and probably swift, but I've never used it). For Python, look into the socket library, but I would do more research into the network stack in general before attempting to go into any code, especially if the end goal of this is to have a strong grasp of network programming.

YMMV, but when I was taking a networks class, the textbook we used was https://www.amazon.com/dp/0132856204/, which was surprisingly helpful, and explained things very well. I'm sure there are plenty of free resources out there as well though (and most likely free pdf versions of that book somewhere). At a glance, it looks like this link gives a very in-depth view of the network stack, and how data is transmitted.

Okay so there are a couple of good places to start with malware. The first is Malware Analyst's Cookbook. It is a pretty decent beginner level resource.

From there, Practical Malware Analysis is excellent and goes a lot deeper.

For free resources I've heard good things about Dr. Fu's Malware Analysis Tutorials.

You will need to have a strong understanding of reverse engineering. I like Practical Reverse Engineering or Reverse Engineering for Beginners. The latter is free.

With RE comes assembly. I learned from the free book PC Assembly Language. The RE books should have some info on assembly as well.

You should also know the systems programming API and OS internals for whatever OS you're interested in. This is most likely Windows, so I recommend Windows System Programming and Windows Internals. You can find similar books for Linux and macOS too. Having a good understanding of C and C++ is helpful for this. Also get comfortable using your assembly level debugger on your OS of choice. WinDBG, x64dbg, and OllyDBG are all good on Windows. GDB is pretty much the default on Linux, and LLDB on macOS.

I also highly recommend some scripting language, whether it's Python, Ruby, Powershell or whatever for hacking up your own tools.

Lastly, there is a list on GitHub with a ton of helpful links.

I think that's enough for now.

As far as demand it's hard to say and probably depends a lot on where you're from. It's certainly not like the demand for webdevs but there's also not nearly as many people with the skillset. I'm not a malware analyst myself, I'm more focused on security research and embedded development.

I know those skills are especially high in demand around the Washington, DC area with defense contractors and government agencies. Especially if you can get a security clearance. Most other security firms I know of are always looking for good people with strong reversing and OS internals knowledge.

Let me know if you have any questions and I will try to answer.

Well, most of them you will find are just like the one you have very heavy reading and slow. If you are a real glutton for punishment, the real meat of everything is spelled out in the RFC's(Request for Comments). This one is pretty short and to the point, if you can understand it, it will help you understand most other networking jargon:

-----
http://www.ietf.org/rfc/rfc1180.txt

it is described thusly:

1. Introduction
   
   This tutorial contains only one view of the salient points of TCP/IP,
   and therefore it is the "bare bones" of TCP/IP technology.
   
   ------
   
   So, its just the nitty gritty, but most times, I find that is the best place to get started. Some of the things you will want to learn/study are the different networking layers specifcally layer2(switched/VLAN) and layer3(routed) networking. You will want to learn about SNMP and ARP as they are both very important to networking and network management. If you are interested in the nitty gritty details of how packets get pushed around the network, you will want to learn about some of the dynamic routing procotols used, such as BGP, OSPF, EIGRP, and RIP. There are others as well, but these will definitely get you started.
   
   My suggestion is this, if you can, study the RFC"s as they will give you a nuts and bolts understanding of what needs to happen. That will soften the blow going into any networking books you might run into. If you are specifically looking for networking books, you can almost never go wrong with O'reilly books. However, I always poke around on Amazon reviews before buying a book as if there is a better book, it will often be mentioned.
   
   Here are a few that adorn my bookshelf:
   
   http://www.amazon.com/TCP-Illustrated-Vol-Addison-Wesley-Professional/dp/0201633469
   
   being that I am in network mgmt, SNMP is crucial, here are some good ones:
   
   http://www.amazon.com/Practical-Guide-Snmpv3-Network-Management/dp/0130214531/ref=sr_1_6?s=books&ie=UTF8&qid=1322060915&sr=1-6
   
   http://www.amazon.com/SNMP-Management-Sidnie-M-Feit/dp/0070203598/ref=sr_1_5?s=books&ie=UTF8&qid=1322060915&sr=1-5
   
   and for the true masochist:
   
   http://www.amazon.com/Understanding-SNMP-MIBs-David-Perkins/dp/0134377087/ref=sr_1_4?s=books&ie=UTF8&qid=1322060915&sr=1-4
   
   for the routing protocols:
   
   http://www.amazon.com/Networking-2nd-Jeffrey-S-Beasley/dp/0131358383/ref=sr_1_11?s=books&ie=UTF8&qid=1322061108&sr=1-11
   
   Let me know if you have any specific questions and I will see if I can point you in the right direction! Good luck.
   

HTML and CSS are pretty simple, I would spend almost no time reading about them (Unless this is for some sort of job interview) for the most part you will just be googling "How to I make round borders" until you can do it by rote memorization.

JS, on the other hand, is a tricky beast. I would spend a majority of my time learning not just how to write javascript, but how to write good javascript.

javascript the good parts and Javascript garden is where I would start out learning. Javascript is easy to write, but hard to write well. You need to follow strong conventions otherwise your code will end up looking like spaghetti right quick and in a hurry. If you start playing around with the language, I would suggest using JSLint to make sure you aren't doing anything stupid.

After getting a good strong base in javascript jquery shouldn't be too hard. It is just a javascript library. perusing through the docs and getting a feeling for what it can do is probably all you really need. Just like any library you've used. You didn't learn all of the .Net framework, rather you would google and lookup specifics as you needed them. That is much the way you are likely to use jQuery. It can do a lot and you don't need to know everything it can do to use it effectively.

In short, javascript is where the traps are. The other things you mentioned are "I'm going to google this anyways" so I wouldn't really spend a large amount of time learning them.

Here is a "curriculum" of sorts I would suggest, as it's fairly close to how I learned:

1. Programming. Definitely learn "C" first as all of the Exploitation and Assembly courses below assume you know C: The bible is pretty much Dennis Richie and Kernighan's "The C Programming Language", and here is the .pdf (this book is from 1988, I don't think anyone would mind). I actually prefer Kochan's book "Programming in C" which is very beginner freindly and was written in 2004 rather than 1988 making the language a little more "up to date" and accessible. There are plenty of "C Programming" tutorials on YouTube that you can use in conjunction with either of the aforementioned books as well. After learning C than you can try out some other languages. I personally suggest Python as it is very beginner friendly and is well documented. Ruby isn't a bad choice either.
   
   
2. Architecture and Computer basics:
   Generally you'll probably want to look into IA-32 and the best starting point is the Intel Architecture manual itself, the .pdf can be found here (pdf link).
   Because of the depth of that .pdf I would suggest using it mainly as a reference guide while studying "Computer Systems: A Programmers Perspective" and "Secrets of Reverse Engineering".
   
   
3. Operating Systems: Choose which you want to dig into: Linux or Windows, and put the effort into one of them, you can come back to the other later. I would probably suggest Linux unless you are planning on specializing in Malware Analysis, in which case I would suggest Windows. Linux: No Starch's "How Linux Works" is a great beginner resource as is their "Linux Command Line" book. I would also check out "Understanding the Linux Kernel" (that's a .pdf link). For Windows you can follow the Windows Programming wiki here or you can buy the book "Windows System Programming". The Windows Internals books are generally highly regarded, I didn't learn from them I use them more as a reference so I an't really speak to how well they would teach a "beginner".
   
   
4. Assembly: You can't do much better than OpenSecurityTraining's "Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration" class lectures from Xeno Kovah, found here. The book "Secrets of Reverse Engineering" has a very beginner friendly introduction to Assembly as does "Hacking: The Art of Exploitation".
   
   
5. Exploitation: OpenSecurityTraining also has a great video series for Introduction to Exploits. "Hacking: The Art of Exploitation" is a really, really good book that is completely self-contained and will walk you through the basics of assembly. The author does introduce you to C and some basic principles of Linux but I would definitely suggest learning the basics of C and Linux command line first as his teaching style is pretty "hard and fast".
   
   
6. Specialized fields such as Cryptology and Malware Analysis.
   
   
   Of course if you just want to do "pentesting/vuln assessment" in which you rely more on toolsets (for example, Nmap>Nessus>Metasploit) structured around a methodology/framework than you may want to look into one of the PACKT books on Kali or backtrack, get familiar with the tools you will use such as Nmap and Wireshark, and learn basic Networking (a simple CompTIA Networking+ book will be a good enough start). I personally did not go this route nor would I recommend it as it generally shys away from the foundations and seems to me to be settling for becoming comfortable with tools that abstract you from the real "meat" of exploitation and all the things that make NetSec great, fun and challenging in the first place. But everyone is different and it's really more of a personal choice. (By the way, I'm not suggesting this is "lame" or anything, it was just not for me.)
   
   *edited a name out
   
   
   
   
   
   

> My only problem is I wonder how we will increase the amount of bitcoiners in the network.

By spreading the message on Facebook, Twitter, Youtube, schools, ...
By being an example that bitcoin works and that it has benefits. It's not easy to persuade other people because people don't like changes but there's no other way. People need to see that bitcoin is good for them and that they want to use bitcoin.

Best example is Andreas Antonopoulos. He wants to spread the message. He travels around the globe to give speeches about bitcoin, wrote two books about bitcoin. Has huge amount of videos on Youtube (channel). Has great knowledge of bitcoin, other cryptocurrencies, computers. Has IT diploma. He is from Greece so he knows what it's like to see that government steals money from people.

Great analogy bitcoin vs. automobile by Andreas: Car wasn't accepted when it was invented because people thought horses were better. That it would never work because there weren't enough gas stations to support cars and not enough people would have cars to warrant new gas stations being built. There weren't roads for cars, they had to prove themselves on dirt paths designed for horses which lead to them getting stuck. But as popularity grew roads were designed for cars. Not only were the roads great for cars but they were backwards compatible for horses.

Isn't that analogy same as email vs. letters?

History repeats itself. Bitcoin is still new, it's like the internet in the first years. When the internet was a new thing, only a few people imagined that people all over the world will comunicate with each other...

I recommend this video of Andres: The Death of Money | London Real and I think the book The Internet of Money should be good read.

I don't recommend people like Roger Ver and Charlie Shrem. They may look like good guys of bitcoin but not anymore.

Geez, man. Thanks for making me feel old! :P

This subredding is actually a good resource to keep up on what's new. Twitter is another one if you follow the right people. Paul Irish, Addy Osmani, John Resig and a few others.

In terms of training, pluralsight is a GREAT resource. It's not free, but you can get an introductory offer and the low end monthly plan is $30 which isn't too bad. They have courses on web dev and programming by some of the best people in the industry. It's a great way to learn. http://pluralsight.com/training

Online learning:

• Codecademy
  
• Code School This is a paid site. But they have a few free coures. (Their free rails course is REALLY good).
  
  A few books you should read:
  
  
• JavaScript: The Good Parts
  
• Effective JavaScript
  
• Clean Code
  
  Podcasts:
  
  
• JavaScript Jabber
  
• Ruby Rogues
  
  Make sure you learn Git and the Chrome Dev Tools. Code School has a great course on it
  http://www.codeschool.com/courses/discover-devtools
  
  I'm sure I'm missing stuff, but this should be enough to get the ball rolling. Enjoy!
  

Not tutorials, but I highly recommend the following JavaScript books:

JavaScript The Definitive Guide (6th Edition, Flanagan)

http://www.amazon.com/JavaScript-Definitive-Guide-Activate-Guides/dp/0596805527/ref=sr_1_1?s=books&ie=UTF8&qid=1310948024&sr=1-1

Pro JavaScript Design Patterns (Harmes/Diaz)

http://www.amazon.com/JavaScript-Design-Patterns-Recipes-Problem-Solution/dp/159059908X/ref=sr_1_1?ie=UTF8&s=books&qid=1310948075&sr=1-1

JavaScript Patterns (Stefanov)

http://www.amazon.com/JavaScript-Patterns-Stoyan-Stefanov/dp/0596806752/ref=sr_1_1?s=books&ie=UTF8&qid=1310948115&sr=1-1

Object-Oriented JavaScript (Stefanov)

http://www.amazon.com/Object-Oriented-JavaScript-high-quality-applications-libraries/dp/1847194141/ref=sr_1_1?s=books&ie=UTF8&qid=1310948145&sr=1-1

Most people swing from Douglas Crockford's nuts and recommend JavaScript: The Good Parts (http://www.amazon.com/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742/ref=sr_1_1?s=books&ie=UTF8&qid=1310948183&sr=1-1).

I received a free copy while at Yahoo in 2008 and honestly, I didn't find this book that good of a read. I felt it was definitely geared more towards those with formal CS backgrounds. Keep in mind, I definitely need to re-read it (to see if I feel the same way), but I read it a couple times back in '08 and tossed it on the shelf. The books I mentioned above I've read several times as well and can only say buy them. I'm on my 2nd read of Flanagan's book now.

jQuery in Action is a decent book, but the copy I have is for 1.3, I think. I think I have the first edition and it looks like there is a second.

http://www.amazon.com/jQuery-Action-Second-Bear-Bibeault/dp/1935182323/ref=sr_1_1?s=books&ie=UTF8&qid=1310948303&sr=1-1

jQuery Reference Guide 1.4 is also good, but it's for 1.4 and jQuery is at 1.6 now so it's tough for the books to keep up! I think it's pretty much the online/official reference guide as well

http://www.amazon.com/jQuery-Reference-Guide-Jonathan-Chaffer/dp/1849510040/ref=sr_1_2?s=books&ie=UTF8&qid=1310948347&sr=1-2

I just graduated with a CS degree, but here are some resources that I found useful:

• I'm currently reading this book. It's commonly recommended and I now know why. Great resource for building a solid foundation of SE knowledge.
  
  
• Algorithms are always important. This class and lecture series, along with the recommended text book for the class are really well done. I own the text, it was well worth the money for me. There are other free algorithms classes (i.e. Coursera), but I found these lecture to be the best, YMMV.
  
  
• Lastly, this is the class that goes along with the SICP book mentioned previously.
  
  I learn best by incorporating a variety of mediums - watching video/lecture, reading books, doing examples by hand/programming. I recommend looking at some of the Coursera classes, other classes on the MIT open courseware, edX, or Udacity.
  
  

I agree with what the others have said.

However, I'll give you some more direction and encouragement. I'm sort of in a similar position as you (except I'm a senior, and have a few years experience working with systems and networking) who is also looking at Security-focused internships.

The CompTIA certificates are okay, especially as a beginner, but they don't hold much weight. They're great for laying down foundational knowledge, and maybe helping you get an interview, but beyond that, they won't do much else.

If I were in your position, I would put my study time into getting the OSCP (Offensive Security Certified Professional). This thing is intimidating. It's one of the harder certificates to get in the industry, and the main reason for that is the exam is a rigorous 24 hour pentest. The payoff is worth it though; the OSCP has an overwhelmingly positive reputation in the industry (don't take my word for it, read up on other's opinions of it). This certificate doesn't expire, and it's something that can help you in your career further down the road (unlike the CompTIA certs). The biggest reason I'm mentioning it is because you can start as a total noob and still pass the exam (all you need is a basic understanding of networking and somewhat familiarity with linux) - be prepared to spend 300-400 hours in a lab environment until you get to that point, though. Start out with the Georgia Weidman book to see it it interests you, if so, go for it and don't look back. Even if you apply to non-offensive/blue team security positions, the OSCP will still put you and your resume near the top of the stack.

As your interest progresses in the Security industry, know that it's essential to have a thorough understanding of systems and networking - and how everything connects to each other.

Best of luck!

I'm just two months into my first real job for programming and have a few books I've been going through.

Clean Code is a book not just about writing code, but good code that is easily maintained and passed down to other people to understand.

Working Effectively with Legacy Code was a great read coming into company that has been around for 20 years and is on the third iteration of their product.

I am doing web development so You don't know JS, Javascript: the good parts and then Javascript The Definitive Guide have all been a great help.

If you aren't much a book person, Pluralsight.com is awesome for info on tons of different technologies and is well worth the monthly cost. Go follow every major name in your preferred technologies on twitter. They will tweet all sorts of cool things to learn about. Also, PODCASTS!!!. I don't even listen to music anymore. If I'm in the car alone I'll be listening to Dot Net Rocks or Javascript Jabber.

Lastly, there are subreddits for every tech imaginable. Go subscribe to them and hit everyone up for where they get all their info!

"IT skills" is pretty broad. What is your IT degree- MIS, Cyber Security, Information Sciences, etc? The answer will really depend on what your degree is in and what your interests are. For example, I could tell you to study programming, but if your degree and interests align more with Cyber Security policy implementation, that might not be the best recommendation for you.

As somebody who has been on a few hiring committees, I'd say to work on your soft skills. In many cases, these are more important than technical capabilities. Specific soft skills I look for in new hires: organization, attention to detail, solid time management, communication, and self-sufficiency yet a team player. For us, we will take the candidate who doesn't know everything but has a good attitude and willingness to learn over the person who thinks they know everything and has a horrible attitude.

General technical skills you should toy around with: know your way around Active Directory in Windows, learn how to view event logs on a system (for Windows, hit your Start key and type in Computer Management), NIST Risk Management Framework, learn the parts of a computer and how to set them up and tear them apart. Learning Linux is also good- what I did to understand Linux better was purchase a Raspberry Pi and set it up to run Raspbian OS and RetroPie (to turn the Pi into a retro gaming machine). I also purchased The Linux Command Line and practice the commands from the book in the Raspbian terminal.

Also, before graduation, try to get some kind of internship, even if your major doesn't require one for graduation. It's a great opportunity for you to build hands-on experience and work in an IT environment doing real work. Oftentimes, you will learn something new in your internship that is not taught in school, and the experience might broaden your interests a bit (not to mention you may get a job offer or at least great references because of your internship!). If you need assistance in trying to figure out how to land a good internship, just let me know.

You don't have to know anything about programming going in, as aixelsdi mentions. If you want to get ahead, here's some information which may help you do so. The rest is up to your own initiative. It can never hurt to know more about CS or more languages, as long as you don't waste time complaining about what's better in [insert language of choice].

I wouldn't recommend learning data structures and algorithm analysis before coming to UCI. Not because they aren't fundamental, they are. But because most people find it harder to learn those abstractions before learning the tools that utilize them (Python, C++, etc), which is why ICS 46 and CS 161 aren't the first classes taught. If you like math proofs more than math problems then maybe go that route, it could be helpful as iLoveCalculus314 mentions.

