Yes, there is a lot of growth for Linux administrators.

I can't speak for the LPIC but you should get The Linux Bible and The Linux Command Line and Shell Scripting Bible and work through those. Then take the RHCSA and RHCE.

The Linux Bible

Linux Command Line and Shell Scripting

I don't know where you're located where junior administration can't lead into auditing or information security but you should build a lab and start building that knowledge and gaining experience. Chris Sanders has great books on the subject and an amazing website.

http://chrissanders.org/

He uses Linux for network monitoring and analysis.

There are also a slew of magazines and podcasts out there to keep you motivated, entertained, and educated. Jupiter Broadcasting is something I really enjoy. They took me from a Linux fan into an enthusiast into a professional. Linux Unplugged, Linux Action Show, TechSnap... Even the quirky BSD guys are awesome.

Linux Format is a great magazine, Admin is good, Linux Journal is hit or miss for me but it hits the spot when I'm looking for something off the wall or a project.

There are also subs on this site that are helpful and fun. /r/linuxadmin is interesting, /r/linuxmasterrace is GOAT, /r/linux is... Linux... /r/gentoo is beardly, /r/archlinux is -- READ THE WIKI.

If you get those books, which I can't recommend enough, start playing with Python too. Don't get Learn Python the Hard Way, get something like Python Crash Course which is significantly better. Your mileage may vary, this is just my opinion.


Good luck! Best thing to do is get a distro and start learning. Read the man pages/wikis, and then post a question. That will help you a lot in the coming days ;)

I looked at the FreeCodeCamp curriculum, it looks good for an entry level javascript developer, so since you already started it, you might as well finish it (since, like I said, everybody implicitly expects you to know at least one of python/js/perl as well as HTML+CSS).

2 hours per day is a bit too little IMO - but I understand that it's hard to find time when you have a demanding job and a family that needs time and attention. Just study as much as you can, 2h being the mininum (do keep in mind that CS students, your competition, will be studying at least 8h/day for at least 4 years with tons of homework and more advanced material). So you should probably focus on studying more in the weekends (just typing and thinking about this, I'm actually lucky I started when I was a kid, with all my bills paid for!)

Anyways. You should focus on getting a job first - do keep doing the FreeCodeCamp, as many hours in the day and weekends as you can. Explain to your significant other, if you haven't already done so, your plan - that you're studying hard to upgrade your career, that it might take some time away from them but it will pay off in the long run, etc. Ideally you should be studying at least 4h/day, so try to keep close to that, study more on weekends if necessary. Check this guy for reference on his plan and what he's studying (and note that he's studying full-time - a luxury, I know, but just to put your 2h/day into perspective). This guide is helpful too. Note that you don't need to know all that to get an entry-level development job, but keep that plan in mind for the long run (as you progress your career).

Once you finish the FreeCodeCamp, or even before (I would say, once you finish "Basic Algorithm Scripting"), try doing some local interviews if you can do it without jeopardizing your current job just to get a feel of how interviews work. You won't be trying to get a job (but hey, if you do, awesome), this is just to get your feet wet on interviewing (which is a skill in itself). Since you're not shooting to get a job right now, you won't be as nervous, which is the state of mind you want to be in. If you're relaxed you can talk better, think better, make jokes, be more presentable, which is great - this will put you in the right mood for your future interviews. Try finding people online that can do mock interviews with you in the area you will be focusing on (web/javascript/frontend initially).

Once you're past the basic HTML/CSS part and you start studying JavaScript, I suggest you look into Python as well at the same time. It is a very simple language, quick to learn, and will double your opportunities for employment. As you study both at the same time, you might notice that you like one or the other better - if that happens, focus more on the one you like better, this will accelerate your learning and get you ready for a job faster in your chosen language.

At one point you'll finish HTML/CSS and JavaScript+Python (finish as in be comfortable with them - you'll see that you'll still learn new things as years go by, it will take a few years for you to "master" them). After you're comfortable with JavaScript and Python (and hopefully gainfully employed in development), start studying that book (where you'll learn a GREAT deal about many important things, it will be a dense read, and you will come out of it knowing assembly and C) and then you can focus on algorithms and exercising your thinking with algorithmic puzzles and how computer networks work, operating systems and everything that is generally on this list.

Then after studying all that and with 2-4 years of experience under your belt (and still studying 4h/day), you can start thinking about the next level in your career and preparing for it (larger companies, mid to senior positions, etc) - add a couple more years of experience and you'll be ready to interview for large Valley companies (Google, Apple, FB, etc).

If you plan to self-study all the way through and never join an University, you can look into full-fledged CS courses online and follow that to get a complete theoretical background on CS (that all your colleagues will eventually have and expect of you, at some point in the future).

A lot of recommendations for TCP/IP Illustrated. It's a great book, but it's more concerned with host TCP/IP stacks, rather than actual network hardware. In my opinion: Interconnections: Bridges, Routers, Switches, and Internetworking Protocols, another excellent textbook which has very little intersection with the TCP/IP Illustrated series covers more relevant information for a hands-on network administrator. Steven's has a developers mindset approach, so if you're working with a host TCP/IP stack (as a developer, or tuning as a systems administrator) it might actually be more handy, but if you don't dabble much as a developer (if gethostbyname() or sockaddr_t means nothing to you then this isn't the book for you). As someone who has read many of these books and worked as a network admin for the past 7+ years, the theory and knowledge gleaned by the book is incredibly useful but not essential for a network administrator.

The aforementioned link to the book I mentioned in my opinion is wonderful and definitely worth reading. Furthermore, original RFCs make for great reading when the time is right. Also, buff up on network security and cryptography, for which I would recommend: Network Security: Private Communication in a Public World; probably the best introductory book on this matter.

Once you've mastered the basics of being a network administrator, then you should broaden your scope and maybe revisit TCP/IP Illustrated and maybe Unix Network Programming and other great books on the topic. I would also recommend picking up programming languages and the like, writing your own tools, maybe reimplementing traceroute to get an understanding of low-level network programming (and of course the traceroute algorithm). I should also mention, for a systems admin, it's essential you learn how to automate/program. Don't trust the tools that you're given, at best they're mediocre, at worst they don't work or come with support. You will need to be able to readily provide the support that you won't get from vendors, and it's always going to be an uphill battle. Less so with network administration, but it happens quite a bit as well.

Anyway, that's my advice. But when I read TCP/IP Illustrated as the essential book for a Network Administrator, it reminds me of people suggesting The Art of Computer Programming to a novice programmer. Those books are more advanced than you expect.

Books on project management, software development lifecycle, history of computing/programming, and other books on management/theory. It's hard to read about actual programming if you can't practice it.

Some of my favorites:

• Code: The Hidden Language of Computer Hardware and Software - GREAT choice I notice you already have listed. Possibly one of my favorite, and this should be on everyone's reading list who is involved in IT somehow. It basically how computers and programming evolved and gets you in a great way of thinking.
  
  
• The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography - Another great history book on code and how things came to be. It's more about crypto, but realistically computing's history is deeply rooted into security and crypto and ways to pass hidden messages.
  
  
• Software Project Survival Guide - It's a project management book that specifically explains it in terms of software development.
  
  
• The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers - A fun collection of short hacking stories compiled and narrated by Kevin Mitnick, one of the most infamous hackers. Actually, any of Mitnick's books are great. Theres a story in there about a guy who was in jail and learned to hack while in there and get all kind of special privileges with his skills.
  
  
• Beautiful Data: The Stories Behind Elegant Data Solutions - Most of the books in the "Beautiful" series are great and insightful. This is one of my more favorite ones.
  
  
• A Guide to the Project Management Body of Knowledge: PMBOK(R) Guide - THE guide to project management from the group that certifies PMP... boring, dry, and great to help you get to sleep. But if you're committed enough, reading it inside and out can help you get a grasp or project management and potentially line you up to get certified (if you can get the sponsors and some experience to sit for the test). This is one of the only real certifications worth a damn, and it actually can be very valuable.
  
  You can't exactly learn to program without doing, but hopefully these books will give you good ideas on the theories and management to give you the best understanding when you get out. They should give you an approach many here don't have to realize that programming is just a tool to get to the end, and you can really know before you even touch any code how to best organize things.
  
  IF you have access to a computer and the internet, look into taking courses on Udacity, Coursera, and EDX. Don't go to or pay for any for-profit technical school no matter how enticing their marketing may tell you you'll be a CEO out of their program.

Umm, I think Python is a good language to start with. It's forgiving and low on boilerplate code. I haven't read it but Learn Python the Hard Way by Zed Shaw is supposed to be decent (and it's free online). I didn't like Learning Python published by O'Reilly. I'd just read reviews on Amazon if Learn Python the Hard Way isn't working for you. Whichever you end up with, I recommend typing all examples from the book into the computer by hand. Something about doing this really helps make things stick in your head. You'll also make the occasional typo and have to debug your program which is something we programmers spend more time doing than any of us care to admit.

I think it is important to try to think of something you want to make and have it in mind while you are learning the language. It can be any software but I recommend a video game. They are really good for this because you can just think up a simple concept or implement your own version of an existing game. Having a goal makes it so you are constantly solving the problems you will encounter while trying to reach that goal which is the most important part of programming (more so than learning the syntax of the language). This is actually the highest rated Python book on Amazon and is all about gamedev with Python.

After you've learned Python to the point where you are comfortable (no need to master it), learn other languages to grow as a programmer. Once you've gotten a couple languages under your belt it's actually really easy to learn even more languages (unless it's a very odd language like Haskell, Lisp, or Brainfuck). The problem solving skills you've acquired often work in any language and you learn some new techniques as you learn new languages.

• Accelerated C++ is the go-to these days for C++.
  
• The C Programming Language is often recommended for learning C but it's pricey and there are dozens of good books on C to choose from.
  
• Head First Java gets recommended a lot for learning Java.
  
• C# In Depth is very highly rated and happens to be written by the guy with the largest score on StackOverflow (a kind of Q&A for programmers).
  
• The D Programming Language I really enjoyed.
  
• Programming Ruby 1.9 is often recommended but it felt more like a reference manual to me. There are higher rated books on Amazon.
  
  

Wow, 24 hours and no replies?!

Fine, you know what? FUCK IT!

Alright, first off - While you can concentrate on physical, understanding the basics of the digital side of things will make you more valuable, and arguably more effective. I'll take this opportunity to point you at Metasploit and tell you to atleast spend an hour or so each week working to understand it. I'm not saying you have to know it backwards or inside-out, just get a basic understanding.

But you said you want to go down the physical path, so fuck all that bullshit I said before, ignore it if you want, I don't care. It's just a suggestion.

Do you pick locks? Why not? Come on over to /r/Lockpicking and read the stickied post at the top. Buy a lockpick set. You're just starting so you can go a little crazy, or be conservative. Get some locks (Don't pick locks you rely on!) at a store, and learn the basics of how to pick.

Your fingers will get sore. Time to put down the picks and start reading:

• Social Engineering - The Art of Human Hacking
  
• Practical LockPicking - A Physical Penetration Tester's Training Guide
  
• No Tech Hacking - A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing
  
• Unauthorised Access - Physical Penetration Testing For IT Security Teams
  
• Ninja Hacking - Unconventional Penetration Testing Tactics and Techniques
  
• Metasploit - The Pentration Tester's Guide (OPTIONAL but suggested)
  
• The Basics of Hacking And Penetration Testing - Ethical Hacking and Penetration Testing Made Easy (OPTIONAL but suggested)
  
• Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks (OPTIONAL but suggested)
  
  That reading list right there gives you over 2000 pages to read. Read. Read More.
  
  Tired of Reading? Have you been listening to the Social-Engineer.org Podcasts? 53 quality podcasts right there. Time to catch up!
  
  Tired of listening? Take a break! And by "Take a break" I mean grab your lockpicks, a lock, and start picking while you relax with a Jayson Street video. He's fun to watch, and will hopefully distract you while you try picking a lock. Also, he highlights how you don't have to be a computer-genius to be good at PenTesting. Go watch more of his videos while you pick locks - It's entertaining at least, and informative/educational at best. Now go watch Deviant Ollam's videos if you're done with Jayson Street.
  
  Sounds like a lot? It's not. You'll spend a bit of money getting started with picks, locks, and books. It's the nature of the game, no good way around it. It's time-consuming. You may have to give up playing your favourite games for a while. But the things you learn and skills you develop will pay more than that game did. By the time you're halfway through any one of those books you'll have a much better idea of what questions you want or need to ask in order to progress further and faster every day.
  
  Go to Security Cons. DerbyCon is awesome, and happens in late September, plenty of time to start saving money and making reservations. Talk to people, ask questions, and make connections. You will learn more in those 4 days than some people learn in months or years and you'll have tons of fun.
  
  If you can swing it, attend Deviant Ollam's "Physical Security Skills for Penetration Testers" class. The things you will learn in that class will make it worth every damned penny, and you'll feel like a bad-ass at the end of it.
  
  Is this what you wanted?

> For those who prefer video lectures, Skiena generously provides his online. We also really like Tim Roughgarden’s course, available from Stanford’s MOOC platform Lagunita, or on Coursera. Whether you prefer Skiena’s or Roughgarden’s lecture style will be a matter of personal preference.
>
> For practice, our preferred approach is for students to solve problems on Leetcode. These tend to be interesting problems with decent accompanying solutions and discussions. They also help you test progress against questions that are commonly used in technical interviews at the more competitive software companies. We suggest solving around 100 random leetcode problems as part of your studies.
>
> Finally, we strongly recommend How to Solve It as an excellent and unique guide to general problem solving; it’s as applicable to computer science as it is to mathematics.
>
>
>
> [The Algorithm Design Manual](https://teachyourselfcs.com//skiena.jpg) [How to Solve It](https://teachyourselfcs.com//polya.jpg)> I have only one method that I recommend extensively—it’s called think before you write.
>
> — Richard Hamming
>
>
>
> ### Mathematics for Computer Science
>
> In some ways, computer science is an overgrown branch of applied mathematics. While many software engineers try—and to varying degrees succeed—at ignoring this, we encourage you to embrace it with direct study. Doing so successfully will give you an enormous competitive advantage over those who don’t.
>
> The most relevant area of math for CS is broadly called “discrete mathematics”, where “discrete” is the opposite of “continuous” and is loosely a collection of interesting applied math topics outside of calculus. Given the vague definition, it’s not meaningful to try to cover the entire breadth of “discrete mathematics”. A more realistic goal is to build a working understanding of logic, combinatorics and probability, set theory, graph theory, and a little of the number theory informing cryptography. Linear algebra is an additional worthwhile area of study, given its importance in computer graphics and machine learning.
>
> Our suggested starting point for discrete mathematics is the set of lecture notes by László Lovász. Professor Lovász did a good job of making the content approachable and intuitive, so this serves as a better starting point than more formal texts.
>
> For a more advanced treatment, we suggest Mathematics for Computer Science, the book-length lecture notes for the MIT course of the same name. That course’s video lectures are also freely available, and are our recommended video lectures for discrete math.
>
> For linear algebra, we suggest starting with the Essence of linear algebra video series, followed by Gilbert Strang’s book and video lectures.
>
>
>
> > If people do not believe that mathematics is simple, it is only because they do not realize how complicated life is.
>
> — John von Neumann
>
>
>
> ### Operating Systems
>
> Operating System Concepts (the “Dinosaur book”) and Modern Operating Systems are the “classic” books on operating systems. Both have attracted criticism for their writing styles, and for being the 1000-page-long type of textbook that gets bits bolted onto it every few years to encourage purchasing of the “latest edition”.
>
> Operating Systems: Three Easy Pieces is a good alternative that’s freely available online. We particularly like the structure of the book and feel that the exercises are well worth doing.
>
> After OSTEP, we encourage you to explore the design decisions of specific operating systems, through “{OS name} Internals” style books such as Lion's commentary on Unix, The Design and Implementation of the FreeBSD Operating System, and Mac OS X Internals.
>
> A great way to consolidate your understanding of operating systems is to read the code of a small kernel and add features. A great choice is xv6, a port of Unix V6 to ANSI C and x86 maintained for a course at MIT. OSTEP has an appendix of potential xv6 labs full of great ideas for potential projects.
>
>
>
> [Operating Systems: Three Easy Pieces](https://teachyourselfcs.com//ostep.jpeg)
>
>
>
> ### Computer Networking
>
> Given that so much of software engineering is on web servers and clients, one of the most immediately valuable areas of computer science is computer networking. Our self-taught students who methodically study networking find that they finally understand terms, concepts and protocols they’d been surrounded by for years.
>
> Our favorite book on the topic is Computer Networking: A Top-Down Approach. The small projects and exercises in the book are well worth doing, and we particularly like the “Wireshark labs”, which they have generously provided online.
>
> For those who prefer video lectures, we suggest Stanford’s Introduction to Computer Networking course available on their MOOC platform Lagunita.
>
> The study of networking benefits more from projects than it does from small exercises. Some possible projects are: an HTTP server, a UDP-based chat app, a mini TCP stack, a proxy or load balancer, and a distributed hash table.
>
>
>
> > You can’t gaze in the crystal ball and see the future. What the Internet is going to be in the future is what society makes it.
>
> — Bob Kahn
>
> [Computer Networking: A Top-Down Approach](https://teachyourselfcs.com//top-down.jpg)
>
>
>
> ### Databases
>
> It takes more work to self-learn about database systems than it does with most other topics. It’s a relatively new (i.e. post 1970s) field of study with strong commercial incentives for ideas to stay behind closed doors. Additionally, many potentially excellent textbook authors have preferred to join or start companies instead.
>
> Given the circumstances, we encourage self-learners to generally avoid textbooks and start with the Spring 2015 recording of CS 186, Joe Hellerstein’s databases course at Berkeley, and to progress to reading papers after.
>
> One paper particularly worth mentioning for new students is “Architecture of a Database System”, which uniquely provides a high-level view of how relational database management systems (RDBMS) work. This will serve as a useful skeleton for further study.
>
> Readings in Database Systems, better known as the databases “Red Book”, is a collection of papers compiled and edited by Peter Bailis, Joe Hellerstein and Michael Stonebreaker. For those who have progressed beyond the level of the CS 186 content, the Red Book should be your next stop.
>
> If you insist on using an introductory textbook, we suggest Database Management Systems by Ramakrishnan and Gehrke. For more advanced students, Jim Gray’s classic Transaction Processing: Concepts and Techniques is worthwhile, but we don’t encourage using this as a first resource.
>