Languages: The CS introductory series (31-32-33) which you'll be taking first year is taught in Python. It switched to this because it's a good first language as a teaching tool. Right after you're done with Python, 45C will teach you C++ and 46 will use C++. The lower division systems core (51-53) generally use C or C++ but it differs by professor. Knowledge of Python will be useful in making your first year easier. Knowledge of the other two will make your next three years easier because they're common mediums for upper division courses. But you should be able to pick up a new language for a specific problem domain by the time you reach upper division.

Courses: If you want to get a head start on planning your courses, check the UCI Catalogue - Computer Science page. At the bottom it lists a sample of what your schedule over the 4 years might look like. That page is for the "Computer Science" major, for other majors in ICS see here.

Course Resources: You can actually view the Schedule of Classes without being a UCI student. Select a term (like Fall 2014) and a department (like I&C SCI) and it will list what classes were offered that term. Most lower div will be I&C SCI, most upper div will be COMPSCI. From the results you can go to the websites for those courses to see a syllabus, books used, etc. For example, here are the current websites for the introductory series ( ICS 31, ICS 32, ICS 33 ).

Your course professors and books and assignments will NOT be identical to those, but looking at what's currently taught will give you a pretty good idea of what the course entails so you can pre-learn anything that sounds difficult.

Books: If you have to pick one book to learn before coming to UCI, I would highly recommend C++ Primer, 5th Edition. It's very well structured as a self-teaching tool AND as a reference manual. You won't come away with any Python knowledge, but picking up Python as someone versed in C++ is easier than the other way around, and you'll find 45C much easier as well since you can focus on language quirks rather than fundamentals.

If you choose to learn Python first, Introduction to Computing Using Python: An Application Development Focus is the book currently suggested for ICS 31/32, and Learning Python (5th Edition) is suggested for ICS 33.

Another solid circlejerk book in the CS community is Code Complete, but I wouldn't recommend reading that until later on since it's more of a "best practices" book.

Good news is that you've got the educational creds to have a solid foundation for a future career. Now it's time to build the background or at least skillset to prove that you're dedicated to the field. An internship is helpful but you're going to need a lot more than helpdesk. I'd focus on finding a small consulting firm or getting in with IT at a company but treading carefully to not take on a title that states 'help desk.'

Showing that you have raw talent is the most important. Demonstrating skills such as learning python or spinning up your own secure server in Softlayer, AWS, or another provider is a massive resume booster and it shows you mean business. I'm not saying that you should sink a bunch of cash, but figure out a small server that you can use, secure, and play around with it over a period of a few months. There's a wealth of information you can pull from just 'doing' without having direct work experience.

Help desk can be a trap, so avoid that and go the networking route or sys-admin path by learning Unix. Help desk seldom leads to better roles in that it's catered to keep you trapped in tier 1 - 2 IT hell. Take it from me as someone who learned quickly that it's a dead end if you want to progress your career.

Hope this comment helps. In an attempt to help you find some good resources I'll post a few below.

Start to Python
https://learnpythonthehardway.org/book/

Secure AWS:
https://benchmarks.cisecurity.org/tools2/amazon/CIS_Amazon_Web_Services_Foundations_Benchmark_v1.0.0.pdf

Helped me get my CCNA:
Read up on GNS3 LAB, it's not supported by Cisco so I wont officially endorse, however you can Google and learn about this on your own.

https://www.freeccnaworkbook.com/

http://www.9tut.com/ - study before your test.

KB for general security. There's a lot out there but this is an easy start.
https://www.cybrary.it/

For learning application security, you'll need to know burp. I'd take a look at this link, and then see if you like what you're reading, do the right thing and go buy this from Amazon if you continue down this path.

https://leaksource.files.wordpress.com/2014/08/the-web-application-hackers-handbook.pdf

If you learn BURP or Python, you should own this book:
https://www.amazon.com/Tangled-Web-Securing-Modern-Applications/dp/1593273886

You mentioned some issues that sound like code cleanliness and structural issues. Getting better at algorithms really comes down to practice and exposure, there's no shortcut to this. But there's no reason to suffer from bad coding practices if there's room to improve.

A few books come to mind, which may seem like they're coming from left field, and may not seem immediately useful to the task of solving algorithm puzzles, but might be useful in the long term for you to learn how to write correct, clean code and reduce uncertainty:

• Code Complete 2. Some good tips in here regarding code cohesion, and how to write functions and classes cleanly.
  
• Clean Code. More on writing functions cleanly, along with design & testing.
  
• How to Prove It. This is a great book that delves deeply into logic. Even just the first chapter or two could be incredibly useful to you. It discusses things like DeMorgan's Laws, which show up a lot in programming and electronics. It deconstructs common logical concepts and phrases into boolean algebra and set builder notation (which inspire Python's list comprehensions). The world of math and logic and proof is not completely isolated from the world of programming.
  
  EDIT: One other thing is to make sure you understand the limitations of how computers represent numbers. The need for this understanding will become clear very quickly on, say, Project Euler problems. Look into bits, values, integers, signed vs unsigned, IEEE754 floating point.
  
  And one other thing is that it's easy to compare your solutions against some of the best solutions that exist for those problems and think you're doing a bad job when in fact you're doing an alright job if you manage to solve the problems with decent runtimes. Mind your 80/20 rule here. The extra time it probably took those people to craft those solutions is not 0, which includes whatever time they spent over the years becoming an expert at that language, etc.

Well firstly, language is a big choice right now. If you're looking to make a financially fulfilling career in a young company or on your own, I'd recommend learning javascript to later use node.js, and learning ruby. Personally, I'm a node.js developer, so I would recommend moving toward the JS world and using really cool things like socket.io and mongoDB. Ruby is a fantastic language overall. It's a bit slow, but it does a great job regardless, and tons of really cool startups use it. At the moment, I would say that these are the two most profitable paths to take in web development.

http://codeacademy.com is a fantastic place to start. It does a great job at teaching the fundamentals of programming. If I recall correctly, the javascript courses take you from the absolute basics to building some kind of useful application, such as a calculator or todo list.

Once you've made your way through the tutorials at codeacademy, move on to http://codeschool.com. Their tutorials are a bit more advanced, and leave you with a real application and real knowledge on how to take an idea and turn it into a real product. For node magic after you've moved through Codeschool, check out http://nodeschool.io/

Here are a few books I would recommend

JAVASCRIPT

• Javascript: The Good Parts
  
• Node.js in Action
  
  RUBY
  
  
• Why's Poignant Guide to Ruby
  
• Ruby on Rails Tutorial

Some more learning tools:

• Tuts+ has a number of great coding video tutorials, many of them free. Definitely worth a look.
  
  
• If you like the code-as-you-go kind, check out Code School. It's $30us a month but the courses are more in depth than codecademy.
  
  
• Book wise, Eloquent JavaScript is a good place to start (and its a free download!).
  
  
• Id also recommend JavaScript Enlightenment for advanced beginners, and JavaScript the Good Parts for those with a bit more experience.
  
  
• Another good beginner book is JavaScript & jQuery by Jon Duckett, it's got a great design and is much more illustrative than traditional books.
  
  edited to add links; formatting

I'm going to be brutally honest here, and I'm probably going to get down-voted, but I'm not impressed with the underlying code for the project. I don't even know where to begin.

You're obviously passionate about Javascript, but runtime engines and best practices have changed dramatically in the last few years. Some things that stick out could easily be chocked up to coding style or preference, but when those preferences aren't well-adjusted to current-day standards, it leads to a perpetuation of those bad practices and hinders the growth and evolution of web development overall.

I'm posting this here, instead of on Github, because these aren't quite bug reports. I'd be more than happy to contribute though.

1. Syntax and readability are more important than shortcuts.
   
   Cutting corners in the interest of character count is useless. It's better to be able to read the code than to have to interpret it line-by-line.
   
   For hinting, I recommend JSHint. It'll be nicer than JSLint, but it'll still likely hurt your feelings.
   
   Here are some JSHint errors/warnings that popped up:
   
   > The body of a for in should be wrapped in an if statement to filter unwanted properties from the prototype.
   
   > Expected an identifier and instead saw 'arguments' (a reserved word).
   
   > Expected a 'break' statement before 'case'.
   
   A lot of syntax errors can be solved by linting or hinting, and following a style guide. Here's Google's Javascript Style Guide. You'll find that most projects on Github follow the same code conventions, and for very good reason. When you make your code consistent and readable, other developers will be more likely to like you and contribute to your projects.
   
   
2. Read Douglas Crockford's Javascript: The Good Parts and Nicholas Zakas' Maintainable Javascript.
   
   
3. Use an AMD-style, modular system like Require.js or Yahoo Module Pattern because Global variables are evil. The basic idea behind a modular system is that every piece of functionality is broken down to its basic form, and no less. It helps to keep things organized. Even if you choose not to use a framework, following a trusted organizational pattern is a good idea. Consistency is key.
   
   
4. Check out Backbone.js or Underscore for data manipulation.
   
   I really like the project, but the code is unwieldy and confusing.

Setting up a homelab is a great way to gain some experience. Pick up an old server off ebay, or if you've got a solid comp at home start up hyper-v and get some VMs running. From there you can set up a domain, explore DNS & DHCP, windows updates, things like that. Or you can go down the linux route if you're more interested in that, get a spacewalk server set up, provision out some servers to do those same basic stuff. Set up a web server, a file server, a mysql server. The beauty of linux is that you can grab centOS for free and just start building up these servers. I saw on here the other day someone plugging the Linux Bible, I think it's a great book, a great learning tool, and a great way to get your feet wet building up servers and administering them. Beyond that, most of the info on the red hat system administrator cert is in the book as well, so...2 birds 1 stone? That's what I'm doing to explore things beyond my current scope of just SQL Server. Good luck!

https://www.amazon.com/Linux-Bible-Christopher-Negus/dp/111821854X

In my opinion; every book in this bundle is a bag of shit.

Here's a list of reputable books, again in my opinion (All links are Non-Affiliate Links):

Web Hacking:

The Web Hackers Handbook (Link)

Infrastructure:

Network Security Assessment (Link)

Please Note: The examples in the book are dated (even though it's been updated to v3), but this book is the best for learning Infrastructure Testing Methodology.

General:

Hacking: The Art of Exploitation (Link)

Grey Hat Hacking (Link)

Linux:

Hacking Exposed: Linux (I don't have a link to a specific book as there are many editions / revisions for this book. Please read the reviews for the edition you want to purchase)

Metasploit:

I recommend the online course "Metaspliot Unleashed" (Link) as opposed to buying the book (Link).

Nmap:

The man pages. The book (Link) is a great reference and looks great on the bookshelf. The reality is, using Nmap is like baking a cake. There are too many variables involved in running the perfect portscan, every environment is different and as such will require tweaking to run efficiently.

Malware Analysis:

Practical Malware Analysis (Link)

The book is old, but the methodology is rock solid.

Programming / Scripting:

Python: Automate the Boring Stuff (Link)

Hope that helps.

>At first I searched for a good guide for an average programmer, I found the [1] MDN JS Guide which is good, but I think not very good: At first I wasn't sure what is part of the language itself and what is only available at the HTML-DOM (they use a lot alert-dialogs - JS hasn't a Standard Library like Python or Java, has it?).

They use a lot of alert because it's the easiest possibility to show something for starters, you can however of course use console.log, console.warn and error. For the HTML DOM thing, well c'mon - at least try that examples in your console, will you? Just press [F12] or google for how to open the JS console for your browser.


>Is there a "JS Bible"? I know there is the tutorial for python ([2] click me) and as well there is the book/bible/reference for C (from dennis ritchie) and C++ (from Stroustrup). Does something like that exists for JS?

JavaScript: The Good Parts by Douglas Crockford


>Second Question: For my purposes, it is worth to use a Framework like jQuery? I'm using it right now, but I think it's not a big deal to code everything without using an 3rd-party framework.

I like to be able to swim, before I learn to drive a boat - and you? :)
Anyways, that depends - if you do this for clients, use jQuery, it's tested, on multiple browser, sure it has bugs, and plug ins should be reviewed by you before being used. jQuery helps to code less though, and has plenty of beginner questions already answered - just use it.

> Last Question: Atm I'm using Django as webframework and i'm very happy with it. But it looks like Node.js got lots of attention in the last couple of month, is mature enough to use it for real world problems?

It's "mature" enough yeah, but use what you need - not what is all the rage right now.

JS is hard, especially for people new to programming. Basically, JS as we know it today is an evolution of a browser hack that only recently became a seriously useful language. The syntax is terrible, math and numbers don't make any sense, the regex system isn't super robust, oh and it's not really an OOP language. Technically, it is multi-paradigm and includes some oop-like things and classes are on the way to browsers, but it's for naught anyway, because you don't need classes in JS - It's a prototypical inheritance based language.

If you're new to programming in general, I'd say you should start with a more sane environment, like Python. It will teach you programming concepts while railroading you into making good coding decisions. It's really common for people to start with Learn Python the Hard Way - don't. Go to /r/learnpython and search "LPTHW 31" and just count up the people struggling with it. Zed Shaw is an idiot, there are better things to read, I'd recommend watching the google IO talks, get a buddy to learn with. Honestly, I've never read a python book cover to cover, but I feel pretty comfortable with the language from just googling "How do I do X in Python" millions of times, usually if a link comes back to docs.python.org, I click that one first. The docs are wonderful, you don't need a book.

But, since JS is one of the most important languages due to it's integration with the most common form of media distribution in our time, I'd recommend reading / watching talks by Douglas Crockford. Check out Javascript: The Definitive Guide and Javascript: The Good Parts. The second one is a little easier to digest, while the first is really the definitive guide.

In both cases, I'd recommend doing the challenges on hackerrank.com.

I've been coding for a few years and for a while was just focused on getting things to work.  Now I'm at a point where I know I'll figure out any given problem with my accumulated knowledge and/or additional research, and I'm noticing that not planning ahead is the most significant (lack of) action that will set me back at this stage in my practice.

 
To remedy this, I've been looking into architectural patterns (MVC, MVP, MVVM, etc.), and UML diagramming.
 

-----

 
Architectural patterns were initially difficult to grasp, as many of the explanations available online dig into topics that might not make sense yet if you are inexperienced with architecture.  The MVC Java Tutorial by Derek Banas is the best introductory explanation of architectural patterns that I've come across (he also has some great videos on design patterns & other topics).
 
Some books that cover code structure & architecture in more detail:

• Clean Code: A Handbook of Agile Software Craftsmanship
  
  
• Code Complete: A Practical Handbook of Software Construction
  
   
  The author of Clean Code, Bob Martin, has a ton of talks that are a great source of info, and has also produced the CleanCoders series.
   
  
  -----
  
   
  Also check out some Software UML Examples.  I find that mapping out an overhead view of your project before starting to code gives you a chance to make sure the majority of relationships, life-cycles, and high-level details are planned out correctly from the start.  You'll still have to make inevitable adjustments while coding, but it's much more efficient than figuring it all out from the inside while you're building it.
   
  yEd Graph Editor is a good freeware option for creating UML diagrams.
   
  If you find that you really like the UML approach, check out Enterprise Architect.  It's definitely worth picking up since it allows you to generate file structures from your UML diagrams, with all of the boilerplate filled out already (class/method/variable definitions, etc.).
   
  
  -----
  
   
  Also related, SourceMaking has some good wikis on:
  
  
• Design Patterns
  
  
• Refactoring
  
  
• Anti-Patterns
  
  
• UML
  
   
  (Although their UML material is pretty in-depth and may be overkill if you just want to use UML as a quick way to plan out code.  But it's legit if you want to go all-out UML mode)

That is prepping for the Linux+ right?

I haven't done this course or the exam, but I've been using Linux for a decade. I think for Linux in general - if you are coming into it from scratch then you really need to practice setting up a system, configuring services, compiling software, use a variety of package managers, writing some basic bash scripts and so on. Then you'll have a framework for a lot of the arbitrary stuff they want you to memorize - all the various flags, switches and options. At that point you probably want to do heavy flash-carding for the real arbitrary stuff.

Basically I'm not sure there is a way around simply using it - unless you are great at memorizing stuff without relating it.

I don't know if this book covers the objectives better than the course material, but I found it excellent back when I first got into Linux (I used the 1st edition). http://www.amazon.com/How-Linux-Works-Superuser-Should/dp/1593275676

It was the kind of book that you could simply read through, play with what you learned in each section and it made a lot of sense. A real learning guide rather than a dictionary/reference.

Oh and if you want to learn a lot of really useful command line tips and tricks, this memrise was super helpful: http://www.memrise.com/course/50252/shell-fu/

If you master that memrise it'll make you super productive when working in a linux environment.

> Ps; anyone know of a good recommendation on how to start on web apps on the labs. Looking for a good book or resource.

The OSCP web app portion is good, but if you're like me you might benefit from some supplemental materials. Not necessarily specific to the course, but I found these resources really helpful for working on my web app skills

• Metasploitable2 has Damn Vulnerable Web App and Mutillidae. and a couple other web components. Takes common vulns from easy mode to hard.
  
• Google Gruyere more exploitable web app with a guide. Good info
  
• Pentester Lab exercises Web for Pentester I and Web for Pentester II are great and thorough.
  
• Web Application Hacker's Handbook web app hacking BIBLE.
  
• OWASP Testing Guide industry web app testing standard
  
  Hope that helps! :)

Well, you could obviously pay someone to create it for you. If Wordpress or other off the shelf CMS software doesn't cut it, then you're likely rolling your own solution.

I would recommend learning. Here's how to do it:

• Get a good development environment. I love Webstorm for general web work - great code completion, and makes a lot of things easy. For Rails, I would recommend RubyMine. Those guys at JetBrains make some really kickass software, let me tell you.
  
  
• Learn the basics of web development, and the roles of each technology involved. Use HTML to create templates for your pages, use your server-side backend to accept and provide content, use CSS to make it pretty, and JavaScript to make it dynamic.
  
  
• Understand the difference between and limitations of client-side and server-side code, and use each appropriately.
  
  
• Learn the tools. Pick a real technology stack and learn it, whether that be Ruby on Rails, LAMP, whatever you like. Doesn't matter - this is all about learning. Using jQuery will make your JavaScript life much easier, and try out SASS if you're feeling frisky.
  
  
• Don't expect a good-looking, reliable site on your first try - it's going to take a lot of effort.
  
  GET BOOKS. Books are the best programming resources around, believe it or not:
  
  
• The Pragmatic Programmer - The de facto programming best practices guide.
  
• Javascript, the Good Parts - How to JavaScript, by JS guru Douglas Crockford. Not really a beginner book, but a great reference once you get a handle on JS.
  