> (continues in next comment)

I have recently read this book. I didn't like it at all. Just to give you an idea of my skill level, so you can compare it with where you are at, I've been doing HTML/CSS/Javascript for over a decade. My Javascript skills though have been more script line by line style as opposed to OOP intermediate level stuff. So I bought this book look to increase my Javascript skills.

While the book says its HTML5 with Javascript programming, it doesn't really cover the basics very well for either, even saying you should be familiar with both before reading it. At the same time, it spends half the book, quickly covering the basics, in such little depth, I would struggle to understand who its for.

The second half of the book, just spends one chapter at a time going over the various HTML5 APIs and how to use Javascript with them. For a 600 page book, there is so much fluff here, its unbearable. Its a really poor book. Its not for beginners, but its probably too simple for intermediates.

...

If you need to know HTML/CSS I'd highly recommend http://www.htmlandcssbook.com/

You'll want to install Sublime Text to do your work in it.
You'll want to create a Github account and download the client and learn how to version control.

After you've done the HTML/CSS book. I'd recommend learning about SASS from DevTips https://www.youtube.com/watch?v=1XmUUa_pWw8

You can install CodeKit to make compiling it easier.

...

For Javascript, I recommend "A Smarter Way to Learn Javascript" https://www.amazon.com/Smarter-Way-Learn-JavaScript-technology/dp/1497408180/ref=sr_1_1?ie=UTF8&qid=1473808304&sr=8-1&keywords=a+smarter+way+to+learn+javascript

It's a really good, QUICK, and straight to the point book on beginner Javascript. ~250pages

Then... If you want to round it out, I'd recommend Head First Javascript Programming https://www.amazon.com/Head-First-JavaScript-Programming-Freeman/dp/144934013X/ref=sr_1_1?ie=UTF8&qid=1473808479&sr=8-1&keywords=head+first+javascript+programming. While being full of fluff, as is Head Firsts way, is a much better book than their HTML5/JS one. With a lot of great examples ~600pages

After that, I'd recommend Learning Web App Development https://www.amazon.com/Learning-Web-Development-Semmy-Purewal/dp/1449370195/ref=sr_1_1?ie=UTF8&qid=1473808519&sr=8-1&keywords=learning+web+app+development ~300pages which will start to introduce the full javascript stack to you.

...

I hope that helps mate.

Nand to Tetris (coursera)

the first half of the book is free. You read a chapter then you write programs that simulate hardware modules (like memory, ALU, registers, etc). It's pretty insightful for giving you a more rich understanding of how computers work. You could benefit from just the first half the book. The second half focuses more on building assemblers, compilers, and then a java-like programming language. From there, it has you build a small operating system that can run programs like Tetris.

Code: The Hidden Language of Hardware and Software

This book is incredibly well written. It's intended for a casual audience and will guide the reader to understanding how a microcontroller works, from the ground up. It's not a text book, which makes it even more more impressive.

Computer Networking Top Down Approach

one of the best written textbook I've read. Very clear and concise language. This will give you a pretty good understanding of modern-day networking. I appreciated that book is filled to the brim of references to other books and academic papers for a more detailed look at subtopics.

Operating System Design

A great OS book. It actually shows you the C code used to design and code the Xinu operating system. It's written by a Purdue professor. It offers both a top-down look, but backs everything up with C code, which really solidifies understanding. The Xinu source code can be run on emulators or real hardware for you to tweak (and the book encourages that!)

Digital Design Computer Architecture

another good "build a computer from the ground up" book. The strength of this book is that it gives you more background into how real-life circuits are built (it uses VHDL and Verilog), and provides a nice chapter on transistor design overview. A lot less casual than the Code book, but easily digestible for someone who appreciates this stuff. It culminates into designing and describing a microarchitecture to implement a MIPS microcontroller. The diagrams used in this book are really nice.

I am currently a penetration tester with a small Healthcare penetration company. We perform black box security tests for Hospitals and Health Care organizations.

If you are looking for actual schooling then I suggest looking for a university with a Network Security/Information Assurance Degree. There are not too many with dedicated degrees, but it is becoming a much more popular field.

Most importantly go get some literature on the subject. Although reading can not take the place of actual experience, most books these days are designed to go along side of hands on experience or provide information if you wish to "further refine your skills".

If you are new to security I would suggest "The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy" By Patrick Engebretson. It is a great entry level book designed to introduce you to the concepts of penetration testing.

If you want to get down and dirty quickly "
Metasploit: The Penetration Tester's Guide" By David Kennedy is another great book though a bit more technical then the last.

These are only a few of many great books. If you want to become a good penetration tester, taste the fundamentals and then pick a focus to get good at. There are few jacks of all trades in Penetration testing.

Three esxi servers, each with more than one NIC, and one separate vcenter server is a great starting point. This allows you to tune DRS, HA, and even fault tolerance. Once you get that down, you'll want to be able to tune VMs properly to run most effectively in a virtual environment.

I enjoyed reading these books, though some are "dated" now, the contents are still very relevant. They won't get you anywhere in particular by themselves, but when you combine them with the self-teaching nature of sysadmins I've previously described, these will generously add to your toolset.

HA and DRS deepdive
Sed & Awk

Mastering Regular Expressions. I use rubular.com often.

Pro Puppet

Anything by Bruce Schneier is usually worth your time.

Though I no longer administer a large number of Windows machines, I am a huge fan of Mark Minasi. The Server 2003 book was super helpful in building and maintaining Windows Domains.

I have an old edition of the DNS and Bind book kicking around somewhere.

Understanding the Linux Kernel has largely been useful to me when doing anything "close to the kernel". Not a good beginner's book.

I've never used an apache book, but I enjoyed the Varnish book. This definitely helped me.

Of course, these books don't cover everything, and those listed are relevant to my interests so your mileage may vary. You'll never go wrong teaching yourself new skills though!

EDIT: I forgot about the latest book I've read. I used tmux for a little over a year before purchasing a book on it, and it has improved my use of the program.

>For example: If I have a hardware server with 1 CPU, 4 cores, and 8 gb of RAM, can I run 4 simultaneous machines with 1 core and 2gb RAM assigned to each? Or does ESXI handle it by how much each one is being used?

If you don't want to overcommit the host at all (e.g. you want a hard guarentee that all of those VMs will always have 100% of their resources available, yes. Most people, however, expect to do some overcommitment. The extent to which you can do this is completely workload dependent, but it ranges from 1:1 on the lowend (your example) to 10:1 or even higher (e.g., you have 4 cores phsyically and you've built 40 cores worth of VMs, or 80GB worth of VM memory).

>I noticed that if I boot up a machine with 2gb of RAM assigned, it seems to allocated 2gb used in the ESXI summary page. To me, that implies I need that much physical RAM to really be there.

Allocated != Used (which does not equal 'Active', or 'Shared' or 'Granted', etc). Allocated is just the amount you put in when you configured the virtual machine. The most 'relevant' value for what you are looking for is probably 'Active' and/or 'Granted' - this is a better indication of what the VM is actually using currently.

>CPU seems different though. Do I need a core per PC, or could I assign 2 cores per PC and still run 4 PCs simultaneously without issues?

CPU and memory can be overallocated in the same ways. For every physical core in your system, you can allocate up to (I believe) 25 virtual cores. So your system could reasonable have 100 virtual CPUs running at the same time....Now, with a 25:1 virtualCore:physicalCore ratio, you have a pretty reasonable chance of some serious contention issues if all those VMs need to execute something at the same time, so you probably wont be able to actually achieve that but that brings your next question

>I guess a lot of this depends on how hard the machines are each being run as well.

Exactly. Some environments I've seen hit 20:1 ratios (vCore:pCore, or vMem:pMem), some maxed out at 3:1 based on their workload. You just have to try it and see (and VMware has tools to help try and estimate this).

>If someone could clarify this for me, or point me in the direction I can go for this info, that would be great! Thanks!

This is a good start. There's an in depth guide on memory management here: http://www.vmware.com/files/pdf/perf-vsphere-memory_management.pdf

If you want proper documentation, 'Mastering vSphere 5.5' by my buddy Scott is very good, and almost the bible for this stuff: http://www.amazon.com/Mastering-VMware-vSphere-Scott-Lowe/dp/1118661141

Lastly, the VMware ICM (Install, Configure Manage) course is very good (albeit a bit pricy).

IIRC, if there are multiple equally specific best matches you'll get a compiler error, and will have to disambiguate by making the call as you would with a normal static method. There are potentially issues if you recompile your code and the libraries you use have since added better-matching but functionaly incompatible extension methods, but I don't think there's any real solution to this, and it's unlikely to be a problem with well-designed libraries.

You're certainly correct that extension methods should be defined very carefully and sparingly. The ever-valuable Framework Design Guidelines has a number of recommendations, the first of which is to avoid "frivolously" defining extension methods.

A good IDE such as Visual Studio can tell you that Select is an extension method, which does help to some extent. Also, I suspect the vast majority of uses of extension mathods are through implementations of the LINQ patterns, in which case it's pretty clear from the usage.

Although extension methods can be used to extend existing sealed classes or as cute helpers, or for adding "instance" methods to interfaces, their primary use is for LINQ. It's fascinating how several C# 3.0 & 2.0 features that are individually quite interesting - extension methods, lambdas, type inferencing, iterators, generics, object initializers - combine with the LINQ-to-objects library to form something that's greater than the sum of the parts.

And that's not even getting into fascinating things like expression trees, the AsParallel() extension method, LINQ-to-SQL, the Rx framework...

There are a couple things i'd recommend to start with. First, figure out how you learn best. For me it's physical books. I get bored and distracted with videos and pdf's get forgotten about. I'd definitely getting some decent reference material. Here are some of my favorites:

• The Python Pocket Reference
  
  
• The Bash Pocket Reference
  
  
• The Linux Pocket Reference
  
  
• The Linux Bible
  
  
• Literally anything by No Starch Press They're excellent books, fun to read and look great on a shelf.
  
  
  Kali on a raspberry pi is fine but i would not recommend starting with Kali. It's not a beginners Distro. If you can, i'd recommend picking up a cheap 2.5" hard drive for your laptop and swapping it with the Windows drive, or dual booting works too. Install a linux distro and eat your dogfood. Ubuntu and Linux Mint are great for beginners, with Mint and the cinnamon desktop being very similar to Windows 7.
  
  Centos or Fedora are also good. Fedora is based on Red Hat Enterprise linux, so it's very similar to what you'd find in an business enterprise environment. Centos takes it further though. It's literally just RHEL without branding or paid support.
  
  All of these (apart from RHEL) are free and all would be a good jumping off point. The only real difference between them all is the package manager and Desktop environment. Red Hat uses 'yum' while Debian uses 'apt'.
  
  Once you find one you like start practicing. Nearly all utilities you'll find will have a graphical user interface but the command line is always going to be more extensible/powerful. If nothing else get the Linux and Bash pocket references and test administering your own system. Try using the command line for python instead of IDLE. Learn to reboot/shutdown, install/update/upgrade/search with your package manager, try to make your system faster and document everything you do. EVERYTHING.
  
  You'll be a pro in no time.
  
  (I'm serious about the documenting. It's important. If you don't believe me check out some of the stories u/patches765 posts in r/talesfromtechsupport. It's like documentation is his superpower.)

I'd like to preface this by saying that I am certainly not the world's greatest security expert and that there are many people who are more qualified to speak to this matter. Hopefully some of them will see your post and chime in.

In my experience the less complex the product is, the easier it is to both maintain and secure. Therefore, knowing what you're building and how to build it gives you much better control over the security of it. Unless you're apart of an extremely tight-knit team that includes your SysOps and DevOps people or you're developing the product and the product's host environment by yourself, then there will always be aspects of security outside of your control. However, putting time and effort into the security of the product itself is typically a rewarding investment.

Books:

• Threat Modeling: Designing for Security by Adam Shostack
  This book is focused on introducing security considerations into the phases of the SDLC. The information in this book is a bit more advanced than Security Software (included below) but not inaccessible to a beginner. Understanding architectural risk analysis is a valuable skill in any tech environment.
  
• Iron-Clas Java: Building Secure Web Applications by Jim Manico & August Detlefsen
  I would say this book is a must-have if you develop any sort of Java web app or API. The authors manage to cover a lot of territory in a very understandable format.
  
• Software Security: Building Security In by Gary McGraw
  Another book that is primarily aimed at introducing security into each phase of the SDLC. When I first started working in software development I found it extremely helpful at convincing some "old guard" types why red teaming products is extremely valuable. You may want to read this before reading Threat Modeling.
  
• The Practice of Network Security Monitoring: Understanding Incident Detection and Response by Richard Bejtlich
  Networking is definitely not my strongest skill but this book breaks down some concepts of network monitoring and threat detection in ways that are easy to understand.

Internet is a very complex global network of networks. Internet security is a bit vague term, what you really are looking for is network security, but even before you go for understanding security you first need to understand how network communication works. First understand the basics.

Network communication is made possible by hardware and software stack. Electrical/telecom engineers take care of the hardware part, i-e how the data has to be multiplexed into signals (see Frequency division multiplexing, Time Division Multiplexing) and transmitted over through some medium and de-multiplexed again at the receiver end.

Software stack is an implementation of set of protocols/standards through which communication between processes, devices and networks is made possible, the famous one is TCP/IP stack. There is another conceptual networking model OSI model as well but TCP/IP is the most well known and widely implemented protocol stack. Make yourself familiar with the TCP/IP stack, you should grasp basics like how different layers of stack communicate with each other and how different protocols work together to make the magic of internet possible.

You should learn the HTTP request/response flow and then relate it to what you have learned so far.

When you are done with these, move towards more advance stuff. Network security involves understanding about cryptographic algorithms that includes symmetric (eg AES) and public key cryptography (RSA) and hashing algorithms (SHA, MD5 etc). Get an overview about these systems, how and why they are used. These cryptographic algorithms/concepts Cryptography is based on mathematics especially number theory but you don't need to worry about that at the moment. Abstract understanding is important before you get into more details.

Learn about how SSL works. Exploits work at almost all levels of protocol stack, starting from exploits in HTTP and TCP to lower level packet sniffing and Man in the middle attacks. Learn a front end web language i-e javascript and at least know about one server side scripting language, PHP is one of the easiest to learn.

I recommend Computer Networking: A top down Approach by Kurose, this book explains the complex concepts in a very intuitive language and is used as a text for undergraduate networks course throughout the world.

Computer Networking: A Top-Down Approach

Cryptography and Network Security: Principles and Practice

There is another very good book TCP/IP Protocol Suite by Behroz Forouzan but the text is very dense and detailed, and usually is taught at advanced undergraduate or graduate level networking courses.

Read good and famous security blogs and Keep learning with a lot of patience. Cheers!

In my opinion; every book in this bundle is a bag of shit.

Here's a list of reputable books, again in my opinion (All links are Non-Affiliate Links):

Web Hacking:

The Web Hackers Handbook (Link)

Infrastructure:

Network Security Assessment (Link)

Please Note: The examples in the book are dated (even though it's been updated to v3), but this book is the best for learning Infrastructure Testing Methodology.

General:

Hacking: The Art of Exploitation (Link)

Grey Hat Hacking (Link)

Linux:

Hacking Exposed: Linux (I don't have a link to a specific book as there are many editions / revisions for this book. Please read the reviews for the edition you want to purchase)

Metasploit:

I recommend the online course "Metaspliot Unleashed" (Link) as opposed to buying the book (Link).

Nmap:

The man pages. The book (Link) is a great reference and looks great on the bookshelf. The reality is, using Nmap is like baking a cake. There are too many variables involved in running the perfect portscan, every environment is different and as such will require tweaking to run efficiently.

Malware Analysis:

Practical Malware Analysis (Link)

The book is old, but the methodology is rock solid.

Programming / Scripting:

Python: Automate the Boring Stuff (Link)

Hope that helps.