• Ruby on Rails 3 - Learn Rails by Example - This looked like a really nice beginner level intro to general web development and Rails.

But for the love of God, please, please, learn JavaScript itself to a good standard before even touching jQuery.

Even though jQuery makes writing web apps a lot easier and saves you a lot of development time, it is still a JavaScript library and as such, if you don't have a good grasp of JavaScript, you're going to be writing jQuery code that may well work correctly, but you're not going to have any idea why it works correctly and as such, debugging and writing advanced jQuery code is going to be a nightmare.

I appreciate that you might not want to spend any money on learning JavaScript, but if you're really interested in the language and want to know it well (and you already have a solid foundation in programming), then I highly recommend getting JavaScript: The Good Parts and reading through that. It's short (176 pages), you can read it in an afternoon (though the first time round, some of the stuff might go over your head), and although it may be very opinionated, most of what Crockford says is pure gold and at the end of it you will have a thorough understanding of how JavaScript works and how you can write good JavaScript, which will aid you tremendously when you start using libraries such as jQuery.

Apologies for my rantiness, it's just that JavaScript is seen as a 'toy' language by many, a simple language that people can just jump in and use without learning it first, as evidenced by people suggesting diving straight into jQuery, which is a reputation that I think is undeserved. JavaScript may not be the prettiest of languages, but it's here to stay, and if you learn to use it properly, you'll find that beneath the design mistakes lies a simple and beautiful programming language that just wants to be loved.

Do you have an academic adviser in the department or a professor you are friendly with? They could be a great resource. If you get your hands on the textbook / slides / notes from the better taught classes through a professor or student, that could help quite a bit.

You can also try the websites of some of the big name CS departments, there may be some openly available projects, slides, or notes.

It may suck, but books can actually be a fantastic resource.

This book isn't bad for algorithms and such, and you can pick up c++ with it too.

http://www.amazon.com/Data-Structures-Algorithm-Analysis-Edition/dp/032144146X

The price is pretty nasty though, maybe you can get it at your library.

I've had employers rave about this one:

http://www.amazon.com/Code-Complete-Practical-Handbook-Construction/dp/0735619670

But I have to be honest, I haven't checked it out myself.

Here is an OOP and design pattern one:

http://www.amazon.com/books/dp/0471744875

Google is also your friend and there are many great wiki pages on software engineering related topics.

Your college is a great resource, use the TAs, professors, lab and library to their fullest. You can get a lot of material very quickly there.

Hope this helps, sorry I didn't have any direct links to sites for you.

> Looking out into the world, I'm seeing that pretty much all of the job postings (at least currently) are Linux-focused.

This is spot on. Unfortunately I am in the same situation (sort of). I am on the job market and have Linux experience from 6-7 years ago but recent stuff is Windows. The job market for windows is very very small (and shrinking IMO) - the Linux move is the best move to better future proff yourself. You are on the right track.

However, (here comes the disappointing part) - much will not be transferable. Well, your Azure knowledge is good thing to leverage - even if a lot of stuff is still AWS. The high level concepts, "yes" - you have an advantage over the totally newbie b/c you understand release management and have done it regardless of the tech. But you will almost have to start from junior level to gain traction in Linux if you havent touched it before. Everything that most are saying on this post is valid.

Learn / become familiar with:

• Python, BASH - work on your dev skills
  
  
• install Linux, configure mail servers, web servers, db servers, poke around on the system - read this book then read it again.
  
  
• jenkins (and similar), AWS/GCP, hashicorp tools, ... open source web servers, databases, etc
  
  
• using Linux locally on a laptop is good idea
  
  
• Linux Academy - get a subscription, go crazy (well try not to go certifiably crazy ;))
  
  
• Consider a few good Linux certs (Linux Foundation LFCA/LFCE and/or RHCSA/RHCE) as these are performance based (and you WILL learn something) and have more clout than multiple choice certs.
  
  Basically look at what you do now in MS focused tools, find the open source equivalents and build stuff :) Put it on github/gitlab too.
  
  It is sort of a lot to learn and can be overwhelming. So plan to take a little at a time and see where everything fits in the larger scope.
  
  Good luck - IMO as you can see in job postings, you are making the right move
  

Hey man. Good to hear that you are interested in programming. :)

I don't think "books" is a good suggestions. There is a lot to read and not a lot of time in the world. Plus, programming tends to be more fun.

That being said, however, I am going to go ahead and recommend reading Code Complete. I think that book should be required reading for every programmer. You will learn a lot and it is also a fairly amusing / interesting read.

I would also like to suggest that you use StackOverflow and follow interesting conversations in it. One of the tricks to programming is to become very engrossed in it. Find things you find interesting and read/learn just for the sake of it. If you think you know language 'X' well -- go to StackOverflow, sort by votes, filter by tag and tag the language you want to read about. I guarantee you will find a lot of "Woah, I did not know language 'X' could do that."

One last thing w.r.t all the 'what languages should I learn' hullabaloo. Start a little higher level. It sounds like you want to learn an Object-Oriented language. Do you know what your other options are?

http://en.wikipedia.org/wiki/Comparison_of_programming_paradigms#Main_paradigm_approaches

There's a quick overview of the different 'types' you'd expect to see. OO is a clear one, especially for industry development, but functional languages and others may also end up being used for your job. :)

EDIT: A little more on topic. I started with C++ in school. Some concepts were difficult -- pointers, references/pass-by-reference/de-referencing, and to a lesser extent garbage collection / memory allocation.

The main argument for learning C++ first is that it gives you good fundamentals. Every programmer should know what a pointer is. And a double pointer, for that matter! The main argument against learning C++ is that you can blow your foot off much easier than in Python. And that's no fun. And if you're the type of person who isn't ...tenacious enough to try and repair your own blown off foot -- perhaps a higher-level language would be a better choice. In this way you can become more accustom to the frustrations of coding (and how to cope) before introducing more complex issues.

That isn't to say you can't create just as large a clusterfuck with Python. You can. It has its own nuances. It's just that the library support (code already written for you) is going to be more extensive. A good comparison would be driving an old car vs a new car. The engine is harder to repair in the new car (can't get at the parts), runs better, but you don't get a feel for whats in the engine. Its more of a black box. That old '57 Chevy (C++) has its engine laid bare (not as much as C), but if you're no mechanic you might break your car and abandon it.

Just do what you find fun! You're still young :)

I can't possibly recommend Douglas Crockford's Javascript: The Good Parts enough. It's a quick read; I read through it in an afternoon. I've been doing professional node development for three years now, and I still reference The Good Parts.

Similar to what /u/AlexanderC89 said, there are high-level architectural and pattern differences between javascript and PHP. The key concepts, off the top of my head, that are most important to understand are:

• Prototypal (js) vs Classical (php, c/c++) inheritance
  
• Functions as first-class objects (and lambda functions)
  
• Asynchronous/event-driven I/O model
  
• Block scope (php, c) vs Function scope (and closures)
  
• Variable hoisting
  
• "==" vs. "===" and "falsy" values
  
  You can probably find good descriptions of all of these somewhere on the web, but I'd just as soon recommend reading The Good Parts. I'm not affiliated with Crockford or anything at all like that, quite simply just that The Good Parts is really that helpful.
  
  Honestly, I wouldn't sweat promises until you have a strong grasp of the callback model. They're important and very useful, no doubt. Its just that I've tried to introduce promises to a few colleagues whose understanding of the async callback model wasn't the strongest, and it really tripped them up. Once the callback model clicked for them, promises were a snap to pick up. YMMV.
  
  I can throw together some quick examples and descriptions for you, if you find that sort of thing helpful.
  
  (edit: formatting)

Are you thinking about this in the context of a particular language or framework? Sometimes that will help steer you as to how you might organize your code on a high level. For example, the Model-View-Controller paradigm is implemented on an api level in Ruby on Rails, and you'll also find it in practice if you build an iOS app.

If I'm working on something that doesn't rigidly dictate architecture, I still like to frame the project with MVC in mind. That means you're going to have classes that make up your data layer, your controller-like classes that implement business logic, and some classes that represent visual representation. Sometimes your views may not be code at all, and it's some type of markup like HTML or XML.
I'm linking this since I'm using it myself as I learn a new web framework, Express. Express isn't very opinionated with how you organize your projects, but I think Peter gives a pretty good explanation as to how to do it with Express, and it could be extrapolated to fit other projects:
https://github.com/focusaurus/express_code_structure

For an example of a mature, larger project, Discourse is an open-source web forum. I particularly like how code is organized in this project.
https://github.com/discourse/discourse/tree/master/app

Lastly, if you're interested in a book, look no further than Code Complete. Probably my all time favorite, I make a point to try to re-read parts of it every year. It's a book about code construction, and offers invaluable insight as to how you should strive to organize your code, and more importantly, why you should organize it that way.

EDIT: I should mention I'm speaking with Object Oriented Programming in mind. Of course, if you're using something procedural like C, it's a fundamentally different programming model with routines and functions operating on and transforming data structures. Systems programming, something like a driver, is going to be organized differently. Again, the answer is somewhat domain specific.

Preface - you have missed years of development in an area (web client front end coding). It's advancing so fast the rest of us can barely keep up. I'm serious - seems like every day there's something new that would take me multiple days to learn well.

See the "Web Development Timeline"





Moving beyond the standard HTML5/CSS3 stuff, I spent part of my evening compiling this list. It's incomplete and some stuff is opinion. WMMV. If you were helped, well, buy me a beer someday :-)

• JS got real popular. Catch up on the current terminology used.
  
• ECMAScript/ES5 language extensions
  
• ES6 ("Harmony") extensions - coming soon; some already here. The current working draft of ES6 as PDF
  
• Exhaustive list of Micro-libraries
  
• HTML5 shims, ES6 shims, Lazy loaders (require.js), Modernizr... It's overwhelming, please see Daily JS for an exhaustive roundup of libraries/frameworks as they are released.
  
• Underscore.js for functional programming niceties
  
• The myriad client-side MVC frameworks - (Backbone.js, Ember.js, Spine.js, etc.)
  
• Stratospheric rise in the goodness of webkit. See Peter Beverloo's blog for weekly reports of WebKit new features added.
  
• Douglas Crockford's JavaScript: The Good Parts was a huge hit - this always comes up in interviews.
  
• IE9 and IE10. IE9 did border-radius, SVG, and added a faster JS engine. IE10 (only for Windows 8) adds CSS gradients, 2D/3D(?) transforms, CSS transitions (and animations now I'm told?)
  
• Opera is now on versions 11 and 12 - and it still rocks. Here's what's new in the development snapshots from their blog. I'm a fan since long ago, it's nice to see them continue to remain competitive with the 'larger' browsers.
  
• Firefox is now on versions 12 through 14.
  
• Chrome is now on versions 18 through 20.
  
• JSLint is now integrated in some editors (I love it in notepad++) and JSLint begat JSHint, which is sold as "kinder, gentler"
  
• Web Workers (aka JS threads)
  
• Web Sockets API
  
• WebGL See the 3-D dynamic terrain/bird demo - awesome!
  
• Death of Ajaxian.com rule, takeover by Daily JS and BadAssJS (IMHO)
  
• Inline images expressed in data/uris which are base64 coded) eg: IMG SRC="data:image/gif;base64,EEEEEEBASE64JUMBLE" online image encoder
  
• LESS and Sass - better CSS with variables, macro expansion, etc.
  
• calc() in CSS3 Really new - chrome nightlies and firefox supports. If you remember way back when, IE 5.5/6.0 had a similar but poor performing feature called CSS expressions
  
• INPUT TYPE="COLOR" and "DATE" should now work well, and have in-browser helpers for selection.
  
• CSS3 display:flex-box
  
• CSS Gradients/Animations/Transitions see this slidedeck/demo
  
• CSS3 Shaders/Filters. Shaders are really really new (as in: last week) as far as implentation in a browser. I'm psyched about creating some vertex shaders (.vs files) for effects.
  
• Local Data Stores (4k cookie - bah!)
  
• Mobile browser coding: events for swiping screen, etc. see jQuery Mobile, Sencha touch.
  
• Node.js based on Chrome's V8 JS interpreter (I know; you know...)
  
• Coffeescript (I know you know, I included for completeness) The JS to Coffeescript is also interesting.
  
• DART. Google's JS-like language for those who like classical Java/C++ oop style - they even have a version of Chromium for Mac which has DART native. Else it transpiles to JS, like Coffeescript does.
  
  
  
  If you didn't click on any links above, well, for shame. There's some good important stuff up there. Below are a couple websites that I think are must-sees, as far as demos of the recent html5/css3/bleeding edge, and news/informational blogs I read daily or weekly... Most were listed above!
  
  
• CSS3 Click Chart
  
• HTML5 Rocks!
  
• Learning threejs/tQuery (WebGL)
  
• Bad Ass JS
  
  
• W3C's blog on CSS
  
• Daily JS - - news on libraries and node, mainly
  
• Steve Souder's blog on high performance web sites. He wrote a couple books too that are very good.
  
• Peter Beverloo's blog discussed what's new in this week's WebKit/Chromium builds.
  
  
  
  
  
  
  Stuff I didn't include, and am going to leave as an exercise to the reader:
  
  
• Vibration API (for tablets, phones)
  
• Battery status API
  
• CSS3 image-set (download different quality/resolutions depending on capabilities)
  
• Video element stuff - Hollywood's next blockbusters may be edited over the web.
  
• Speech API - see Peter Beverloo's blog and W3C...
  
• Audio - there's some full on audio mixers and synthesizers out there now
  
• Web Inspector in Chrome
  

I love learrning linux! I love the community! You aren't following a trail of breadcrumbs, you are racing down a superhighway of information. Google/duckduckgo is now you best friend, it pays to learn how to work with them.

Books:

The linux command line

The Linux Bible

UNIX and Linux System Administration Handbook

​

Where to ask questions and find information:

https://askubuntu.com/

https://www.linuxquestions.org/

https://www.linux.org/

https://www.linux.com/forum

https://stackoverflow.com/

https://unix.stackexchange.com/

https://ubuntuforums.org/

https://wiki.archlinux.org/

​

How to ask questions for maximum help:

https://unix.stackexchange.com/help/how-to-ask

https://www.chiark.greenend.org.uk/~sgtatham/bugs.html

​

Tutorials:

Linux Journey

This dude called Ryan is pretty cool

This guy Dave has a really nice voice on youtube

Linux Foundation

linuxcommand

linuxsurvival

​

Linux learning games:

Terminus

wargames

​

Subreddits you might want to get into at some stage, or subscribe to, I just made a big multireddit that I use when I want to focus my redditing on positive use of my time:

• -PROGRAMMING
  
• -LINUX
  
• -SYSADMIN
  
• -LEARNPROGRAMMING
  
• -LINUXMASTERRACE
  
• -HOMELAB
  
• -HACKING
  
• -RASPBERRY_PI
  
• -NETSEC
  
• -UNIXPORN
  
• -THINKPAD
  
• -LINUX4NOOBS
  
• -UBUNTU
  
• -AWS
  
• -VIM
  
• -LINUXQUESTIONS
  
• -DEVOPS
  
• -DEBIAN
  
• -LINUXADMIN
  
• -COMMANDLINE
  
• -LINUXHARDWARE
  
• -ANSIBLE
  
• -LINUXPROJECTS
  
• -LINUXFROMSCRATCH
  
• -LXD
  
• -LXC
  
• -TERRAFORM
  
• -LINUXCONTAINERS
  
• -SYSADMINMENTOR
  
  ​
  
  Some distros:
  
  Ubuntu
  
  RHEL
  
  ArchLinux
  
  centos
  
  openSUSE
  
  fedora
  
  Linux Mint
  
  ​
  
  This is a big ass list of stuff to look at and seems really daunting, start off really simple and learn these commands:
  
  
• pwd
  
• touch
  
• cat
  
• mkdir
  
• ls
  
• cd
  
• cp
  
• mv
  
• rm
  
  ​
  
  Tip: for any of those command you can look at the man page by typing:
  
  man <command>
  
  ​
  
  examples:
  
  man touch
  
  man ls
  
  ​
  
  Edit: The only thing I would warn you of is that learning can be quite lonesome, it is a very individual pursuit, the answer to almost every question has been asked and answered before, you just need to google the right stuff, think hard and google hard before asking questions, you will run into some toxicity if you do not, I do believe at times that it is justified but you can insulate yourself from too much negativity by really putting in some of the grind before asking questions online. The reward for asking smart questions is help from people that go out of their way to help you, help them help you.
  
  ​
  
  Enjoy the rabbit hole!

Reversing: Secrets of Reverse Engineering - Is probably the most common book recommendation. Its an older book (2005) but its about as gentle as it gets in terms of the core concepts but its missing a bit due to its age (32bit RE only). I'd liken it to something like Hacking: The Art of Exploitation for exploit developers. Its a solid book, it covers the fundamentals but it'll take a bit more work to get up to speed.

Practical Reverse Engineering - This one is a newer book (2014) while it doesn't cover as many topics as the above book, its less dated in what it does cover, and it does cast a wider net covering things you'll see today like ARM and x64 instead of just x86. I tend to recommend starting with this book, using Reversing and the next book as a reference if there is a chapter of interest.

Practical Malware Analysis - While this one has more traditional RE introduction, where it excels is in dynamic analysis and dealing with software that doesn't want to be analyzed. Now, its from 2012 and malware has changed since then, so its age certainly shows, but again fundamentals remain even if technical details change or are expanded upon.

Practical Binary Analysis - This is the newest book of the list (December 2018). It wouldn't use it alone, but after you've gone through any of the above books, consider this an add-on. Its focus is on dynamic analysis and its modern. I'll admit I haven't read the entire thing yet, but I've been pleased with what I have read.

Edit: s/.ca/.com/g

Speaking as someone who was great at reading but bad at retaining, learned to retain while in college getting a liberal arts degree, and has been reasonably successful at teaching himself programming languages since graduating...

Read things twice. Not necessarily the whole book, but for each paragraph you come across, think about what it's saying. If it is introducing something new, then read it a second time.

Read things out loud. Not even stuff you're trying to learn, and not necessarily to an audience. But (if you're taking my advice about reading things twice) do your second go-through out loud. You'll find that often your intonation is wrong - you didn't catch that something was a question, or you thought you were on the last clause of a sentence but you were wrong. Dedicate some small part of your brain to listening as you read out loud, and fixing these problems. This will help you get the structure of a thing - which parts are introductory, cursory, or parenthetical, and thus can be skipped over; which parts are REALLY IMPORTANT, which parts are actually pretty damn funny but you missed the joke the first time...