Don't get me wrong- BackTrack, Kali, Pentoo, etc. are all amazing tools but to recommend this to someone coming from a helpdesk role might be a bit much to grasp.
Learning how to work with the distros and the wide range of tools is great but you have to learn about the theories behind analyzing protecting the infrastructure and software.

OP, you might start with some books (these have helped me a lot in my career in security)-

CompTIA Security+ Study Guide (not a bad book and the cert is easy, provides the basics of IT security)

The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice (an easy read)

Gray Hat Hacking The Ethical Hackers Handbook (is an intro to the security world and a lot of info, more in-depth)

IT Security is an awesome field and like most IT is has many separate areas within it to learn.
Check out the links below for more info on training (there are others available these are just ones I've used and SANS has a lot of additional resoures)-

SANS Institute

InfoSec Institute

Tl;dr Python works, it's super popular and you'll be able to transfer most things you learn there to other languages.


Some examples you might run into:Caprica - ACL descriptive language (https://github.com/google/capirca)

You should understand caprica as a tool, and why you might want to use it (not deeply, just enough to see why you might use things like rule/subnet minimization etc.)

Rancid - Backup automation (uses *cringe* Expect http://www.shrubbery.net/rancid/) look at oxidize instead but rancid was the standard for years (over a decade?)Nmap - Lua scripting (you may need to write custom scanners https://nmap.org/book/man-nse.html)

Network Security Monitoring - This is more a discipline you'll probably need to understand, and even while it's a little dated I would suggest the no starch press book on the practice. Understanding where you should use a simple beam splitter or an active tap etc is important too, but you've probably had plenty of experience there. I wouldn't focus on too many different tools but you can certainly test things like Bro/Surricata out on your personal network with pretty minimal modifications to understand the concept.--

Scripting will help you do really basic things like be able to take a single SNMP walk command for a single OID and run it against a csv/txt file list of assets. It helps give you the fundamentals to fix/change the tools you'll have to use as a network security engineer.

Understanding Certs is super important, so knowing some basic things: how to extract a certificate/private key in any format you need it. How to verify a certificate is valid with a copy of the Certificate Authority, how to verify a certificate is still valid. What's the minimum required process to renew a certificate etc.

Also, you'll probably have to deal with break/inspect (*transparent* tls proxies) so learning and understanding how certificate (x.509) based systems work even lends itself there. Unfortunately scripting tools for that kinda thing suck/are missing pieces so basically I would say learn how to use openssl really well/make yourself some good bookmarks for references.

• Buy (and read) Radia Perlman's book
  
• Learn to program. You shoudl have at least enough of a language to automate basic tasks. Doesn't really matter what language - I'd choose python, but it really doesn't matter
  
• Learn some linux. Most of the applications that exist around networking run on linux. So you should be able to compile your own apps, add cronjobs, add things to init. You don't need to be a super linux guy - just have enough to know your way around. This'll help quite a lot in university, as well.
  
• Get a job. I got my first job in networks because I'd call centre experience previously. Experience in a job with computers is valuable. Experience in a job talking to people on a phone is valuable. Try and spend your summers doing one, the other, or both.
  
• Join the college computer society. If possible, go to a college with a good computer/networking society. Something like University Edinburgh's TARDIS. The contacts you make there are pretty invaluable, and the skills you'll pick up don't hurt either .

Ok - Here's a list of books I've read in the last few years

• Gray Hat Hacking - The Ethical Hacker's Handbook - Really good intro to Software Sec / Reverse Enginering / Disclosure
  
• Counter Hack Reloaded - A 'bible' of phased attacks - classic book.
  
• Guide to Network Defense and Countermeasures - Technically designed as a 'prep' book for the SCNP, it's still a great read about IPS, IDS, NetSec Policies, Proxies, firewalls, packet filtering, etc
  
• Hacking Wireless Exposed - Great intro read on 802.11 sec.
  
• CWNA/CWSP Exam Guide - Assumes 0 knowledge about RF. More intense than Hacking Wireless Exposed, but also easier to learn from. I went into this book knowing very little about RF, left it feeling confident. Well written.
  
• Snort 2.1 - Self explanatory, but a book about the IDS system Snort. Not perfect, but again, great starter book.
  
• The Web Application Hacker's Handbook - The best for last. The holy grail of web hacking. Second edition SHOULD be coming very soon, depending on the drop date may be worth it to wait.
  
  As you can tell, I'm big on the technical books, and even exam prep books. This is just a selection, but I think it's a good starter pack to some different fields.
  

I'd suggest you should pursue software development as a career path. Once you're working full time as a developer it will be much easier for you to move into a .NET role if you choose.

The career market can be hit or miss. There are plenty of jobs using those technologies but they're less ubiquitous than say Node or Java.

In terms of keeping up your skill, Pluralsight has some amazing content. And I'd recommend these books:

Design Patterns in C# - probably the first book I'd read.

CLR via C# - In-depth, targeted at professional developers, and absolutely crucial for anyone doing it professionally.

Agile Principles, Patterns, and Practices in C# - Will help get ready to work on a professional software development team with a slant towards Cc#.

Pragmatic Unit Testing in C# with NUnit - Also important for working as a professional C# developer.

More Effective C# - Is more of a specialist read. Might be helpful after you've worked for a year or two.

Framework Design Guidelines: Conventions, Idioms, and Patterns for Reusable .NET Libraries - Is better suited for a technical lead or architect. But could be useful to keep in your back pocket.

Hi James!

One of the best books for a novice web developer/designer (and not just novice, for anyone who wants to get up to speed with the newest editions of HTML and CSS) in my opinion is the "Learning Web Design" by Jennifer Robbins. The 5th edition was published in May last year, so it's pretty recent. You won't be learning any outdated stuff from this book.

The book is quite big, with around 800 pages, but the author is really great. She explains everything you need to know and she explains it really good. Throughout the book you'll be building an example web site by doing a lot of exercises.

The book starts with an explanation of how Internet works in general. It doesn't go too deep into this topic, just enough for a beginner. You'll then learn HTML, and after that CSS. There are two chapters on JavaScript, but it covers only bare essentials. You'll need another book(s) for JavaScript, though. The one I would recommend is Head First JavaScript Programming, which somebody already recommended it, too.

The Head First HTML and CSS and HTML and CSS: Design and Build Websites (also already recommended by other users here) are also great, but they are a little bit old now, as they are from 2011. Not that you won't learn anything from them. You could read these two, and then the book by Jennifer Robbins, so you get better familiarity with HTML 5 and CSS 3.

I've read a lot of these but I'm glad to see not all of them :) Adding to my reading list for sure.

Thanks!

EDIT: forgive me if these are already listed but just in case...

Bug Hunter's Diary - http://www.amazon.com/Bug-Hunters-Diary-Software-Security/dp/1593273851
Gives real hands on real-life experience in a "diary" format and covers some great bugs

Gray Hat Hacking - http://www.amazon.com/Hacking-Ethical-Hackers-Handbook-Edition/dp/0071742557
Despite a bad generic "ethical" title this book goes really in-depth on a lot of subjects (almost to the point of rambling actually) including fuzzing, client-side exploits (mostly browser-based), and much more.

Hacking Windows Exposed - http://www.amazon.com/Hacking-Exposed-Windows-Microsoft-Solutions/dp/007149426X
Another generic title but this book has small good parts scattered throughout, really written more for pentesters it has some very common red team methods but also has a few hidden gems hidden within the various subjects it tries to cover.

Also for anyone looking to get TAOSSA (The Art of Software Security Assessment) it's absolutely huge and WILL split down the middle while reading...it's sitting on my bookshelf right now in its ripped state but I've read it 4 times and still don't feel like all the material has sunken in, if you're going to buy any book at all it should be that one as it will provide countless hours/days/weeks/months of reading.

#1) Your business in real life is your business, no one elses, PERIOD. Notice I used BOLD because I mean it! You can absolutely only trust yourself with whatever you're studying, places like this are the best outlet to discuss. There are plenty of resources available detailing the accounts of people with similar interests being involved in situations they would prefer not to be in, simply because another person had knowledge of their interests.

#2) To add to #1, separating online identities is a great idea regardless of what you are doing. You can research this, but I have occasionally searched for users posting actives and have linked them IRL to identities which are pretty likely to be the actual person posting.

#3) Consider what you're searching for, what accounts you are signed into & what digital footprint is built around your interests with those accounts. Have you looked into things you'd rather not have been associated with your main gmail for example? Look into virtual machines, VPNs & depending on how paranoid you are, distributions of Linux which are privacy oriented (TAILS, WHONIX etc..) that you can find plenty of resources for online.

#4) Like /u/DJWonderful said - common sense is most important. This translates from online to offline, but really is often overlooked.

I'd be happy to detail any other considerations or answer any questions, but everything I know was learned through combing curious search results.

For some interesting reading material, might I suggest: https://www.amazon.com/Art-Intrusion-Exploits-Intruders-Deceivers/dp/0471782661

​

I realize this is an old post, but I figured I would add my two cents in:

If you have no Linux Knowledge, I would recommend these two books:
http://www.amazon.com/Introduction-Unix-Linux-John-Muster/dp/0072226951

http://www.amazon.com/Introduction-Linux-Manual-Student-Edition/dp/0072226943/ref=pd_bxgy_b_text_y

I would also recommend getting a book on windows server:
http://www.amazon.com/Mastering-Microsoft-Windows-Server-2008/dp/0470532866

After going over those you should have a fundamental understanding of Unix/Linux

Then I would recommend this if you need to brush up on your basic networking knowlege:

http://www.amazon.com/CompTIA-Network-Deluxe-Recommended-Courseware/dp/111813754X/ref=sr_1_1?s=books&ie=UTF8&qid=1369292584&sr=1-1&keywords=network+%2B+delux+guide

Some security theory wouldn't hurt: I'd recommend these in no particular order:

http://www.amazon.com/The-Basics-Information-Security-Understanding/dp/1597496537/ref=pd_rhf_se_s_cp_7_FHWA

http://www.amazon.com/gp/product/1597496154/ref=s9_simh_se_p14_d0_i6?pf_rd_m=ATVPDKIKX0DER&pf_rd_s=auto-no-results-center-1&pf_rd_r=6289C56ED33B4C108B60&pf_rd_t=301&pf_rd_p=1263465782&pf_rd_i=itia2300

And now we actually start getting into penetration testing:

http://www.amazon.com/Metasploit-The-Penetration-Testers-Guide/dp/159327288X/ref=pd_rhf_se_s_cp_3_FHWA

http://www.amazon.com/The-Basics-Digital-Forensics-Getting/dp/1597496618/ref=pd_rhf_se_s_cp_6_FHWA

http://www.amazon.com/Advanced-Penetration-Testing-Highly-Secured-Environments/dp/1849517746/ref=pd_rhf_se_s_cp_8_FHWA

http://www.amazon.com/Nmap-Network-Scanning-Official-Discovery/dp/0979958717/ref=pd_rhf_se_s_cp_10_FHWA



Full disclosure: I have used all these books in my studies. I am not affiliated in any way with these authors, this also isn't something you can just "master" in 24 hours; you may however learn a few cool tricks early. My advice would be to keep at it, not only read these books, but setup Virtual environments to test these concepts in.

Those books I listed should give you a fundamental understanding of: Linux, Windows server, Networking, Information security theory, computer forensics, and basic penetration testing.

I would also recommend you take up a scripting language, Python is pretty simple to learn if you haven't already, and insanely powerful in the right hands.

Oh, one thing I forgot. NEVER EVER EVER run Kali linux as your primary distribution, setup a duel-boot and use something like Debian as your "casual" computer, and then souly use Kali or backtrack as your "Network security distro"

Ninja edited by myself

If you ask me, Andrew Tanenbaum books are AWESOME. Not cheap but this guy takes a good bottom to top approach, if you really want to understand networking down to the TCP/IP stack get this.

Computer Networks If I can offer you a shred of advice, understanding what is happening under the hood and the 'big picture' of network design becomes an easy concept.

On the flipside - here is a good Top Down approach to networking Computer Networking Top-Down

Best of luck with your studies!

A lot of what has been suggested is great for learning linux. Realize that "out there" very little is served out of a single box (and if it is you're doin it wrong). Production infrastructure likely looks and acts very very differently from your home linux workstation. Just because you know how to type sudo apt-get install apache2 does not mean you are ready for a full ops position... BUT - if you put in the wrench time and pay your dues, you will get there.

Here are some areas that would be good to build your knoweldgebase up in...

• First and foremost - you must build the ability to learn how to figure things out and build an intuition of what to inspect should something not be working. This comes from having a working knowledge of many different systems in a large heterogeneous environment. This will come with experience.
  
• Learn some of the rapid deployment frameworks - cobbler, puppet, cfengine, etc... No one sits around configuring each and every production machine from scratch.
  
• Now that you are familiar with (presumably) the installation and configuration of apache, start thinking about setting up caching/proxy infrastructure. Get a sense for what to use for load balancing v.s. caching v.s. increasing availability (and some combination of the three). Become familiar with things such as nginx, mod_proxy, haproxy, squid, varnish, mongrel, etc...
  
• You MUST know how dns works. Crickets bind and dns should be considered required reading. Any lack of understanding of how dns works is simply unacceptable for a proper sysadmin.
  
• this book is required reading, period.
  
• You must become familiar with centralized authentication mechanisms. Most systems utilize something called PAM. Learn how to configure PAM to reference slapd, AD, etc... Kerberos is our current preferred central authentication mechanism, you need to know how to bounce kerberos tickets around. Get slapd (OpenLDAP) up on its legs.
  
• When running a linux kernel, learn how to configure netfilter. Under linux, Netfilter is the thing responsible for routing, nat, and packet filtering. Understand that other kernels do not use netfilter (or commonly use something else). Become familiar with the common kernels firewall, routing, and forwarding system(s). Don't make the mistake of saying "the iptables firewall..." in the interview room! Iptables is not a firewall.
  
• Know your basic networking. Internet core protocols should be added to your list of required reading. Understand the differences between a hub, bridge, switch, and router. Learn how to "subnet", which means knowing your binary math! I cannot tell you how many times I have seen a messed up network because someone didn't know how to figure out /27 and keyed in the wrong values from a "subnet calculator". Along with networking do a bunch of reading/research on vlans, trunking and stp. Most people cannot tell you what a L2/3 managed switch is or how it differs from a "dumb" switch or router. Don't be one of those people! Learn how to configure routing protocols such as BGP, RIP and OSPF (also, learn basic computational graph theory). You may not end up doing a whole lot of networking, but it's really good stuff to know.
  
• Virtualization is important. You need to know the different forms of virtualization (desktop v.s. os-level v.s. para v.s. hyper virtualization). If you are keen to linux, you need to know how xen and kvm work (this is typically what commercial vps's typically use). Also look at vmware and virtualbox for desktop virt. For os-level virtualization, you need to know how to use LxC and jails.
  
• Learn how LVM works! Spend some time familiarizing yourself with LVM2 (linux), vinum (BSD), and ZFS's container framework (Solaris/BSD). Know how and when to use raid. Make sure you understand the implications of the different raid configurations.
  
• Learn common backup methodology. Raid is not backup, don't make this mistake.
  
• Get used to doing everything on the command line, and always think "what if I had to do this on 20,000 servers?".
  
  So off the top of my head there's a bunch of things you could study. I think that's quite a bit to get your head around, and a deep understanding of some of these topics will only come from working experience. There may be a LOT of work to do in some of those areas. Getting a fully functional xen (or kvm) based system up and on it's legs is not an easy task for the uninitiated. It is my opinion (and everyone else is free to disagree with me) that all good sysadmins/ops/engineers need to "grow up" in some area of lower level technical position. That can be a jr. admin position, the helldesk, or whatever else... This will give you the "systems" working experience that will let you branch into a full fledged admin/op position. Getting some certs under your belt can help you get in the door, but by all means isn't required. Cert's cost money and (the ones worth getting) take time. Personally, I tend to stray away from places that make a big deal out of certs... but that's just me.
  
  tl;dr: Learn how to learn. Pick something you don't know how to do and leverage a linux system to accomplish that goal - rinse and repeat.
  

I learnt a lot from Tanenbaum's Computer Networks, though it's not exactly light reading.

If you're going to be/are a Cisco shop*, then a CCENT/CCNA would be really useful (and it also gets you a discount on equipment, but it never beats eBay) - though it's not a bad certification even if you're not a Cisco shop. If you do take that track, I'd recommend CBTNuggets/Jeremy Cioara's videos, though they're not cheap (and I can't think of any way to see videos without paying for them ;) ). By that same token, ASP/APP if you're going to be an HP shop*, JNCIE/JNCIP if Juniper*, BCNE if Foundry/Brocade*, or if you're going to be a Linux/BSD shop*, start tinkering (which is probably the best way to learn anyway).

I've never done or met anyone who's done Network+, though my experience is that CompTIA's certifications aren't held in high esteem.

* Once you start needing managed/enterprise gear, it's generally a good idea to try and keep all their gear from one supplier where possible, because some features don't work between competing products, it makes it easier for the employer to find employees, and it generally makes life easier. For unmanaged/consumer gear, you can mix and match all you want, though most sys/net-admins tend to develop biases for one vendor or another.