Don't just read. Explain to people what you're reading. My housemates and girlfriend have probably sponged half the stuff I've taught myself (about programming, musical instruments, bicycles, pretty much anything I've decided to learn about) because I'm constantly asking if they mind if I explain a concept to them. It helps that we're all young, intelligent, curious people.

Have a conversation with the book. When you come across something that seems wrong, don't just plow through - see if you can figure out why it just said what it did. Maybe you read it wrong. Maybe you misunderstood an earlier concept. Maybe you thought the dude was speaking when it was the lady. The point is that after that initial moment of confusion, you'll have a moment when it Suddenly Makes Sense - cultivate your enjoyment of that moment. It's one of the greatest pleasures of reading.

Do the stuff you're reading about. In the case of programming, do the exercises. If you're reading a book about a foreign language, acclimate yourself to the rules of pronunciation. In a work of fiction, hand the part of you that experiences emotions over to the author and let him or her shove you around to whatever he or she wants. If there's a math concept that doesn't quite make sense, pull it up on Wikipedia and read the links that describe any of the fundamental elements that you're missing.

If you want to get into programming, read one of the Head First books. They talk a lot about effective ways to learn things, in addition to putting those principles into practice in how they teach programming. This book started me on my current routine of reading a chapter of (whatever computer book, currently Code Complete) when I first wake up in the morning.

Apologies for the wall of text, I hope that was helpful. I'll edit to add anything that I think of.

Personally I’m running on two physical boxes separated by a firewall. One hosts my files, the other hosts services available from the internet. The internal one runs Debian 10 with all services running in docker, and the external one runs FreeBSD 12, with all services running in FreeBSD jails though a nginx reverse proxy, and storage mounted from the internal one via NFSv4 using Kerberos and encryption. I have filesystem auditing, log watching, fail2ban, connection rate limiting and GeoIP blocking. The firewall runs PfSense, and besides PFBlockerNG (pihole on steroids), it also runs IDS/IPS in the form of Suricata. Storage on the internal box is encrypted with LUKS, which is auto mounted by systemd using a key stored on an encrypted USB drive, which in turn is auto mounted by systemd using a key stored on the unencrypted root partition. Storage is divided between ZFS RAID1 on a couple of SSDs, along with Snapraid/Mergerfs on 4*spinning rust. I update all software daily.

Sound complicated ? Good, because it is!

While I would recommend trying anything sufficiently advanced to challenge your skills, I would not recommend using “basic Linux knowledge” to setup a secure internet facing system. There are simply too many variables that needs to be configured just right, and while most distributions today offer fairly sane default configurations, there are still lots of places you can screw up.

Unraid is a fairly polished paid solution that will do all you want, and provided you setup your firewall rules correctly it is also fairly secure.

FreeNAS is a FreeBSD open source, free, system that will also do what you want, and be fairly secure (as much as Unraid, and possibly more)

OpenMediaVault is a Linux Port/Fork of FreeNAS. In theory it should be just as good, but I’ve not had much luck with it, though I’ve not used it for long periods of time.

If you must roll your own, I suggest you first go out and get a copy of UNIX and Linux System Administration Handbook (5th Edition), and study it carefully. That will equip you with a lot of valuable skills for securing and not least recovering data from the system when it crashes, which it will eventually!

Next, This guide will help you setup the basic stuff, but leaves out a lot of security configuration. I found some of the missing configuration in this post. While written for a Raspberry pi, it should be applicable to just about any Linux distribution, though package manager commands will vary.

Finally, you really should consider limiting who has access to your nextcloud server (or any service for that matter). Does it need to be accessible to the whole world ? Or is it sufficient to limit it to a single country ? While GeoIP blocking is easily thwarted by using VPNs, it will keep a lot of the random drive by hackers away.

Don’t be tempted to open up SSH to the internet, and if you do, make 100% sure it’s setup to allow key only authentication. Instead, setup a VPN, and use that for remote administration.

Oh, and people telling you to use Traefic for reverse proxy on a public host are a lot braver than I am. There are known security problems with exposing the docker socket inside a container, and runC, the daemon responsible for running docker containers, has had its share of severe security holes

the easiest way is to strictly identify which part is really the variable:

foo=test

cp $foofile testdir/. # cp: missing destination file operand after 'testdir/.' ($foofile doesn't exist and expanded to null, not enough required params for cp)

cp "$foofile" testdir/. # cp: cannot stat '': No such file or directory ($foofile still doesn't exist, but expanded to '' due to double quotes usage - good practice)

cp ${foo}file testdir/. # will compy 'testfile' if exists

Also it is usefull to access command line params from inside the script if there are more than 9 params, to access 10th param use ${10}

and here is some list i noticed for myself of how to use this braces, while reading this book - would recommend:

Sorry for formating issues, reddit treats spaces and new lines in special way..


variable substitution:
substitution:

Bash supports various variables substitutions:

$a - will be substituted with 'a' value

${a} - same as $a but could be concatenated w/ string w/o spaces:

${a}.txt - will be expanded in a_value.txt

${11} - 11th positional parameter given to script from shell

${var:-word} - if 'variable' is set, the result will be its value

if 'variable' is unset - the result will be 'word'

$(var:=word} - if variable is set results in its value substituted

if variable is unset, it will be assigned to 'word'

such assignment will not work for positinal params(see 'shift')

and other special variables

${var:?word} - if variable is unset error with reason 'word' will be

generated, exit code of such construct will be 1

${var:+word} - if 'variable' is set, the result will be 'word',

(but variable's value will not be changed)

otherwise result will be EMPTY string

Example:

$ echo ${variable:-ls} - variable unset - ls used

> ls

$ export variable=1

$ echo ${variable:-ls} - variable is set- its value used

> 1

$ echo ${variable:+ls} - variable is set - ls used

> ls

$ echo ${variable1:+ls} - variable unset - empty line used

>

${!prefix} or ${!prefix@} - returns NAMES of existing variables

that starts from 'prefix.

Example:

$ echo ${!BASH}

> BASH BASHOPTS BASHPID BASH_ALIASES BASH_ARGC BASH_ARGV BASH_CMDS

string variables substitution:

${#var} - returns length of string in variable's value

Example:

$ var=123456789 #this could be interpreted as a string too now

> 9 #string length is 9

${#} or $# or ${#@} or ${#} - returns number of positional parameters

of the script being executed

${var:number} - return string from number to the end, spaces trimmed

variable is unchanged.

Example:

$ var="This string is to long."

$ echo ${var:5} #returns string from 5th symbol

> string is to long.

Example: spaces are trimmed:

$ echo ${var:5} | wc -c #count chars

$ 19

$ echo ${var:4} | wc -c #return starts from space

$ 19 #space is trimmed so same number of chars

${var: -number} - return string from end to number, spaces trimmed

NOTE - space between ':' and '-' signs

Example:

$ echo ${var: -5}

> long.

${var:number:length} - return string from number till end of lenth

Example:

$ echo ${var:5:6}

> string


${var: -number: -length} - return string number between number(from the

end) and length (also from the end)

NOTE: number must be > than length

Example:

$ echo ${var: -18: -2} #var is This string is to long.

> string is to lon

${@} - return all values of positional params

leaving spaces inside strings (like "$@" ) - bcs it know how

many arguments script has

${} is the same form, it seems

${@:num} - displays values of positional params but from num

$(@:1) - works same as ${@}

${@: -2} works , but starts from the end

${@:num:length} - same as with strings but with positional params

${@: -num: -length} - same as with strings but with positional params

${param#pattern} - finds shortest match and deletes it (lazy match)

Example:

foo="file.txt.gz"

${foo#.}

>txt.gz

${param##pattern} - finds longest match and deletes it (greedy match)

Example

${foo##.}

>.gz

${param%pattern} - same as # but deletes from the end of the file

Example:

foo=file.txt.gz

${foo%.} - note . instead of . in # example

>file.txt

${param%%pattern} - same as ##

${foo%%.}

>file

Search and replace:

${param/pattern/string} - replaces first occurance of pattern with string

${param//pattern/string} - replaces all occurances of pattern with string

${param/#pattern/string} - replaces only if at the beginning of the line

${param/%pattern/string} - replacesonly if at the end of the line

My advice? Enjoy your summer. It's one of the last times in your life that you'll genuinely have very little to no responsibilities. The field of CS is very much about learning on your own as an autodidact, so if for some reason you're getting bored doing teenage girl things there are plenty of resources out there to learn CS topics from.

I would focus on these rather than a formal, guided summer program because in your CS career you're likely not going to have the opportunity to have a guided internship every time you need to learn something new. Not to mention you're going to have a hard time finding an internship as a prefrosh since even freshmen/sophomores are looked over in favor of more experienced candidates. Some of these sites I've listed below offer certificates of completion, especially the MOOC-type courses, if for some reason you need vindication of your efforts. Lynda I believe offers their entire collection free through many local libraries. If your local library doesn't have a relationship, try other libraries in other counties or parts of your state.

Other than that, do your best to absorb as much programming knowledge as you can as it will be immensely helpful in your studies. As you learn, try to learn what really interests you in the field of CS (cybersecurity, machine learning, AI, robotics, data science/databases, or maybe you just turn out to really, really like coding) so you can make it a specialty. The field of CS pays enormous dividends when you specialize into things. It's these types of niche consultants that can demand $100-200/hr and get handsomely rewarded.

Oh, and think about subscribing to these subreddits, you might find them useful:

/r/cscareerquestions
/r/learnprogramming
/r/netsecstudents
/r/sysadmin
/r/ITCareerQuestions

If you enjoy programming:

• Codecademy
  
• Cybrary
  
• Lynda
  
• Udemy
  
• Pluralsight
  
• SoloLearn
  
• theodinproject.com
  
• Udacity
  
• https://www.edx.org/course/introduction-computer-science-harvardx-cs50x
  
• https://education.github.com/pack
  
  If you enjoy cybersecurity:
  
  
• CTFtime.org
  
• pentesterlab.com/bootcamp
  
• OverTheWire.org/wargames/
  
• io.netgarage.org
  
• pwnable.kr
  
• www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641
  
• https://code.google.com/archive/p/pentest-bookmarks/wikis/BookmarksList.wiki
  
• http://www.amanhardikar.com/mindmaps/Practice.html
  
• https://www.bonkersabouttech.com/security/40-intentionally-vulnerable-websites-to-practice-your-hacking-skills/392
  
  If you're interested in IT certifications:
  
  
• CompTIA A+, Network+, Security+, Linux+
  
• Cisco CCNA
  
• Microsoft MCSA

Excellent questions! If you are a CS grad you are ahead of the game. However, it all depends on what you want to do. I suggested learning programming/CS principles for two reasons:

1. The more you understand how computers, code, compliers, software, stacks, memory randomization, CPU protection rings, and the such work the better you are at hacking. You can find novel ways to get into systems and exploit them, etc.
   
   
2. You can write basic tools on the fly. It is amazing the tools you can create with a few lines of code when you have access to nothing but a GCC compiler in a *nix environment.
   
   If you want to find zero day exploits, yes learn how low level languages work. It would be very helpful in that case.
   
   Otherwise, Learn python (or whatever is popular at the time) to write your own exploit tools....or to modify existing ones.
   
   
   If you want to be apart of a red team learning lower level languages could make you a better exploiter. However, IMO, I would start with just learning the basics of hacking.
   
   
   These two books are old but they are absolute standards for anyone starting off:
   
   https://www.amazon.com/dp/1593271441/ref=cm_sw_r_cp_awdb_t1_GYIACb1Z2YXFA
   
   And:
   
   https://www.amazon.com/dp/1593275641/ref=cm_sw_r_cp_awdb_t1_zZIACbMH0WTMP
   
   
   Also, learn as much as you can on how windows/Linux/virtual machines (and containers) work. The more you know about how an OS works the easier it is to exploit.
   
   Learn to exploit, there are a ton of free sites to help you learn:
   
   http://overthewire.org/wargames/
   
   
   https://www.cybrary.it
   
   
   
   www.vulnhub.com
   
   
   http://google-gruyere.appspot.com
   
   
   
   Learn CTF challenges:
   
   https://ctflearn.com
   
   
   When you are able to hack take part in real challenges:
   
   
   https://ctf365.com
   
   
   Then start your career with a RESPECTED CERT, OSCP:
   
   
   https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/
   
   The OSCP is no joke and it is a timed, 24 hour cert test. Yes, you read that right, 24 hours.
   
   Unless you want a government gig stay away from C|EH, it is a joke cert in the community. Again, unless you need to work for a gov agency
   
   
   
   Finally, and I cannot stress this enough.....LEARN CLOUD COMPUTING!!! It is here to stay and on-prem systems are dying a slow death. It will change how you exploit systems and how software is engineered/deployed.
   
   

I can relate to your attitude and desire to learn Linux, I've felt the same.

I highly recommend this book: https://www.amazon.com/How-Linux-Works-2nd-Superuser/dp/1593275676/ref=sr_1_2?keywords=how+linux+works&qid=1558200935&s=gateway&sr=8-2

I read about a chapter or two a day with some coffee. It's fun and interesting. I think it's right up your alley.

For me, there's two types of Linux learning. Things I learn for fun, and things I learn because I have to or my stuff doesn't work. I started with a lot more things I learn for fun, but now most things I learn because I have to.

I do web development on a Manjaro machine using KDE. I love the distro, but I didn't try any others. I don't need to. It's fine. I use Debian on a lot of the webservers, that's fine too.

My feeling is, all these distros you're looking at have much more in common than not. If you set up a Desktop Environment, a popular one like GNOME or KDE on ANY distro, it's gonna be pretty similar. If you just want to use the shell on any distro, well, you can install whatever shell you want, use of that shell on any distro will be pretty similar.

IMO, you should focus MUCH more on deciding what DE/WM and shell you'll be using. This is going to play a much bigger role in your daily use than what distro you use. I think you should look up youtube videos and online tutorials of different people using different shells, scripts, WMs, VIM, etc, and see what excites you.

You can install Arch, step by step, using the wiki, and it's not that hard. It feels scary and weird at first, but you're just cooking, you're following a recipe, and if you mess up a step, a bunch of people have messed that step up too, google it.

Don't think too much. Just jump in.

A year ago, I probably would have said C/C++ with SDL, or maybe SFML, or maybe even Pygame. Flash would have been an option, but you can't develop for flash on Linux (without jumping through hoops). But this is almost 2012, and there is a very real and very interesting alternative to the "traditional" routes: HTML5 games.

But dude, javascript sucks, right? Not really. Read Javascript: The Good Parts. Javascript is misunderstood and perhaps a little strange, but it doesn't suck. And modern Javascript engines are very fast, it's no longer a second-rate scripting language.

But dude, only people with bleeding edge beta browsers can use it, right? Not really. A year ago maybe, but anyone with a recent version of Firefox, Chrome or IE can play your game. Some people might need to upgrade, but they probably need to upgrade anyway.

But dude, the only other dude to recommend HTML5 was downvoted. So what? It's still an emerging platform but it's ready to be used now, whether the other developers realize it or not.

But dude, none of the browser-based games I play are HTML5, is this for real? Yes, it is! Like I said, it's an emerging platform, but they're out there. Just look at Onslaught Arena or Can't Turn it Off (which, as a bonus, was made with a WYSIWYG game creation program).

So really, HTML5 is probably the best and easiest cross-platform choice for small games out there. The problem with almost all the other suggestions is distribution. Either it's difficult to distribute (it will involve people downloading exe files, bundling Python and Pygame, etc) or it runs on Flash (which sucks, let's be honest). HTML5 is just... there. Who doesn't have a web browser?

Edit: I was looking for this link earlier, the results of a Mozilla Labs competition. Really awesome HTML5 games here.

Starting this off as saying that I work primarily in iOS and mac environments. I think PCs are great and apple is overpriced but I really enjoy it and I love Swift so whatever.

If you're building applications in Windows most people seem to start with Visual Studio. There's a ton of resources, frameworks, libraries, and a large community for it. At the very least it's probably a good place to start. For C++ development maybe start here: https://msdn.microsoft.com/en-us/windows/uwp/get-started/create-a-basic-windows-10-app-in-cpp

Now for your broader question of application development, I would start with the Gang Of Four for code design. These aren't easy concepts to get right off the bat, it's putting in some reps before it becomes natural. You'll never use just one either, most projects become a mesh of different design concepts and there's way more than 4. I recommend coming up with a simple project to build on your own and then attempting to architect that from a high level before coding. Then actually building it. It's really the only way to learn. For C++ reading maybe check this out (not 100% on this, I don't do much with C++, but seems recommended as an update for the original Gang of Four): http://www.amazon.com/dp/0201704315/

Another book: http://www.amazon.com/dp/0735619670/

it's from this list: http://blog.codinghorror.com/recommended-reading-for-developers/

This all said, don't get bogged down in books. Read enough to feel comfortable starting something then start it.

First of all I should say that I'm no expert in these things, but I'm sure other people will be able to make other suggestions.

>I plan on installing Linux as my OS (technically my first time)

If you're more used to Windows then the UI will be fairly easy to get used to, but the biggest change will be the command line. This is a really powerful but complex tool and I think the best way to get used to it is really just to dive in and use it as often as possible. MagPi have a book for it (Conquer the Command Line) to get you started, but if you wanted something more comprehensive I've spent some time reading The Linux Command Line and found it really helpful.

For Python I think I started out with Code Academy, but mostly picked it up as I went along. I'm currently reading Python Crash Course and I think it is pretty decent, although most people seem to recommend Learn Python the Hard Way (note the tiny link near the bottom of the page to read the book for free).

At the end of the day the most important thing is to take baby steps and take them often: when you've kept at it regularly for a few weeks it becomes a lot more easy.

Honestly, I would say you are already qualified. I work in this field. I have my MS in Applied Math, was a ML research assistant in grad school, and have a couple years of experience in software engineering.

Software engineering skills are pretty much the only thing that you may lack you would want to work on, however a lot of that you can learn on the job.

A company would probably let your inexperience in software engineering slide because you are very strong on the data analysis / ML side and you have demonstrated you know how to code. The main thing you need to do is work WITH software engineers on integrating your work with a product.

Some skills/technologies you may want to know about that haven't been mentioned as far as I know :

1. SQL -> e.g. MySQL, Transact-SQL
   
   
2. Java -> Hadoop is written in Java
   
   
3. If you end up working at a web company, PHP/Javascript/HTML are useful to know.
   
   
4. Of course, Linux/Unix command line. Very important.
   
   
5. Python -> You mentioned it but I'd say start using it more. Check out iPython Notebook as that might be something that catches your interest.
   