Aside from SANS FOR508 (the course on which the cert is based) the following helped me:

Windows Registry Forensics

Windows Forensic Analysis Toolkit 2nd ed

Windows Forensic Analysis Toolkit 4th ed

The 2nd edition covers XP, the 4th covers 7/8

Digital Forensics with Open Source Tools

File System Forensic Analysis

This is a new book, but I imagine it'll help as well:

The Art of Memory Forensics

I read many of these in preparation for taking mine, but your best resource are the SANS class/books which is what the cert tests after. Having a good index is key.

There may be other classes out there that might help, but I have no firsthand experience with them, so I can't say what I recommend. All the above books, however, are amazing. Very much worth your time and money.

If you're a novice, as most people start out as, then I would recommend the following:

The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy

Hacking For Dummies

Grey Hat Hacking

Hacking Exposed - 5th Edition - May be outdated

Network Security Bible

So now people here may disagree on the books I've suggested, and that's fine, but it definitely depends on what you're trying to learn and/or accomplish. Google is a great place to start as well without spending a fortune on books.

Some great websites:

SANS
Dark Reading

I'm sure you can find plenty more.

And always ask questions, even if you think its a stupid question. Being on Reddit and having the luxury of anonymity, you can ask away without worrying about getting personally ridiculed.

As far as hackerspaces and defcon, they were just a suggestion. If you ever are able to get to a hackerspace though, I highly recommend it.

Really happy to see interest in D. I think it's an excellent programming language to start with, and there's a few more resources than you might think.

Great introduction to programming in general
http://ddili.org/ders/d.en/index.html

A more advanced overview of D
http://www.amazon.com/D-Programming-Language-Andrei-Alexandrescu/dp/0321635361

Make sure to check out Rosetta Code for tons examples:
http://rosettacode.org/wiki/Category:D

Web programming is a good way to start out
http://vibed.org/

For an example web project, used in production:
https://github.com/rejectedsoftware/vibenews

Most of these links can of course be found at:
http://wiki.dlang.org/Books

Make sure you check out the new API documentation:
http://dlang.org/library/index.html

And don't miss out on all of the great projects in D:
http://wiki.dlang.org/Open_Source_Projects
http://code.dlang.org/

If you have any questions, you can always post on the forums, but I've found that an even better way to get feedback is through the #D channel on irc.freenode.net.

Feel free to message me directly with questions too! I'm relatively new to the language myself, but I have a solid background in other languages and I'm transitioning to D as my go-to language.

As others have mentioned, writing code is the best way to get exposure. But if you're a book guy like me then there are a lot of option out there that'll accelerate the process. You'd be insane to read all the following--these are just starting points that can accommodate different interests/tastes.

Having said that, I'll start with the one book that I think every C# developer should own:

Framework Design Guidelines: Conventions, Idioms, and Patterns for Reusable .NET Libraries

... it's a good read, and it includes a lot of direct input from the designers of the C# and the .NET Framework. Microsoft has been really good about sticking to those guidelines, so you'll immediately get a leg up on the Framework libraries if you work through this book. (Also, you'll win a lot of arguments with your coworkers about how APIs should be designed.)

General knowledge books (tons to pick from, but here are some winners):

• Cookbook-style factoids: C# 6.0 Cookbook, 4th Edition
  
• But since you're coming from a lower level language, you might appreciate more details: C# in Depth by Jon Skeet (the Chuck Norris of C#)
  
• Scott Meyers-style content with good discussions of idiomatic C#: Effective C#: 50 Specific Ways to Improve Your C#
  
• CLR via C# goes deep into the guts of the language.
  
  Deep dives into specific features that'll serve you well:
  
  
• Concurrency in C# Cookbook is a good starting point to get productive with the TPL quickly, but I actually learned a lot more from the more prosaic Pro Asynchronous Programming with .NET.
  
• C# generics aren't as powerful as C++ templates, but Metaprogramming in .NET may provide some decent (though clumsy) workarounds.
  
  Note: I've never found a good LINQ book that supported how I actually use the feature. Coming from C++, you can probably just start off by thinking of the extension methods on Enumerable as a C# version of std <algorithm>... a good way to avoid writing raw loops. But if you're a performance-obsessed game dev then you'll probably want to use LINQ sparingly--it does have some overhead.
  

For me the best why to learn is by doing.I started with a little app idea I wanted to build and jumped into sites like codecademy.com to learn JavaScript and html sintax.

I mixed the courses with step to step progress for my idea.

Once you have your first app and learn the sintax you can switch to topics like ObjectOrientedProgramming. Buy a pair of books and start another more complicated project. Try this book https://www.amazon.es/gp/aw/d/144934013X/ref=mp_s_a_1_1?__mk_es_ES=ÅMÅZÕÑ&qid=1527450273&sr=8-1&pi=AC_SX236_SY340_FMwebp_QL65&keywords=head+first+javascript&dpPl=1&dpID=51qQTSKL2nL&ref=plSrch

Once you complete two projects you will be prepare to learn cross skills like version control(git), building process (webpack), console commands and IDE (webstorm).

That was my path before my first fulltime job. Working with other developers, work following two-eyes techniques and read tons of code from others will be a huge step un the process.

In only two years I became a senior software developer in one of the cooler companies I met.

Hope you have the same luck as I did.
Any help you need just tell me!

I think you are just looking in the wrong place. While dsource has many stagnant projects, which has always been the case, there has been a lot of involvement in the development of D2. A greater number of patches to DMD are being submitted (now that the source is available). Phobos has become a very impressive standard library.

And of course there is still lots of complaining about what needs to get done, but those complaining don't want to do it.

I do believe library writers are getting a little shafted with the need to maintain a D v1 and v2 without much help from the version(D_Version2) identifier. Many believe, and rightly so, that D1 will fade out pretty quickly and the community will be much more united with version 2. [D1 will still have its users, and Walter will be supporting it while people are still using it]

Of course a great place to see how fast D is progressing is to check out the change log v1 and v2. You can also check out future directions and improvement proposals.

It is also getting lots of interest on StackOverflow; with questions such as Does the D programming language have a feature?

And I didn't even mention that Andrei Alexandrescu is writing a book, The D Programming Language

stormehh has some good points.

I agree, and would argue that you are better off learning the fundamentals at this stage in your life. I understand your urge to get out there and explore different tools and techniques as fast as possible (trust me, I've been there myself), but take my word for it when I say that you will get more out of it when you understand the underlying concepts/technologies/protocols.

This might sound old fashioned, but read these books. It's a lot of material, but well worth the effort. You can get all three of them used for about $75:

"Computer Security: Art and Science" - Matt Bishop

"The TCP/IP Guide: A Comprehensive, Illustrated Internet Protocols Reference" - Charles M. Kozierok

"Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses (2nd Edition)" - Edward Skoudis & Tom Liston

Good luck to you, and follow the light side of the force.

10000 limit again. Reserving this comment for the Programming section:

PROGRAMMING
Gray Hat Python: Python Programming for Hackers and Reverse Engineers
Beginning Python
The Python Standard Library by Example (Developer's Library)
Shell Scripting
Shell Scripting Recipes: A Problem-Solution Approach
Linux Command Line and Shell Scripting Bible, Second Edition
Wicked Cool Shell Scripts
sed & awk (2nd Edition)
The Ruby Programming Language
Beginning Ruby: From Novice to Professional
Ruby on Rails 3 Tutorial: Learn Rails by Example
Agile Web Development with Rails
Automating Microsoft Windows Server 2008 R2 with Windows PowerShell 2.0
Pragmatic Guide to Subversion
Programming Perl
C++ Primer Plus
The AWK Programming Language thanks sjhill
Modern Perl thanks three18ti
High-Order Perl thanks three18ti
The Art of Scalability thanks mr_chip
Scalability Rules thanks mr_chip
Continuous Delivery thanks mr_chip
The Varnish Book thanks mr_chip

Security onion is amazing, I use it myself as a VM in a home esxi server with a cheap 5 port smart switch.

A few quick notes:

• The Practice of Network Security Monitoring by Richard Bejtlich is a great resource for this sort of thing.
  
  
• You will need something with more power than a rasberryPi for this, unless you make the pi just a sensor and you have a server running the snort analytics.
  
  
• Keep in mind that if you have this behind your router, and your router is also your WiFi access point, you will not pick up any WiFi traffic. If you put it in front of your router, you will get all traffic, but it will all show the same IP (your public IP).
  