   >edit: Thanks a ton for the advice so far, the consensus seems to be start learning how to deal with big data using Hadoop or some other similar app and learn some software engineering, however that part seems a little ambiguous still.
   
   Learning software engineering is basically learning best practices and design patterns. The goal is to make clean code and avoid hard to find/fix bugs as well as to use the best design paradigm for your problem. "Clean code" means "readable" and "maintainable". Readable code is code that any other software engineer who has never seen it before can pick up and understand reasonably quickly. Maintainable code is code that is relatively easy to refactor, make changes to, add features, and fix bugs within. "Clean" code saves a lot of man hours down the road.
   
   For an example of software design, in programming a video game OOP class inheritance isn't always the best thing to use because it can lead to a confusing, non-intuitive tree of classes. Someone invented the "component entity system" to address the problem.
   
   Read about this, as it's a fairly intuitive example of "Software design", i.e. using the best approach for a particular problem.
   
   Writing clean, well-designed code comes with experience, but there are some books on it.

Senior Security Engineer

Hi, I'm Kevin Hock and I work on the DataDog security team.
We are looking for some talented security engineers to join our security team here in NYC.

How Do I Apply

Send me an email with your resume and GitHub at kh@datadoghq.com

What you will do

• Perform code and design reviews, contribute code that improves security throughout Datadog's products
  
• Eliminate bug classes
  
• Educate your fellow engineers about security in code and infrastructure
  
• Monitor production applications for anomalous activity
  
• Prioritize and track application security issues across the company
  
• Help improve our security policies and processes
  
  Who you should be
  
  
• You have significant experience with network and application security
  
• You can navigate the whole stack in pursuit of potential security issues
  
• You want to work in a fast, high growth startup environment
  
  Bonus points
  
  
• You contribute to security projects
  
• You're comfortable with python, go and javascript. (You won't find any PHP or Java here :D)
  
• CTF experience (I recommend you play with OpenToAll if you don't have any)
  
• Program analysis knowledge
  
  Sample interview questions
  
  
• Flip to a page of WAHH, TAOSSA, CryptoPals, ask you about it.
  
• Explain these acronyms DEP/ASLR/GS/CFI/AFL/ASAN/LLVM/ROP/BROP/COOP/RAP/ECB/CBC/CTR/HPKP/SSL/DNS/IP/HTTP/HMAC/GCM/Z3/SMT/SHA/CSRF/SQLi/DDoS/MAC/DAC/BREACH/CRIME?
  
• How would you implement TCP using UDP sockets?
  
• How do you safely store a password? (Hint: scrypt/bcrypt/pbkdf2)
  
• How does Let'sEncrypt work?
  
  Hat tip to Levi at SquareSpace, also on this thread, he is an awesome person to work with. David Wong, a crypto king of NCC, on this very Q4 thread, is also a great person to work with in Chicago.
  If you're looking to break stuff more than build stuff hat tip to Chris Rohlf's Yahoo! team.
  Random other places you can apply in nyc: MongoDB, Jane Street, 2 sigma, greenhouse.
  
  
  I personally applied because I love Python but I like the company a lot so far.

Not all programming books are tutorials. There are definitely books that exist which talk about concepts and ideas, ways of thinking.

A udemy course, YouTube video medium article, or any other typical internet resource are great sets of instructions but there's more to it than that.

I was recently recommended Code Complete which i think will have a great impact for myself, despite the fact that it's moreso a textbook.

I also believe books like Eloquent JS are amazing. I would consider it the lighter side of books but is amazing for new devs.

I get where you're coming from but don't discount books entirely! There's a lot of great knowledge out there.

This book has been suggested a few times so I finally got around to reading it. I think it has some good information in it. I'm only about halfway through it, but I like it so far.

Time Management for System Administrators

Other books would be any of the social books like "How to influence people", "7 healthy habits..." Etc.

I haven't read this one yet, but It has been suggested to me if you plan to go more into management/leadership Start with Why

Other books that have I have ear marked due to being mentioned:

• The Devops Handbook
  
• The Practice of System and Network Administration
  
• The Practice of Cloud System Administration
  
• Cognitive Behavioral Therapy - This one might have been a joke, but as someone who has dealt with depression and burnout on the job. I think this could be beneficial.
  
• How to win friends and influence people
  
• How to win friends and influence people in the Digital Age
  
  Also, do a search for "Books for IT Professionals" to find a lot of other suggestions.

I come from a similar background, but now I live almost completely in the networking domain. If you’re interested in learning about the various technologies from the perspective of a non-operator expert, I recommend TCP/IP Illustrated: The Protocols.

If you want to learn how to route packets from the perspective of a (albeit senior) network administrator, I recommend Routing TCP/IP Volume 1 and Routing TCP/IP Volume 2.

Beyond the excellent and thorough descriptions of the various technologies (with context), they also provide direct references to the RFCs and white papers wherein the technologies were first published. Using these three texts as a starting point, you can delve as deep as your interest carries you. I believe all three books are available through Safari Books.

If you learn best through video and verbal instruction, I recommend INE. It’s pricy but worth it.

I wouldnt look down on you for it, but I would expect you to sell me. I've never personally used Blackboard so Im not sure where the skillsets overlap. You should be sure, and you should be able to talk about how that helps you transition. Write and practice your pitch.

The most important thing for a junior position is passion for the field. No expects you to be talk about POSIX and why you would use egrep over grep. They just want to see someone that is hungry and wants to learn.

Also, go buy the The linux command line. Its the best intro Linux manual I've ever read, and its intended for people with zero Linux experience to get up to speed. Its the second best value you will get for money spent on a book. The first best is Interviews for dummies. Im not joking when I say that I payed $1 for it at a used book store and its made me at least 15k dollars back. If you sit down and really learn both of these, you will be able to transition to a jr linxu admin role.

Code Complete.

The fantastic blog Coding Horror (written by one of the founders of StackOverflow) has this to say about it:

> Steve McConnell's Code Complete 2 is the Joy of Cooking for software developers. Reading it means that you enjoy your work, you're serious about what you do, and you want to keep improving. ... Do yourself a favor. Make this the first book you read, and the first book you recommend to your fellow developers.

This book has made balloonanimalfarm a much better programmer. It will save you time by making your designs better at the start of the project, helping you do good defensive programming so bugs come out right away, refactor well when the project becomes too big, choose the right scale of algorithms for your project, and make high quality software.

Hello! I had this exact problem, plenty of syntax books etc but I wanted to know why things were being done the way they were being done. So I asked my CS lecturer. He recommended Code complete. http://www.amazon.co.uk/Code-Complete-Practical-Handbook-Construction/dp/0735619670
Its a fantastic book and I found when reading a section that I found interesting it would have side notes recommending other pages that expand on that particular topic in greater detail. Which is awesome, best money I've spent on a book since Harry potter and the philosophers stone ;)

Long post ahead.

LEARN YOUR OSI LAYERS. Learn what's at Layer 2 (Ethernet), Layer 3 (IP), and Layer 4 (TCP/UDP/etc.)

I feel like throwing in the beej bible is necessary here (even if you never want to learn how to do network programming; it's still interesting, i.e. how the kernel opens a socket, translates network addresses, etc.): http://beej.us/guide/bgnet/. This is what I used in my Network Programming course 5+ years ago; still relevant today.

Then there's also the classic W. Richard Stevens tome: TCP/IP Illustrated: here. It's dated as fuck (telnet and rlogin were still prevalent and it still discusses classful routing (Class A, Class B, Class C) which hasn't been relevant for at least 20 years) though it does talk about CIDR which is current) but it's the most comprehensive explanation of how TCP/IP works there is. It does a GREAT job explaining how TCP and UDP work; TCP is a challenging protocol to really understand. It also goes into other application-layer protocols like DNS and HTTP but not in depth (and not relevant to the question at hand). It doesn't discuss IPv6 unfortunately (it's referred to as IPng, which is what it was called back in '94).

There's an updated version of this book that's been edited by a CCIE somewhere; I haven't been able to find it but it's quite good. I heard some of the edits are inaccurate, though.

Then there's the tcpdump manpage and tutorial to teach you how to inspect packets; you'll NEED to know how to do this. (Lots of folks like to use wireshark in the first instance but it's not on every box whereas tcpdump almost certainly is; the biggest differences lie in the filtering language)

More specific to #devopslife are software-defined "cloudy" routers like Neutron, Hyper-Vswitch (if on a Hyper-V virtualization backbone, I believe Azure uses them as well) and OpenVSwitch (from which Neutron descends). Neutron docs here.

Most CCNA material descends from these resources. CCNP and higher cover more specific details that you probably won't care too much about unless you really want to get into networking (which is a career in its own right, networking is HARD)

Unfortunately, if you spend a lot of time on cloud infrastructure, you won't deal with networking too much as an admin unless you get into tweaking kernel parameters or troubleshooting the (very) rare network-fucked-up occasion. Still good knowledge to have though.

You'll pass a Google SRE interview (in networking) if you read these; almost guaranteed.

Copy paste from a post I made earlier

Malware RE isn't really all that much voodoo as it seems, you take the executable and break it down into steps.

First check out the PE headers and find what strings you can, characteristics. Figure out if the malware is packed or not.

A quick and dirty way to get an idea of what it does it run it with certain tools on the system and a linux box to intercept all network communications. This is called behavioral analysis.

After that you can load it into a disassembler like IDA Pro and start looking for interesting functions or windows API calls. Things like WriteFile, VirtualAllocEx, ReadFile then figure out that they are doing.

After that you can take it into your debugger (I like OllyDbg) and set some breakpoints at interesting functions to see what the malware is doing in the stack. Like I said, its not voodoo once you look into it further.

Creating the malware is a whole different story and outside my skill set. In fact I hate programming and know only high level programming, basically I can interpret code and what it wants to do. But I have an easier time reading Assembly (lol) than something like C++. But coding malware is just like coding anything else, design it for what you want it to do and get to work. Stuff like Stuxnet had probably at a minimum 10 extremely talented coders behind it.

Here is a great list of learning sources.

Cybrary.it Malware Analysis Course - Free

Opensource Malware Analysis Course - Free

Dr. Fu's Malware Analysis Course - Free

OpenSecurityTraining.info - Free

SANS FOR610 Reverse Engineering and Malware Analysis - Expensive

Practical Malware Analysis

Practical Reverse Engineering

Malware Analyst's Cookbook

Learn PowerShell in a Month of Lunches is one of the most widely-recommended books on starting PowerShell. I'd recommend following along and physically typing commands in to see what happens - don't just read it.

Alternatively, if you've got the time, one of the most comprehensive introductions is the Microsoft Virtual Academy course on PowerShell 3.0. Don't worry - even though PowerShell 5.0 has been released, this is still very relevant information. It's long - almost 8 hours of videos - but these guys know what they're talking about and they explain it quite well.

Beyond that, check out the resources in the sidebar of this sub. There are a couple other intro books and guides, as well as a lot of script resources to look at.

Finally, once you have a feel for what the language is, the best way to discover what the language can do is to find something you already do a lot, and figure out a way that PowerShell can automate that process. It sounds like your senior engineers have some examples of this already, but don't be afraid to expriment. I have to produce a lot of Excel reports, so the PSExcel module for PowerShell lets me automatically create those reports.

Hope that helps!

Only about half of the programming industry has a degree directly related to IT or programming. Most have college degrees in something, but in the end the most valuable thing to someone hiring in IT is skills. Once you have the skills, you just need to get noticed.

I would recommend you learn Linux administration and web development. (Or you could learn Windows too - I don't know Windows well so I can't comment on it. Linux and Mac OS X are somewhat more popular in the programming world, but if you're looking to get into IT, not programming, then Windows administration might be more common.)

A good book to learn Linux is "The Linux Command Line".

https://www.amazon.com/Linux-Command-Line-Complete-Introduction/dp/1593273894/

For learning web development, you could read "
Learning PHP, MySQL & JavaScript: With jQuery, CSS & HTML5"

https://www.amazon.com/Learning-PHP-MySQL-JavaScript-jQuery/dp/1491978910/

Codecademy would also really help you in here:

https://www.codecademy.com/

If you have any questions, feel free to PM me and I'll do my best to respond.

Personally, I find I learn best from books but only for two narrow facets: theory and reference.

The books everybody recommends are:

• Eloquent JavaScript - http://eloquentjavascript.net/
  
• JavaScript: The Good Parts - https://www.amazon.com/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742
  
  That first one can be read online.
  
  Once you get past the how do I write code basic literacy stuff and really want to step up into architecture you might want to get a little bit of Lisp and Scheme. The fundamental concept to learn in this language is scope. In my experience computer science grads tend to learn things like C++ and Java or C# and work really hard to get really good at OOP. Those techniques of inheritance aren't quite so helpful in this language if you never learn this language's scope model. If you fall in love with the scope model you might find you don't need the OOP/inheritance stuff.
  
  When you are ready to interact with the web here is a quick guide I wrote to teach DOM access: http://prettydiff.com/guide/unrelated_dom.xhtml Could you let me know where this guide fails you so that I can improve it for other people?

I few years ago my youngest brother got his first IT job, and he fell right into an admin role. He too is very sharp. I bought him the following books as a gift to get him started...

The Practice of System and Network Administration, SecondEdition - a few years old but has lots of fundamentals in there, still well worth reading. Hoping for a third edition someday.

Tom Limoncelli's Time Management for System Administrators

I see others have recommended this great book, and I wholehartedly agree: UNIX and Linux System Adminstration, 4th Edition. I was sad when Evi's ship was lost at sea last year. :-( You could tell she loved sailing old wooden ships... just look at the cover. A great loss; she did so much for our community.

Additionally, I will second or third anyone recommending works by Brendan Gregg. I got the Kindle version of Brendan's Systems Performance: Enterprise and the Cloud. I really like this book. It was written to be a good foundational book for the next several years. I am planning to get a hard copy version too. While you're at it, check out these links...

Brendan Gregg:
http://www.brendangregg.com/
http://www.brendangregg.com/linuxperf.html
https://github.com/brendangregg/perf-tools
http://lwn.net/Articles/608497/
http://www.brendangregg.com/USEmethod/use-linux.html

Tom Limoncelli:
http://everythingsysadmin.com/

Introduce him not only to books, but online resources and communities like /r/linuxadmin :-)

Cheers!

I highly recommend Masters of Doom, it covers the story of John Carmack and John Romero from their pre-id years up until around 2002 or so and goes over the development of early id games like Commander Keen, Wolfenstein 3D, Doom and Quake as well as other companies at the time like Apogee/3D Realms and Softdisk and of course Ion Storm, Daikatana and the issues with its development.

If you find that interesting i also recommend Jordan Mechner's Making of Karateka and Making of Prince of Persia. These are unique in that they are the journal that Jordan Mechner kept while making these games (start with the Karateka one, the PoP one continues more or less where the Karateka one ends) back in the 80s and early 90s up until he started working on The Last Express and give a unique look not only at how development was done at the time, but also how a very known at the time publisher - Brøderbund - was running during their later years (which sadly ended up collapsing in the midlate 90s just when The Last Express was released, which ended up with TLE becoming a commercial failure despite the critical praise it had, in large part because the marketing team left the company weeks before the game's release and nobody was around to market it :-P). Also there are several bits about Mechner's attempts on movie writing since that is another passion of his, although that wasn't as successful (he did write the Prince of Persia movie though and was a moderate success).

Another interesting book is Hackers. This is an older book, written in early 80s about the "computer hackers" that influenced modern computing. A large part of the book is about the earlier communities, like those at MIT from where the free software and open source movement began, but there is also a sizeable part about the early days of gaming companies that would later become powerhouses like Sierra and - again - Brøderbund. This last one is very interesting because you can see the shift from the early Brøderbund days in Hackers towards the more boureaucratic and sterile environment in their later days as shown in Mechner's journals. This also makes me curious about their last days and i'd like to see Mechner writing about the development of The Last Express if for no other reason than that.

Finally a book that i also liked a lot, although this one focuses more on a single genre and the games that make it up, is Dungeons and Desktops which focuses on the development of CRPGs from the early attempts at mainframes down to modern RPG games.

Computer and computer gaming history are favorite topics of mine and i tend to buy books about them (and i really like finding common pieces in different books).

A fine idea, Bruce.

It's nice to know that there is still some interest in books, especially among incarcerated community pillars and narcissistic spectres of Silk Road. The fact that you've cleverly referenced both Herman Melville and J.D. Salinger this evening doesn't at all surprise me, given what I know about you; however, it never ceases to amaze me, just a little bit, to find that there are still people like you in existence--and inside this den of dopers & thieves, of all places.

Have you read the YouTube comments lately?

You never responded to the last message I sent your pen name's account. I can't imagine that I offended you ... unless ... you're not a Frolf-loving LARPer, are you Bruce?

At any rate, I don't think that anyone here would worry about you absconding with the book mobile's coffers. At least I wouldn't. Don't sell yourself short. There's a certain underlying aura of decency about you, Bruce--which is made even more apparent by your long-standing concern for and support of SSBD. I never had the pleasure of knowing him.

I should write him a letter.

Yeah. He can certainly have copies of my books, for whatever that's worth. He might dig them.

Finally, here's a suggestion for a book that I believe he or anyone else in this community would appreciate: Hackers: Heroes of the Computer Revolution by Steven Levy. It's the compelling story of how over the course of several decades, computers were liberated from universities and big businesses and placed into the hands of the people. What's even more interesting is that when the book was published in 1985, the revolution was already concluding and a good number of modern-day DNM enthusiasts hadn't even been born yet.

It's a good book.

Stay groovy, Bruce.

--Ed

Sure, though I've also read people in your position are better at building apps with JS if they're new to it because things like PHP are completely different in how you start growing an app (classical vs prototypal inheritance) not to mention that if you also do PHP instead of just straight JS you're getting used to and learning 2 languages that are completely different in how you code. In either case you're right you have to learn JS anyway, here are the best resources after codeacademy basics stuff:

JavaScript: The Definitive Guide: Activate Your Web Pages (Definitive Guides):

http://www.amazon.com/JavaScript-Definitive-Guide-Activate-Guides/dp/0596805527/

JavaScript: The Good Parts:

http://www.amazon.com/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742/

Programming JavaScript Applications: Robust Web Architecture with Node, HTML5, and Modern JS Libraries:

http://www.amazon.com/Programming-JavaScript-Applications-Architecture-Libraries/dp/1491950293/

A cool talk from last year of the Fluent conference (and the author of that last book) explaining how different something like PHP and JavaScript are and why JS doesn't deserve the bad rap it used to get (He's a pretty cool guy from Adobe and I got to talk to him last week about all of these things we're talking about right now and where web development is heading, and why JS as a single language for the web can work even better):

http://www.youtube.com/watch?v=lKCCZTUx0sI

This was a really cool overview on JS today, and you get to see Unreal Tournament and the Unreal 4 engine run in a web browser:

http://www.youtube.com/watch?v=aZqhRICne_M

First, make sure that you've built some complex apps in vanilla JS, and have faced some sort of issue of scale (ie. problems that came up because your app has a lot of code). Maybe your code is really long and difficult to organize. Maybe you end up repeating the same code in a lot of places. Etc.

That way when you try a framework, you'll have some idea why it does what it does, and what problem it's trying to solve.

As far as specific libraries, I'd try these in this order:

• Lodash (or equivalently, Underscore). This is a really useful utility library, and can be used regardless of what fremework you're using.
  
• Backbone is the most barebones and vesatile of the popular frameworks, and is meant to be used in conjunction with jQuery (which you already know) and Lodash (which you will have learned). Backbone will give you a good sense for what MVC is.
  
• React is a level of abstraction above Backbone, and offers 2-way binding and component-level separation in addition to MVC (more acurately, MVVM). I'd encourage you to use it with Browserify, which lets you use NodeJS's syntax for injecting code, but in the browser.
  
• Angular is more opinionated than React, and introduces high level concepts like dependency injection.
  
• Optionally, also try out Meteor (which introduces full stack, 4-way binding), Ember (a super opinionated framework, most similar to Angular), and Polymer (a very future-facing framework, most similar to React).
  
  For general education, here are a few books I recommended in another thread:
  
  Design patterns:
  
  
• http://addyosmani.com/resources/essentialjsdesignpatterns/book/#designpatternsjavascript
  
• https://leanpub.com/javascript-allonge/read
  
• https://leanpub.com/javascript-spessore/read
  
  The JavaScript language:
  
  
• http://www.amazon.com/Effective-JavaScript-Specific-Software-Development/dp/0321812182
  
• http://www.amazon.com/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742
  
  Hope that helps, and good luck!

As a pentester you would typically need to follow a methodology of some sort. Here is a well known one http://www.pentest-standard.org/index.php/Main_Page

Typically you would first enumerate all open tcp/udp ports using a port scanner such as nmap. Then you would analyze ports one by one to see if they contain any vulnerabilities. If it’s a service running an outdated version of a particular software you would look up exploit-db and see if there is a corresponding exploit. Then tweak it to give you reverse shell to your IP address in metasploit or netcat. If it’s a web service you would use web methodology such as the one from here https://jdow.io/blog/2018/03/18/web-application-penetration-testing-methodology/ to look for web vulnerabilities in the web application and attempt to gain a shell that way. After you get a shell you might be highest privileged user or you might need to escalate your privileges. If you are regular user you look for ways to escalate your privileges depending on operating system you are logged in to. Get hackthebox vip account because this will give you access to retired vms and especially windows.

The OSCP certification is pretty much is doing combination of the steps described above on multiple machines. There is a book which goes over this methodology as well https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641

Here is a great resource that many people use as a resource to study for OSCP as well https://xapax.gitbooks.io/security/content/
And if you search for oscp survival guide you can get additional resource to reference. Also rtfm is a good reference book as well.

Edit: here’s a good guide on using methodology with template you can import https://411hall.github.io/OSCP-Preparation/

I can code HTML5 and CSS3 pretty well, honestly it's really easy for me now. - Once you get the hang of them look at a couple of frameworks - I have used Bootstrap and Skeleton and putting them on a resume is an easy +1.

The biggest thing that has helped with Javascript for me is game development, it's really fun and you have to have a decent understanding of javascript to make a playable game, it also gives you an opportunity to work on a bigger project. (thousands of lines of code) So you can get a better idea of how the overall layout mechanics of Javascript work. - So I would recommend making some simple games using just HTML5 canvas and vanilla Javascript with no libraries.

Books I would Recommend --

1. http://www.amazon.co.uk/HTML-CSS-Design-Build-Sites/dp/1118008189
   
   
2. http://www.amazon.co.uk/JavaScript-JQuery-Interactive-Front-end-Development/dp/1118531647
   
   
   
3. http://www.amazon.co.uk/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742
   
   Youtube Channels
   
   
4. learn.codeAcademy - for Jquery, Modern tools professionals use
   
5. PHPacademy - for PHP, and some other stuff
   
6. DevTips
   
7. Jesse Warden - ( this guy has a GREAT javascript series, I would start with that for Javascript)
   
   

You need to understand there are a couple of ways to do Java web development.

• Servlets & JSPs. - Check out Core Servlets and JavaServer Pages or the Java EE Tutorial. Note that I link to an older EE tutorial because the newer versions try to switch to JSF and not much changed in Servlets and JSPs between Java EE 5 and 6. I recommend learning Servlets and JSPs before anything else.
  
• JSF - A frameworks that is layered on top of Servlets and JSPs. Works well for some tasks like making highly form centric business web apps. Most of the JSF 2 books are okay. JSF is covered in the Java EE 6 Tutorial
  
• Spring - Spring is actually a bunch of things. You'd want to learn Spring MVC. If you learn any server-side Java web tech besides Servlets and JSPs you'd probably want to learn Spring MVC. I wouldn't bother with GWT or any other server-side Java web tech.
  
• JAX-RS - After you get Servlets and JSPs down, this is the most essential thing for you to learn. More and more you don't use server-side Java (Servlets & JSPs) to generate your clients HTML and instead you use client-side JavaScript to make AJAX calls to a Java backend via HTTP/JSON. You'll probably spend more time with JavaScript:The Good Parts and JavaScript: The Definitive Guide than anything else. Also the JAX-RS api isn't that hard but designing a good RESTful api can be so be on the lookout for language agnostic REST books.
  
  Definitely learn Hibernate. You can start with the JPA material in the Java EE tutorial.
  
  As for design patterns, Design Patterns: Elements of Reusable Object-Oriented Software is a classic. I also like Patterns of Enterprise Application Architecture for more of an enterprise system pattern view of things. Probably avoid most J2EE pattern books. Most of the Java EE patterns come about because of deficiencies of the J2EE/JavaEE platform. As each new version of Java EE comes out you see that the patterns that have arisen become part for the platform. For example you don't create a lot of database DAOs because JPA/Hibernate handles your database integration layer. You also don't write a lot of service locators now because of CDI. So books like CoreJ2EE Patterns can interesting but if you are learning a modern Java web stack you'll be amazed at how archaic things used to be if you look at old J2EE pattern books.
  
  p.s. Don't buy anything that says J2EE, it'll be seven years out of date.
  

Hi Pandas_sniff! (love the name) I’m a firm advocate of the Web Application Hacker’s Handbook. I think if you look at the reviews for version 2 i’m probably one of the featured ones. It really is all encompassing for most of what application security testing should start out as. It does suffer from being a textual reference though (a snapshot in time), so I also commonly recommend learning from the OWASP Testing Guide v4 as it has frequent wiki-like updates. I could spend all day talking about resources for learners! There are some excellent (free) videos by Jeremy Druin on using Burp Suite and application testing, I absolutely love Pentesterlab.com and all of their exercises, and Sam has written a very good guide on getting started in bounty work

As for how effective these resources are “out of the gate” i think they are tremendously helpful. For example, using the above resources i’m sure any apt student of them could identify IDOR’s or basic injections. Over time these skills become second nature and free up the tester to focus on newer, cutting-edge hacks/technology. Hope that answers the question =)

I may be a bit too harsh, I admit. I'm a jaded tech douche. But consider this....

>This is the worlds most advanced ethical hacking course with 18 of the most current security domains any ethical hacker will ever want to know when they are planning to beef up the information security posture of their organization.

>In short, you walk out the door with hacking skills that are highly in demand, as well as the internationally recognized Certified Ethical Hacker certification!

This is directly from their website. I feel like they make some pretty bold claims there. My instructor was, overall, a pretty solid guy. But my qualms were with the 3rd-party training facility, (my employer had made me do this as OSCP wasn't recognized by the client I was working with), as well as the material. I felt that EC misled people taking the course by what skills they would gain and that it also misleads others by what cert holders are capable of.

But I think we get off of topic - I would suggest that a better book for someone is this.

Maybe v9 is very different. I had several EC Certs as I was once subject to the DoD 8570. But I let them expire as I have several issues with EC Council. One of which being you need 120 CPEs annually. Taking another one of their certifications, gives you a full 120. But discovering a vulnerability is only 5 CPEs. (What?!)

13 year old? I've started programming around the same age. Wow, I'm only 27 and I suddenly felt old :)

Anyway, I don't know if you want some tips, but here are a few I wish someone told me when I was starting:

1. Start small - even a simple game, like Tetris or something, 100% complete (with UI, menu, sounds, gfx etc.), will take a lot more time than anticipated.
   
2. Finish things - it's not always fun and games, there is a lot of boring work involved, you have to stick it out. After all is said and done, a one finished game will feel better than 10 started projects, no matter how interesting they are.
   
3. Learn about code design. Code readability is really important. I would say it's only second to making working code. After the initial stage of any project, you won't be writing new stuff, you will be expanding already existing codebase. How fast you write/modify/debug/etc., will depend on how readable and manageable is your codebase. The worse codebase, the more you will be inclined to leave it and start something new, fresh (with a "better code"...). Leaving code behind or rewriting it because it's "bad" is a huge timewaster. Read Clean Code and Code Complete for starters.
   
4. I lost a lot code too in my time. Use something like bitbucket or github for your code. Remember to keep your directory tree nice and tidy. As with point 3. - It's a lot easier to come back to nice and tidy project than to some kind of tangled monstrosity.
   
5. Have fun. Creating software/games is a hell of a ride.
   

Automate the Boring Stuff taught me the basics and I recommend it highly. It's free.

If you encounter an error spend about an hour trying to solve it before asking for help. If you get an error with an error message from running the program you copy and paste the error message into a search engine and look for answers there. If the program behaves differently than you expect it too without giving you an error message you have probably made a mistake in your instructions to the program and these can be hard to find.

r/learnpython is great when you can't solve your problem(s), they're helpful as long as you say what you have tried, upload your code to pastebin.com and say what you want the program to do.

also when giving variables names please give them describing names. look at this example:

name = "chra94"

n = 6

name_length = 6

clearly name_length describes itself better than just n. Many beginners me included make the mistake of naming variables poorly which makes the code harder to read. good variables makes reading the code easier.

Be prepared to read documentations for both python but also tools (they're called modules or libraries) written in python for python. One day you might want to make a program that modifies or creates spreadsheets. There are libraries for that and even if you just watch a tutorial on how to use it it's easier to be able to search and read the documentation for the module than finding a tutorial specific for that one little thing you want to do that the other tutorial didn't cover.

Following the Automate the Boring Stuff book you will be able to make a rock, paper, scissors-game, making a number guessing game and such. Should you want more excercises you could look at codingbat over here at CodingBat for that.

Some day you might want to do a project. A program that's useful. Maybe it'll download the ten best wallpapers from r/wallpapers each day. Maybe you'll make a chatbot Slack or Discord or IRC. Anwyay. After having made a couple of programs that can be used over and over again by someone else than me I have realized that I have to plan much, much more ahead. My programs got messy, difficult to read, difficult to change and honestly I've lost control over them. I wish I had read Code Complete earlier. It praises planning your program thoroughly. According to some stats in the book mistakes uncovered after planning are between five to ten times more costly to fix than if they were discovered while the requirements for the program were figured out. (Theses stats are for small companies. Bigger companies can be as much as 100 times more expensive to fix.) TL;DR: Time spent planning is between three to ten times better spent than fixing stuff because you didn't bother to plan enough.

*TL;DR:** Do Automate the Boring Stuff untill you want to make stuff on your own and read chapter three of Code Complete.


Best of luck buddy and remember: Plan your projects ahead.

Fuck that. You want to learn the newest shit, not some old antiquated OSs that your company just happens to use atm. Yes I'm being very blunt, you will have a better career if you do so.

1. Yes. Powershell in a month of lunches and /r/Powershell . If you're gonna do Windows you need this.
   
   
2. No. If you're gonna learn Windows, learn 2012R2. I'm running the 2016 version at home already in test. MCSA atm is for 2012R2, so stick with that. No reason to focus on 2008. The menus are very similar, functions are identical only 2012R2 has some added capabilities and some different ways of implementation. Learn the new way and you'll have better career opportunities. Including where you work now - what happens when they want to update to 2012R2 and you already know that OS?! Don't think of the present, think of the future.
   
   
3. Not familiar with it.
   
   
4. I run it at home for personal use. It's ok, wish I could join it to the domain and it'd stick/be stable at it. For storage is alright. I would not feel comfortable implementing it for a large business though. Small sized, maybe. Great to learn iSCSI and shares and BSD I suppose.
   
   
5. Sure. Edgerouter Lite or even PFSense are great home routers. A coleague runs PFSense as a VM btw. /r/Ubiquiti /r/PFSENSE
   
   
6. Not familiar with it.
   
   
7. Get VMWare 6.0 (Look to the future)
   
   Also note that Hyper-V is free if you'd like to play with that. You can get that and other Windows Evaluation OSs here.
   
   I run a Hyper-V cluster with two Lenovo M93 systems, a VMWare 5.5 hypervisor on a TS140, and FreeNAS on a custom machine. My network is all Ubiquiti, ERL, ES Lite, 2x UAP-AC.
   
   
   

Certs will always be more reputable in the IT Sec field then a degree (up until you want to get into a management position, then the MS would be worth it) but after your BS go directly for certs.

If you want to get into Web App Pen Testing then I suggest you pickup the basics of networking, how Packets work, how they are transmitted across the internet. OSI Model, HTTP POST, GET, PUSH, DELETE , how Switches and Routers work as well as how backed server functions on Linux such as Ngix, Apache, how does PHP work.

From that you basically need to learn SQL, HTML, PHP, JavaScript, Python (or Ruby) and some C along with basics of Assembly if you want to learn how to make Exploits.

I suggest you pick up the Web Hackers Handbook. It's a great start to learning how to hack websites.

Also learn the OWASP Top 10.

Take in some knowledge on Metasploit Since it goes over basics of using the tool. Also learn how to use Burp Suite since it's going to be your tool of choice for testing websites, and Nmap as well, since it will be your scanner for checking other domains of the website, etc, etc.

Start practicing at home. Build a small lab with Kali installed on a VM.

You can practice hacking the Damn Vulnerable Web App

Check out VulnHub for more resources on vulnerable VMs to practice hacking.

And also follow Pentest Lab Bootcamp to learn the basics of web app hacking as well. I highly suggest you follow this outline as it will teach you the basics of Web App Hacking and will also provide you with VM's to practice SQL Injection, XSS, CSRF, etc.

As for certificates, since you are doing Web App Pen Testing don't go with the CCNA or CCNA Security, since those are mainly associated with Network Security. You need to understand how networks work, yes, but you don't need to have a deep end knowledge of it.

I suggest you go for Security+ since it will teach you security basics and securing firewalls, routers, switches, etc. After that pursue the OSCP and OWSE from Offensive Security as they are highly regarded in the Pen Testing field.

You might need to also take the CISSP since some companies will require you, but by then you should be able to work for a firm and get the CISSP over time.

Hope this helps, cheers!

It seems your problem is not programming, but architecture. Namely, how the client-server architecture that most of the web is based on works.

Unfortunately, I couldn't find something that's both easy to understand and comprehensive enough, and I can't really write it here, as either I would have to simplify it too much or I'd have to write way much more than I'm comfortable writing.

So keep google for client server architecture until you find a book/tutorial/article/video/etc that makes you understand and go from there. Don't worry about languages, liibraries, frameworks and all that mumbo-jumbo for now, just focus on understanding what happens when you interact with a website, from start to end. Once you understand that, choose a language, find a framework that you think you'd like and start learning it (some frameworks, like Django, have very comprehensive tutorials). And then you keep improving that until you're satisfied with your project - or you hit your deadline, that product got to ship someday!

EDIT: Actually, I do have a recommendation: the Computer Networking: A Top-Down Approach book. Reading the first chapter will probably be enough for you, but if you enjoy it, you can read a lot more and really (begin to) understand how the Internet (and computer networks in general) work.

I went trough a really long phase of this. Not saying this will work for you, but for me what snapped me out and allowed me to set my own path was heavy doses of proper, formal game design.

It took forever for me to discover that's what I needed. But the structure and the fact that it forced me to think through every aspect of a game idea before any line of code was written made me realize I could do it. It showed me the individual steps, it compartmentalized it so that I could eat the elephant one bite at a time.

Plus, it was a LOT easier to stay motivated, because I had a pretty good idea of the big picture, so it was easy to track overall progress and distance from the finish line.

Finally, with the help of Code Complete: A Practical Handbook of Software Construction, I'm now quite proud of the code I put out, which is another motivator.

Specific questions will be more helpful, but some general good places to start for javascript:



A Javascript Primer for Meteor - https://www.discovermeteor.com/blog/javascript-for-meteor/

This is my favorite introductory document on Javascript as a language, even though it's geared toward building apps with the Meteor framework it applies mostly to the language itself and is a good read even if you don't plan to use Meteor.

Javascript: The Good Parts by Douglas Crockford - https://www.amazon.com/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742

Very good and to-the-point book by one of the best JS experts out there.

Your new home will be the Chrome Developer Tools. If you prefer Firefox, the built-in tools are also pretty good, but consider installing Firebug too. With these tools, you can debug JavaScript and even interactively run JavaScript commands, but you can also inspect HTML and CSS to find problems. If you ever find yourself randomly changing lines of code and reloading the page to see what happens, you're doing it wrong.

If you don't already know JavaScript, I'd recommend JavaScript: The Good Parts to learn JavaScript as a pure language. It's actually a pretty decent language if you stick to the good parts. A lot of complaints about web development are rooted in earlier versions of JavaScript and earlier versions of browsers that had incompatible DOM APIs - the world is much better now.

HTML itself is pretty easy. It should take you hardly any time to learn HTML by itself.

For CSS, consider CSS3: The Missing Manual. Even if you're not a graphic designer and don't want to do fancy layout, you should at least dive into CSS enough to see how it can be used for things like animation and transitions (so you know what's possible with CSS and don't try to reinvent it with HTML and JavaScript).

The last step is putting it all together - using JavaScript to modify the HTML DOM in real-time using JavaScript, and using software running on your web server in Python, PHP, Ruby, or whatever language you prefer to generate the HTML dynamically. Once you're comfortable with the other pieces, you can dive into this last step - but here's where there's more than one way to do it. Some people prefer jQuery on the front end plus PHP on the back end, others prefer Node.js so they can use JavaScript throughout, then there's Angular plus Google App Engine, and so on.

I don't know if you're specifically interested in learning about the security and security flaws of web apps specifically, but I would definitely recommend The Web Application Hacker's Handbook as it's an amazingly thorough guide on vulnerabilities.

Typically you start testing sites by using a security toolkit underneath your browser, such as Burp Suite. I don't do much of this stuff myself so hopefully this'll get you started.

Also /r/howtohack might be helpful, along with this thread to find some good hacking practice (DONT hack sites you don't have permission for)

Good luck!

Yes - knowing how to write a great sort algorithm is fairly useless in the real world. You're better served learning good programming and principles of software design. Please get a copy of Code Complete and absorb it, as well as finding out your company's particular methodology.

The biggest problems with fresh-out-of-the-womb coders is you make mistakes that make your life more difficult down the line - use functions, don't write code in-line. Don't make everything global variables. Name your functions and variables carefully. Understand scope. If you're doing something complex and hacky to achieve a goal, take a step back and think if you can solve your problem a different way. Don't hesitate to ask for advice, online or at work. It is not a sign of weakness, but instead a sign that you're willing to learn.

For scripting this kind of thing is not nearly as important, but you may as well start trying to write nice code there. Ask for a coder to look it over and give you tips. Make sure everything you write is well documented and readable!

Good luck, have fun!

hmmm...I grew out of that position this past year. It was similar in scope to yours. In your position I highly recommend going desktop infrastructure. Studying for it will allow you to at the very least have a clear understanding of the latest technology available to you for architecting desktop solutions. However, it's not enough to know just that. Here's some advice:

• If you don't have a whiteboard by your desk, get one.
  
  
• learn scrum or some kind of other project management methodology and at first apply it to yourself, then apply it to everyone else within your domain. Hold your bosses to the same standards.
  
  
• learn ITIL and start using the terminology. You don't have to adhere to all the standards, either. Furthermore, it helps you understand your role in IT as part of the enterprise as a whole, and it helps you understand how to architect your IT shop using best practices.
  
  
• If you don't have a testing environment, make sure your department has one. Microsoft MSDN subscriptions allow for as rich a testing environment as you need for as little as 700 bucks a year. Most subscriptions also come with free courses as well. Furthermore, you can buy an r900 hexacore quad socket server with 128gb of ram for under a grand. Plenty of hardware for a competent testing environment.
  
  
• Learn powershell. Don Jones has written books and made training videos showing you how to learn powershell. It's a powerful tool. Learn the .net classes that it can use. If you look up the MSDN writeups for the C# versions of the classes, they are pretty darn close to the powershell version of it.
  
  
• Everything you learn in your studies, test it out. Learn it. Nurture your test environment. Get intimate with the checkpoint feature in virtualization. Get cozy with it.
  
  
• As soon as you possibly can, but only after you've gotten the above fundamentals down, learn system center. It's complex, but wonderful. It'll put you on a whole other level. That will guarantee you a job.

If I may - I humbly recommend to read a proper book on bitcoin, not some fluff piece.. Just assuming from the way that you chose your post title that you might be interested in a more substantial bitcoin reading :) Please ignore if that's not the case, don't wanna ruin your reading pleasure or anything.

Economic perspective: The Bitcoin Standard - The Decentralized Alternative to Central Banking

Not technical at all, very beginner friendly, but also not a lot of practical information: The Internet Of Money

Gently technical, beginner friendly: Inventing Bitcoin: The Technology Behind the First Truly Scarce and Decentralized Money Explained

Technical deep dives:

• Mastering Bitcoin (also available for free online, as it's an open source book)
  
  
• Programming Bitcoin
  
  
• Grokking Bitcoin

Find out what language the class is using. If it is Java, then I've heard that Thinking in Java is a good book (the 3rd edition is free while the 4th is not).

Here are some books you should read, the sooner the better:

Code: The Hidden Language of Hardware and Software - This is a great book that is technical while being a fairly light read. It answers the question "how do computers physically work?" with just enough theory to understand, and it doesn't have, like, metaphors of pictures of trains carrying 1s and 0s around.

Don't Make Me Think and User Interface Design for Programmers which are also light-but-still-technical books on user interface design, which gives a good idea of how to create software that people actually use.

At some point after you've done some coding, read these books:

Code Complete - A great tome of the non-programming aspects of being a good software engineer.

Pragmatic Programmer is a technical book, and probably a good one to read towards the end of your first year maybe.

Also note: You don't need to know a lot of math to program. High school level algebra and basic arithmetic is fine for the most part.

Here's my list of the classics:

General Computing

• But How Do It Know? - The Basic Principles of Computers for Everyone
  
  
• The Elements of Computing Systems: Building a Modern Computer from First Principles
  
  
• Code: The Hidden Language of Computer Hardware and Software
  
  
• Gödel, Escher, Bach: An Eternal Golden Braid
  
  Computer Science
  
  
• The New Turing Omnibus: Sixty-Six Excursions in Computer Science
  
  
• Compilers: Principles, Techniques, and Tools, 2nd Edition (aka The Dragon Book)
  
  
• The Art of Computer Programming
  
  
• Algorithms, 4th Edition
  
  
• Introduction to Algorithms, 3rd Edition (aka CLRS)
  
  
• Essential Algorithms: A Practical Approach to Computer Algorithms Using Python and C#, 2nd Edition
  
  
• Grokking Algorithms: An Illustrated Guide for Programmers and Other Curious People
  
  
• Structure and Interpretation of Computer Programs, 2nd Edition (aka SICP, available for free on the MIT website)
  
  
• Discrete Mathematics with Applications, 4th Edition
  
  Software Development
  
  
• Designing Data-Intensive Applications: The Big Ideas Behind Reliable, Scalable, and Maintainable Systems by Martin Kleppmann
  
  
• Design Patterns: Elements of Reusable Object-Oriented Software (aka The Gang of Four)
  
  
• Think Like a Programmer: An Introduction to Creative Problem Solving
  
  
• The Pragmatic Programmer: your journey to mastery, 20th Anniversary Edition, 2nd Edition
  
  
• The Mythical Man-Month: Essays on Software Engineering
  
  
• Code Complete: A Practical Handbook of Software Construction, 2nd Edition
  
  
• The Design of Everyday Things
  
  
• Clean Code: A Handbook of Agile Software Craftsmanship
  
  
• Programming Pearls, 2nd Edition
  
  
• Soft Skills: The Software Developer's Life Manual
  
  
• Hello, Startup: A Programmer's Guide to Building Products, Technologies, and Teams
  
  
• Hacker's Delight, 2nd Edition
  
  
• Peopleware: Productive Projects and Teams, 3rd Edition
  
  Case Studies
  
  
• The Soul of a New Machine
  
  
• Masters of Doom: How Two Guys Created an Empire and Transformed Pop Culture
  
  
• Hackers: Heroes of the Computer Revolution
  
  
• Where Wizards Stay Up Late: The Origins Of The Internet
  
  
• Fire in the Valley: The Birth and Death of the Personal Computer, 3rd Edition
  
  Employment
  
  
• Cracking the Coding Interview: 189 Programming Questions and Solutions, 6th Edition
  
  
• The Complete Software Developer's Career Guide: How to Learn Programming Languages Quickly, Ace Your Programming Interview, and Land Your Software Developer Dream Job
  
  
• The Self-Taught Programmer: The Definitive Guide to Programming Professionally
  
  
• The Passionate Programmer: Creating a Remarkable Career in Software Development
  
  Language-Specific
  
  C
  
  
• The C Programming Language, 2nd Edition
  
  Python
  
  
• Automate the Boring Stuff with Python: Practical Programming for Total Beginners, 2nd Edition
  
  
• Python Crash Course: A Hands-On, Project-Based Introduction to Programming
  
  
• Python Programming: An Introduction to Computer Science, 3rd Edition
  
  
• Effective Python: 59 Specific Ways to Write Better Python
  
  C#
  
  
• The C# Player's Guide, 3rd Edition
  
  C++
  
  
• The C++ Programming Language, 4th Edition
  
  
• Starting Out with C++: from Control Structures to Objects, 9th Edition
  
  Java
  
  
• Introduction to Java Programming and Data Structures: Comprehensive Version, 11th Edition
  
  
• [Java: A Beginner's Guide](https://www.amazon.com/Java-Beginners-Seventh-Herbert-Schildt/dp/1259589315/, 7th Edition)
  
  
• Java: The Complete Reference, 11th Edition
  
  
• Core Java Volume I - Fundamentals, 11th Edition
  
  
• Starting Out with Java: From Control Structures through Objects, 6th Edition
  
  
• Effective Java, 3rd Edition
  
  Linux Shell Scripts
  
  
• The Linux Command Line: A Complete Introduction, 2nd Edition
  
  
• Wicked Cool Shell Scripts: 101 Scripts for Linux, OS X, and UNIX Systems, 2nd Edition
  
  
• Linux Command Line and Shell Scripting Bible
  
  
• Mastering Linux Shell Scripting
  
  Web Development
  
  
• Learning Web Design: A Beginner's Guide to HTML, CSS, JavaScript, and Web Graphics, 5th Edition
  
  
• Eloquent JavaScript: A Modern Introduction to Programming, 3rd Edition (also available for free on the author's website)
  
  
• JavaScript and JQuery: Interactive Front-End Web Development
  
  
• HTML and CSS: Design and Build Websites
  
  
• You Don't Know JS: Up & Going
  
  Ruby and Rails
  
  
• Ruby on Rails Tutorial: Learn Web Development with Rails, 4th Edition (Note: this book is somewhat out of date compared to the live version on the author's website.)
  
  
• The Well Grounded Rubyist, 3rd Edition
  
  
• Practical Object-Oriented Design in Ruby: An Agile Primer
  
  
• Agile Web Development with Rails 5.1
  
  
• Programming Ruby 1.9 & 2.0: The Pragmatic Programmers' Guide, 4th Edition
  
  
• Eloquent Ruby
  
  Assembly
  
  
• Assembly Language for x86 Processors, 8th Edition

As a beginner (still am), I have found the easiest way to learn is to just dive in using Powershell for any tasks that you do during your normal day (especially the repetitive ones).

With that said, I have found it highly beneficial to use a couple resources:

• Subscribe to this Reddit /r/PowerShell
  
• Subscribe to "Hey, Scirpting Guy!" blog
  
• Buy the book Powershell in a Month of Lunches - A Youtube Channel also exists
  
• Search for Powershell related courses on Microsoft Virtual Academy
  
• Head on over to PowerShell.org and go exploring
  
• Visit the TechNet Script Gallery. Study and understand any available, high-rated scripts.
  
  To be honest, the most important tip in my opinion to learn how to use PS is the get-help command. This will teach you how to use just about every command out there minimizing most questions that you are looking to ask. A second tip: Learn what it means to "Pass by value" and "Pass by Property Name." This will help you immensely when combining commands using the pipeline.
  
  Quick warning: Powershell will quickly get addictive. Also, it is a community where people enjoy sharing and giving back.
  
  Last note, I swear. Learn shortcuts. It will save you a HUGE amount of time (i.e.like hitting esc on your keyboard to clear the line.)

I'd recommend learning to use Linux well first, since that is what you will need to use a lot of the tools for Pen Testing, after that you can choose an area to start with, most go with web app sec or net sec, since those are most in use right now - after that you can move into areas like cloud security, forensics or some other specialty.

As far as resources go there are a lot out there, i'll link some good ones that I use:

https://github.com/wtsxDev/Penetration-Testing

https://github.com/jivoi/offsec_pdfs

Those two should keep you going for a while at least.

As for coding, i'd recommend learning to use Bash first, then python. Bash is the Born Again SHell, a scripting language used in linux and is something that you will use a lot, and python is a language that is used a lot in offsec.

Here is a place where you can learn some Bash:
https://www.tldp.org/LDP/Bash-Beginners-Guide/html/Bash-Beginners-Guide.html

There are two books i'd recommend for python, ill link them here:
https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579

https://www.amazon.com/Black-Hat-Python-Programming-Pentesters/dp/1593275900

the book in the second link is a bit easier to approach in my opinion, but both require some basic knowledge of python - so youtube or google some tutorials and im sure you'll do fine.

If you want to get into pen testing web apps, then you will want to learn some PHP and JavaScript, a lot of websites are written in PHP, and a lot of exploits are executed with JS: Cross site scripting in particular. You should also learn some SQL since that is another common one for manipulating databases, and can be attacked in a method known as SQL injection.

If you want a place to practice things you are learning then go here: http://overthewire.org/wargames/
They offer some pretty basic war games for things like linux commands and what not so you can really test your knowledge and learn a lot of the things you will have to do to progress through the games.

That's all I can think of atm, but i'm sure of the other people in here will be happy to give you some more suggestions

good luck!

I just saw you said low on funds, but if you have a birthday or something coming up these two books have been great resources for me, and others that have taken a dive into it.

https://www.amazon.com/Linux-Bible-Christopher-Negus/dp/111821854X

https://www.amazon.com/Linux-Command-Shell-Scripting-Bible/dp/111898384X/ref=pd_sbs_14_img_1?_encoding=UTF8&psc=1&refRID=J9RW2JJ25KF0HEW2DDNK

One thing I'd say is DON'T BE DISCOURAGED. There's a lot to Linux, and it'll feel like you are drinking through a fire hose sometimes with concepts, everyone has been there, and I'm still very much there. In addition to reading a butt load, one thing that helped me take the edge of was getting a box up with something I'd use. My personal pet project back in the day was setting up a redhat instance and run a ventrilo server. It helped me learn things like security, package management, patching, getting real comfortable with things like awk and sed. I didn't expose it to the internet except for a few whitelisted IPs but it kept me learning for a long time, and made it fun.

First time see that site, but I would recommend reading:

• Clean Code: A Handbook of Agile Software Craftsmanship
  
• The Clean Coder: A Code of Conduct for Professional Programmers
  
• The Pragmatic Programmer: From Journeyman to Master
  
• Code Complete: A Practical Handbook of Software Construction
  
• Refactoring: Improving the Design of Existing Code
  
  This is a list of books I am intending to read as soon as I read through some other books.. A list I created from reading this and some other subreddits daily, so probably this should cover all your need on Clean Coding.
  
  If anyone know any more books well worth reading I would be really glad to hear about them!

I've been using node for about a year now (was a PHP/mySQL dev for 6 years before that) and have come to realise that it's all about methodology. The language is just JS (I mean, you should get good at JS too) but it's how you use it that defines whether your node code will be good or not.

Some things I've found useful:

• JavaScript: The Good Parts If you're a JS developer, you just need to read this.
  
  
• Node Beginner Book Hands-on node is a little more rough around the edges but still worth a go. I bought the bundle for kindle and didn't regret it.
  
  My experience:
  
  
• Write everything in modules. Your index.js should be tiny. Ours just links URLs to modules.
  
  
• Try to make your modules reusable. We're (I'm) guilty of having my modules assume a http request, which means I'm ferrying the request and response objects around all over the place. It's not heinous, but it is bad.
  
  
• Put your modules in git
  
  
• Caching: Our stack is slightly unusual in that we've built a REST API in node which PHP then consumes to produce the HTML for the site, so end users never connect directly to node. (We have reasons for doing it this way). So we cache the API results based on URL in memcache. For a traditional web server model you'd probably use caching proxies in front of your node layer. I also cache database results based on the SQL string (I think we tested it to be faster than querycache. If not, why the hell aren't we just using querycache? Hmm...), so even if the API-level cache misses, some of the data will still be cached hopefully. Your caching strategy will depend heavily on the frequency of data changes in your application. A lot of our data never changes. We certainly don't have sub-minute changes, and typically our data changes exactly once in its lifetime.
  
  
• A good proportion of the stuff I write is utility modules (like pluribus) rather than business-logic specific to our website. I've written a HTTP router, a caching object (which abstracts the cache mechanism away so if we wanted to move away from memcache none of our code would have to change, we'd just plug in a new storage module to cachejs), a twitter module, and a connection-pooling module. Some of these problems were already solved in existing modules (and we use a lot of 3rd party modules too) but often you'll find that it's not quite right for your use-case, doesn't scale well, or the github isn't up to date with the latest node etc etc.
  
  
• Node is getting better all the time. We've thrown away a few things we'd written because the functionality is in core now. That's good.
  
  
• github is your friend. We end up forking a lot of modules and issuing pull requests to them. If they don't accept it's a shame because we then will have to keep our version up to date with their fixes. We prefer to fork, fix, pull req and then switch back to their version when accepted.
  
  
• architecture is the most important problem to solve. We use rackspace cloud hosting and they provide cloud load balancers which helps a lot. Beyond that, we make use of a consistent hashing module to spread memcache data and load evenly. But for any large application you'll quickly find that you can't just keep it all on one fat box, and you'll need to think the architecture out avoiding single points of failure.

OK, got it. Perhaps the low level details aren't exactly what you need. BTW, I've tried reading some of these books e.g. this one: http://www.amazon.com/TCP-Illustrated-Vol-Addison-Wesley-Professional/dp/0201633469/ref=pd_sim_b_2 and they are not for the faint of heart.

What's worked better for me are online articles like the one above. While I'd love to grok TCP/IP at a deep level, I really don't need to know that much about it. Although I could see how it would be extremely useful if I worked at a networking company.

tl;dr good luck! I find Charles to be a bit easier to use than Fiddler.

Generally speaking, "reverse engineering" implies getting an executable (like a .exe file on Windows) and trying to figure out what it does at the level of the source code. Reverse engineering is a long and tedious process that is not as simple as it sounds for several reasons.

The first thing that you have to understand is how a program goes from source code to EXE (since we're going in the opposite direction when we reverse an .exe file). When a program is written in a high level language like C or C++, it can't be run by a computer until it has been compiled, a special process performed by a compiler. Compilers take the source code, and translate it first into a middle language called an intermediate representation that represents the logical structure of the program, and then based on that middle language emit machine code. Machine code (which can be translated into a human readable form called assembly language) is the binary language that the CPU actually uses to do computation - it contains very simple instructions like "move this data to this location in memory" or "add these two numbers together". Most compilers will also make a lot of optimizations in before emitting the machine code - for example, if they see a certain piece of data being accessed and stored unnecessarily, they may move the code responsible for the redundancy to another place in the executable to avoid wasted operations. The compiler will finally output a file called an object file, which contains optimized machine code.

However, this file is generally not executable - it still has to be linked by the linker, (which sometimes automatically runs after the compiler). The linker performs several tasks, like fixing up absolute addressing to ensure that a program can be loaded anywhere in it's address space, as well as providing references to shared libraries. Usually when writing big programs, developers will use already-written code, like the C library or other vendor specific packages, by referencing it in the source code. For example, C source code can use statements like

include <stdio.h>

to indicate that the program includes references to the standard input/output library in the C library, which is used to allow user-provided data and to print data to the screen, among other things. So, it's the linker's job to ensure that these libraries are included in the final executable and that the other object files can reference them correctly. To make matters worse, the linker will build the executable program in whatever file format the operating system uses (PE on Windows, ELF on Linux, and Mach-O on OSX), and these file formats store the program data and code in separate locations. However, the linker handles this cleanly and produces a compiled, optimized, and linked program in the right format, which can then be executed. So that's how it happens normally.

So now, let's do it in reverse. Suppose you have suspicious.exe, a file that you think is malware and you want to find out what it does so that you know whether it's dangerous or not. Suspicious.exe is a compiled and linked executable, and since it was optimized, you don't necessarily have a 1-to-1 correspondence between each machine code instruction and each line of source code (and you don't have the source code anyway). Furthermore, the Intel x86 architecture that most commercial personal computers use in their CPUs uses variable length machine code instructions - some of the instructions will be longer than others, so it is very difficult to look at them in a binary and figure out what is doing what. This is where a disassembler is used - a program that takes a raw binary file and emits human readable assembly language. Because of variable length instructions, some disassemblers even emit the wrong assembly instructions sometimes! However, because the program has to be able to run consistently and reliably when given to the CPU, there is always a way to disassemble it into the correct machine code - it sometimes just takes a few hours (and a headache or two).

Now, you've disassembled the file using a tool like IDA Pro (which can cost hundreds or thousands of dollars, depending on the license), and you have human-readable assembly. So why is it still hard to figure out what the program does? Firstly, any descriptive variable names that a programmer used to make the source code more easy to read are gone because the compiler got rid of them once it generated the intermediate representation - so you don't even know what the various memory references are where data is stored. Secondly, while you can tell where functions begin and end, you can't necessarily tell what they do - they're just blobs of assembly, and sometimes not even that; if the functions were included in a shared library, they'll often be just references to the address in memory where the imported library is placed when the operating system loads the process into its address space (it depends on whether the executable is dynamically or statically linked, but that's a more in depth and tangential discussion). You also don't where important data structures - like strings or pointer tables - are because what the disassembler doesn't recognize as code, it'll just call "data" and leave it at that. Thirdly, most of the data in the program depends on the memory state while it's running, which you can't tell just by looking at the assembly. You need to actually run suspicious.exe.

So you take a look at this mess, ask yourself why you chose this job in the first place instead of being a web developer even though they get paid about the same as you, open another can of Rockstar, and you get to work. Generally, you'll start suspicious.exe in a sandbox environment like a virtual machine using a debugger, which is a special program that will allow you to halt it and examine its memory state, register states, and other activity. As the program executes, you will begin to notice behaviors that resemble C structures - how you actually do this is a huge discussion that people have written entire books about, but suffice it to say for now that it comes with experience. Furthermore, if you use IDA (or keep a notebook), you'll write down lots of notes about the program behavior, and use Microsoft's MSDN pages (or Apple's developer documents or the Linux man pages, depending on what environment your executable runs in). Eventually, whatever it is that you were aiming to find out becomes clear, or you quit out of sheer frustration (but usually and hopefully the former).

Bear in mind that most people don't aim to entirely reverse engineer every bit of machine code in an executable. A lot of it isn't related to what you're trying to discover, and so part of the game is first finding what pieces of code are actually relevant (which you do with a debugger by stopping the program's execution once it starts doing stuff relevant to your reversing purposes), then reversing those little parts of the code.

Computer Networks A Top Down Approach, by Kurose and Ross. Amazon.

I did not understand the internet. I didn't think that was a big deal, but networking shows up a lot and understanding it has helped me out enormously. This book is excellent, too. It is extremely readable, almost colloquial. It covers the network stack in depth (application/transport/network/link/physical!) as well as other important topics like network security and networked algorithms and data structures. Stuff like distributed hash tables, routing algorithms, and even large scale data center design. Seriously, this book is amazing.

Plus, I was surprised at how many times I've been asked a networks question in interviews. That's not to be sneezed at.

I think you're going to suffer too much with broad strokes. All of the things you've mentioned have their own usecases really. You should focus on one of them and learn it before deciding whether you want to try another.

Although, you can also just do 'X vs Y' for all of those things you've mentioned and see articles on the differences between them as well as what they actually do.

Before you start any of the learning on any of those things though, you should definitely take one or two JS courses. Code School, Code Academy, Udemy all have great courses on Javascript. A couple of books I'd definitely recommend are Clean Code and Javascript, the Good Parts, I'd say these are ubiquitious and essential reading for any developer looking to get better.

Less and Sass are for doing stylesheets better. They basically introduce programming concepts like functions and variables into CSS.

Gulp and Grunt are task runners. Tests, minifying, linting and live previews can all be done with them.

Angular and React are basically front end frameworks built with flavours of JS. They introduce OO concepts into javascript and the MVVM/MVC way of working for the front end. The are markedly different from how they do things.

With the other things, there's basically a wealth of information for them.

Needless to say, you have a lot of reading and practicing to do. Luckily these days there's lots of examples and documentation for every one of the things you've mentioned.

Still, if it's their first time learning programming, Effective Java probably isn't the best fit. Most of its tips are the kind where you hear something for the first time, recognize it as common sense, then wonder why you didn't do it that way in the first place. However, its tips won't really be of use to someone who hasn't grasped object oriented programming yet.

Chapters 3, 4, 7, and 8 (of 10) are probably the ones that a beginner would get the most use out of. (Amazon's Look Inside has a TOC, which actually lists out all the tips in the book, so you can verify this yourself.) The other chapters are fairly specific to Java, which may be "in the weeds" and a bit too specific to Java to be immediately useful to a first-time learner. That criticism also somewhat applies to Chapter 3, but your friend is probably already working with methods inherited from the Object class (such as toString()), so that one would be useful to them.

Also, Effective Java is available freely online from an .edu extension, so (more than likely, but can't really verify) legitimately. I do own a copy, myself, but that's something to consider.

For a book that is entirely general programming advice (and thereby more useful to a beginner), I'd instead recommend Code Complete, second edition by Steve McConnell. You can open up that book to practically any page and find tips and best practices that can be applied to writing code in any lanaguage. It's also usually at least a bit cheaper than Effective Java.

The senior part is more of a technical grade level and not necessarily management... granted I'm in the lead role here, it's my first time as one. All I can say is what help me spring forward at a lull at mid-level was picking up Thomas Limoncelli's books, [the sysadmin one] (https://www.amazon.com/Practice-System-Network-Administration-Enterprise/dp/0321919165/ref=sr_1_1?ie=UTF8&qid=1512041042&sr=8-1&keywords=thomas+limoncelli) and [the cloud one] (https://www.amazon.com/Practice-Cloud-System-Administration-Practices/dp/032194318X/ref=sr_1_3?ie=UTF8&qid=1512041042&sr=8-3&keywords=thomas+limoncelli) /r/sysadmin recommends them too. These are your best practice books, these tell you why to do things, not how. It will turn you from being the guy that mops the floor in a burning building into knowing when to yell, "FIRE!"

Cert wise, unless a specific company or contract requires it, I don't bother with the time and money on certs if you already have years of experience on the books. I'd probably go for a Security+ and then go for a Red Hat and/or CCNA certification as they are both prestigious. Red Hat is a big deal just by its practical application test.

If you want to go into cloud related stuff, you might want to brush up on your programming. This is what is limiting me, I have very minimal bash scripting experience coming from military in the Windows world then making a move to Linux.

Honestly, I would focus on being both as they both overlap very often unless you are in really large stovepipe enterprise environments, but you never know if you need to make a move to something smaller where you have the many hats role. I'd get your degree in something Computer science related (CS, CIS, EE, CE, etc) and then go RHCSA/CE and maybe Sec+/Net+ or instead of Net+ just go for something Cisco related. My networking is Net+ strength at best and I resent not doing better when I was younger.

EDIT: Also, if you can do the math, BS is Computer Science all the way... sysadmins are still really kind of not doing well in the degree program department, mainly because were so... trade-like I guess. Honestly, we're the new Millwrights like my dad was. We keep the factory going and fix it when production stops. It's kind of cool actually, it's nice to be able to have some kinship to my dad in that way.

Learning to hack, with little knowledge of it, will be a journey. You have some background in CS which will definitely help.

Learning to hack, from scratch, is where things become difficult. Where do you start? How do you learn? Luckily there's a vast amount of resources to learn from online.

To start learning is a matter of what you prefer.

Like watching videos/lectures?
https://www.udemy.com/penetration-testing/
https://www.udemy.com/learn-ethical-hacking-from-scratch/

Prefer reading books on the subject?
https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641
https://www.amazon.com/Basics-Hacking-Penetration-Testing-Second/dp/0124116442

Most universities have Ethical Hacking / Cyber Security courses, can always check there.

I'd recommend learning Python, SSH, and the Linux Terminal in general to get started. But learning how those apply to hacking is a matter of learning and practice.

Hope this helped, and good luck!

Books that helped me to get the hang of JS

John Resig's Secrets of the JavaScript Ninja and Douglas Crockford's JavaScript: The Good Parts are pretty much the only ones worth reading in my opinion.

Projects

The best thing would be to build something you want to use yourself. Maybe you try cordova and build a small app with the browser platform so that you can create a simple App that you can bring to your Smartphone.

More advise

Read a lot of code: TODO MVC is a good place to start, people try to write good code for this one because they want you to use their framework :-). The problem with the source code of many projects is that the JS ecosystem is in a constant flux and ES6 modules are skyrocketing right now. You may want to check out the jQuery source code - you can pretty much watch the evolution by looking at older versions of the source code and how it evolved.

If you feel really adventurous the NodeJS source code is a fun read - although it's a very big project that also got some C/C++ code sprinkled in - but that shouldn't be a problem for you :-).

I would advise you not to bother reading the Angular1 code for the time being, Angular2 maybe interesting but its written in Microsoft's TypeScript - which is a nice language on top of JS that is worth learning about.

Your most important starting step is to make sure that you have the foundational knowledge, at least at a conceptual level. I'm a big fan of books, so I would recommend a few to you.

Pick ONE of these. Exam is not necessary, but recommended:
Mike Meyers CompTIA Network+ All-in-One Exam Guide
Todd Lammle's CCENT Study Guide - ICND1

Pick ONE of these. Pay attention to business terminology as well. Again, exam is not necessary, but recommended:
Mike Meyers CompTIA Security+ Certification - SY0-501
CompTIA Security+ All-in-One Exam Guide
Darril Gibson SSCP All-in-One Exam Guide

100% read this. It's the Bible of Python scripting. Second edition is brand spanking new too:
Automate the Boring Stuff with Python

This is a good all-around Penetration Testing book that teaches Linux too. You don't *have* to use Kali, Ubuntu is probably less intimidating to those new to Linux, but you will have to install your own software/packages. This is the only book on this list I haven't read, but I often see it recommended:
Penetration Testing: A Hands-on Introduction to Hacking

While you read these books, you should install some kind of Linux distro on a home computer and use it for practice. I would also recommend doing HackTheBox(first challenge is to hack the login page) and starting with the easy boxes. Do as much as you can on your own first, but if you get stuck, watch IppSec's YouTube walk-through for the box you are on. Might be a bit overwhelming until you get through most of the books on that list though.

You should also start looking towards either the eJPT/eCPPT, the OSCP, or GPEN at this point, as those are the best value certifications in this field and will hold a lot of weight at an interview. There's some stigma with certifications in IT/CS, but the ones I listed are all baseline knowledge and/or high value for those in this field. At the very least the knowledge will go far. But definitely avoid anything from EC-Council like the plague.

I'd go read books about the A+ cert (you don't need to certify but it's great material).

For other technical things I recommend a lot of books that are amazing:

• Clean Code: A Handbook of Agile Software Craftsmanship
  
  
• Computer Networking: A Top-Down Approach (6th Edition)
  
  
• Introduction to Java Programming, Comprehensive Version (9th Edition)
  
  
• Scripting with Objects: A Comparative Presentation of Object-Oriented Scripting with Perl and Python
  
  
• Art of Computer Programming, Volume 1: Fundamental Algorithms (3rd Edition) WARNING: GOD TIER
  
  Use technology books to learn processes, not end results. To be a better IT person, you should know how computers work as a system, not how to do say "Map network Drive in Windows", learn how those drives are mapped, what are the underlying fundamentals?
  
  

Mastering Bitcoin by Andreas M. Antonopoulos.

It isn't meant for the average Bitcoin enthusiast, but is more aimed at the technically minded/coders/cryptographically minded user. Many security researchers may well (IMO) have to deal with blockchain related security in the future, so having a decent knowledge of how Bitcoin (the tech) and bitcoin (the currency) works can only be advantageous as this field develops. Even if you don't think that your current role in security won't have to deal with this field, I would still advise you read the book as it is a fascinating read. There is also another version called The Internet of Money that is aimed at those who may not be so technically minded, but still have a genuine interest.

And if you look at the comments attached to that same thread youd see :

> "Good coding practice" should never be sufficient reason in itself. It amounts to "some guys on the internet said this is how my code should look".

And if you bothered to actually read Crockfords notes on this matter :

> All variables should be declared before used. JavaScript does not require this, but doing so makes the program easier to read and makes it easier to detect undeclared variables that may become implied globals. Implied global variables should never be used. Use of global variables should be minimized.

> The var statement should be the first statement in the function body.

> It is preferred that each variable be given its own line and comment. They should be listed in alphabetical order if possible.

Source : http://javascript.crockford.com/code.html#variable%20declarations

Youll see that he never says 'always using var is good coding practice'. He says to declare them before use (and I suggest giving them a value too), but nothing about requiring var or var being part of good practices. And why is this? Because traversing up the scope chain (or not) is a feature of the language, and not a bad one if you bother to watch his video or read his book.

Crockfords video (should be required watching for all javascript devs) His video : https://www.youtube.com/watch?v=hQVTIJBZook

And his book, Javascript the good parts

Looks like most of your knowledge and experience so far is with imperative/object-oriented programming. You might want to have a look at functional programming, just to get some perspective. Scala, Erlang or Haskell could be some good choices here, or even Ruby (if you make use of blocks and don't use mutable data). Actually, Ruby is pretty cool and very versatile and practical, that could be a good language choice as well, and you would also be able to make use of your prior knowledge with OO programming.

One other thing that you could do with this time is to read some books! There are some wonderful "generic" titles that every programmer should read, in my opinion. Have a look at The Pragmatic Programmer, Clean Code and Code Complete, for starters. These might get you really inspired and pumped up for the undergrad college and computer science classes, as well as give you some good tips on new things to learn.

If you're just getting into CS and programming at all, and you're interested in Javascript, I'd recommend learning Javascript itself first, before you decide to start using libraries and frameworks that may do a lot of special stuff and magic that will abstract away parts of the language from you. There are plenty of resources like Mozilla's tutorial and the relatively short Javascript: The Good Parts that you can learn from. Do CS-related exercises with what you learn. You can go to sites like Coursera/edX and do intro CS material and do the assignments/problems in the curricula, or do things like Project Euler or things from /r/dailyprogrammer.

After that I'd start looking at more of the stuff out there, like Node.js or React or Ember or whatever. I'm rather partial to React.js and RActive myself for front-end rendering, but I'd encourage you to read and experiment with many of the things out there, since each thing brings something different to the table.


---

Now for your question specifically...

I'm not much of a front-end person or Javascript developer, so I'm probably not the best person to ask. I last used jquery about 5 years ago, and at one point I also worked in the same company with some of the people who wrote You Might Not Need jquery. These days, I'd say to skip jquery for various reasons:

• Modern browsers are just much better and if you don't have to support old browsers (I'm talking IE8 or older), jquery is probably unnecessary.
  
• There are replacements for certain parts of jquery functionality, depending on what that functionality is
  
• ES5/ES6 (through babeljs) can replace some of the functionality that jquery handled
  
• React.js and more full-fledged frameworks exist - React.js and frameworks like Ember.js or AngularJS, which have components that manipulate the DOM, have become very popular and are basically jquery replacements.
  
  

Depends on what you want to learn.

Web Application Security?

Exploit Development?

"Pentesting" techniques?

Also check here for tons other of resources.

As for certs, if you are a beginner beginner, then probably stuff like Security+ and Network+. Unlike the guy behind me, I will never get, nor do I really recommend CISSP, unless you are going for strictly blue team (defense) work. I personally enjoy red team (pentesting, etc), so something like OSCP would be more useful.

Like I said in a post above, feel free to PM me with questions. I'm always happy to help others on their quest to learn more about the wide world of infosec :)

15 is really young. If you're relatively presentable, you might want to try Hyvee.

That said, it looks like from your profile that you have an interest in math and coding.

If this is something you're naturally skilled at, you shouldn't be working in fast food. You should be ignoring temporary financial gains to put yourself in the best place possible for college and technical internships.

The primary way to do that is to double down on your academics. At 15, you'll probably be going into your sophomore year? Don't accept any grade but an A from here on out. There's just no reason for it. You're obviously not retarded and school is easy.

Grab an ACT/SAT prep book. Take every practice test you can find until you get your scores into the absolute highest percentile you're able to.

If available, join a cyber academy, coding, math or robotics club at your school.

Go to things like this:

http://siliconprairienews.com/2014/08/meca-challenge-2014-preview/

Read books like these:

http://www.amazon.com/Code-Complete-Practical-Handbook-Construction/dp/0735619670
http://www.amazon.com/The-Pragmatic-Programmer-Journeyman-Master/dp/020161622X
http://www.amazon.com/Clean-Code-Handbook-Software-Craftsmanship/dp/0132350882


You'll lose a few thousand dollars over the next few years from working a shit job but you'll also be able to get a technical internship as soon as you turn 18 making double/triple minimum wage, while you gain proficiency in a relevant field.

You'll also go from $Texas in student loan debt to a free ride, saving you 30,000 to 100,000+ depending on what school you can get into on scholarship.

You may be 15 but I have to disagree with anyone else that you're only worth minimum wage. Everyone has skills they can work on and if you really want to help your family in the long term, work on what will make you successful.

If you have any questions regarding any of this, PM me.