  My suggestion is to get a cheap switch with port mirror capabilities, like the Mikrotik Routerboard 260gs. Get a wireless AP (or an old router which has AP only mode), and plug this into your switch. Plug your actual router (the one doing the NAT) into the switch, and mirror these to a port that is connected to the security onion box.
  
  That way will get you both ethernet and WiFi traffic. If you have any questions about running security onion in a home setting, feel free to send me a PM.

best advice i can give is to start reading anything and everything you can get your hands on related to programming, operating systems, networking, security, etc......



a few books i'm reading/have read/on my list to read and all are excellent starting points:

BackTrack 4: Assuring Security by Penetration Testing (this book was just released and still relevant when using BackTrack5)

Metasploit: The Penetration Tester's Guide

Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques

Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning

Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition



plenty of links to keep you busy for awhile:
Open Penetration Testing Bookmarks Collection

If you want to experience both worlds do Windows Server with Hyper V with Linux VMs ! Its easier to get started and great for learning ! Thats how I did it! I myself am still waiting for a "
good time" to redo my whole master server with ESXI like i mange at work.

And for great books on Linux I have one of the following that helps me everyday !

https://www.amazon.com/Linux-Bible-Christopher-Negus/dp/1118999878/ref=sr_1_1?ie=UTF8&qid=1496890019&sr=8-1&keywords=linux+bible

> As for D, it does not even exist in real world.

It does. It just needs some good tools support.

For reference Python first appeared in 1991, but didn't really gain wide acceptance until well after 2000. Ruby first appeared in 1995, but didn't gain wide acceptance until RoR was open sourced in 2004.

D was first designed in 1999. It's starting to gain more and more acceptance -- Andrei Alexandrescu is writing a book on it. This is about the time languages really start gaining traction. We'll see what happens in the next few years.

I'd be interested if there is something like what you're looking for out there. I don't think there is.

One of the things I've discovered over the years is how much of these "golden nuggets of networking history" are sprinkled about in various non-certification networking textbooks. They're generally not in certification-oriented books because there isn't enough room, but they are quite often found in textbooks that cover particular networking topics.

For example, one of my favorites is contained in Developing IP Multicast Networks. Beau Williamson writes:

> There’s an interesting story as to why only 23 bits worth of MAC address space was allocated for IP multicast. Back in the early 1990s, Steve Deering was bringing some of his research work on IP multicasting to fruition, and he wanted the IEEE to assign 16 consecutive Organizational Unique Identifiers (OUIs) for use as IP multicast MAC addresses. Because one OUI contains 24 bits worth of address space, 16 consecutive OUI’s would supply a full 28 bits worth of MAC address space and would permit a one-to-one mapping of Layer 3 IP multicast addresses to MAC addresses. Unfortunately, the going price for an OUI at the time was $1000 and Steve’s manager, the late Jon Postel, was unable to justify the $16,000 necessary to purchase the full 28 bits worth of MAC addresses. Instead, Jon was willing to spend $1000 to purchase one OUI out of his budget and give half of the addresses (23 bits worth) to Steve for use in his IP multicast research.

And that's why we have a 32:1 overlap of multicast IP addresses to multicast MAC addresses today :-)

There are tons of these kinds of things sprinkled about in Radia Perlman's Interconnections book as well.

I highly suggest this book: https://www.amazon.com/System-Forensic-Analysis-Brian-Carrier/dp/0321268172

While it's been out a bit, as far as I know, it still stands as the definitive source for NTFS file systems.

I went to X-Ways training last year in New York. Take good notes. I mean really good notes. X-Ways is very different than Encase or FTK. You need to understand how file systems work. It is NOT a push button tool. However, you will get way more information for your cases by using X-Ways; it's a great tool.

Are you doing regular forensic case work? If not, consider purchasing Brett Shaver's course: http://courses.dfironlinetraining.com/x-ways-forensics-practitioners-guide-online-and-on-demand-course and book: https://www.amazon.com/X-Ways-Forensics-Practitioners-Guide-Shavers/dp/0124116051/ref=sr_1_1?s=books&ie=UTF8&qid=1492443886&sr=1-1&keywords=xways+forensics+practitioner. They will be invaluable resources while you learn.

Good luck and have fun!

I'm sort of in the same boat as you, except with an aero and physics background rather than EE. My approach has been pretty similar to yours--I found the textbooks used by my alma mater, compared to texts recommended by MIT OCW and some other universities, looked at a few lists of recommended texts, and looked through similar questions on Reddit. I found most areas have multiple good texts, and also spent some time deciding which ones looked more applicable to me. That said, I'm admittedly someone who rather enjoys and learns well from textbooks compared to lectures, and that's not the case for everyone.

Here's what I gathered. If any more knowledgeable CS guys have suggestions/corrections, please let me know.

• Intro-ish: Structure and Interpretation of Computer Programs by Abelson & Sussman
  
• Math: Mathematics for Computer Science by Lehman et al.
  
• Computer Architecture: Computer Systems A Programmer's Perspective by Bryant & O'Hallaron
  
• Algorithms: Introduction to Algorithms by Cormen et al.
  
• Programming Languages: Programming Language Pragmatics by Scott
  
• Computational Theory: Introduction to the Theory of Computation by Sipser
  
• Operating Systems: Modern Operating Systems by Tanenbaum & Bos
  
• Networks: Computer Networks by Tanenbaum
  
• Compilers: Compilers by Aho et al.
  
• Security: Security Engineering by Anderson
  
• Type Theory: Types and Programming Languages by Pierce
  
• AI: Artificial Intelligence: A Modern Approach by Russell & Norvig
  
  Full disclosure: I haven't actually read more than the preface of any of those books. Software engineering topics are more directly applicable to me than CS topics right now, so here are some that I've actually started reading:
  
  
• The Pragmatic Programmer by Hunt & Thomas
  
• Clean Code by Martin
  
• Code Complete by McConnell
  
• Design Patterns by Gamma et al.

There are a ton of different things you can do on the defensive side. The path here is a bit less defined because you can specialize in each of these areas with out ever really touching the other ones. But I think these are the most important skills as a defender, so I’ll break it up into three smaller chunks. For the most part, defender/Blue-team concepts draw from these skills, I’ve setup the courses in order, as some of these skills may feed into other areas.


IR:

• Computer Forensics and IR - This is the hole grail of IR. Written by the best in the business, a great start to the world of IR and Forensics
  
  
• Network Analysis. SOC-based 1-day course (Includes slides and labs)
  
  
• Hacking Techniques and Intrusion Detection - 5-6 day course
  
  
• PCAP analysis and Network Hunting - 2 day course
  
  
• Blue Team Field Manual
  
  
  Forensics:
  
  
• Network Forensics - 2 day course
  
  
• File System Forensics
  
  
• Windows 8 Forensics
  
  
• Registry Forensics
  
  
• Memory Forensics
  
  
• 13 Cubed Youtube Series
  
  
• Advanced Network Forensics - SANS ( meaning If you can get someone else to pay for it, SANS courses are expensive)
  
  
• Overall Cheatsheet/Forensics knowledge dump
  
  
• Now, you’re ready for the CHFI Certification
  
  Reverse Engineering (Dynamic and Static):
  
  
• Practical Malware Analysis
  
  
• Malware Unicorn (Awesome RE, has an awesome blog and some good intro training)
  
  
• Malware Analyst’s cookbook
  
  
• IDA Pro Book
  
  
• Intro to Reverse Engineering - 2 day course
  
  
• Malware Dynamic Analysis - 3 day course
  
  
• SANS*** GREM Certification
  
  I know there’s not a lot of certs here, and unfortunately, that’s how it is across the blue team. Certs here are usually very vendor-specific, and not applicable to defense as a whole. Those certifications exist, but I’m not listing them here.
  
  If people are interested, I can also do a similar write-up on Mobile Forensics and Cloud Forensics (which is my direct background).
  
  Lastly, here are some of my favorite news sources across the InfoSec community -
  
  News Sources
  
  
• Ars Technica
  
  
• InfoSecurity Magazine
  
  
• Security Weekly
  
  
• Iron Geek
  
  
• Krebs on Security
  
  
• reddit.com/r/netsec
  
  
• reddit.com/r/netsecstudents
  
  
• reddit.com/r/asknetsec
  
  
• reddit.com/r/computerforensics

Go get Scott Lowe's book. Read it at least twice. If you have the money, like mech said the VCA is a good start. At the very least Im pretty sure you can take their online "class" to learn the VCA material for free. Keep your eye out as well for free vouchers to take the VCA with as they do pop up from time to time!

Edit: http://www.amazon.com/Mastering-VMware-vSphere-Scott-Lowe/dp/0470890800

the tao of network security monitoring explains a framework for stitching together different pieces of network security data into a process for investigation (the follow-up is also good).

yes, the thing you want is called 'full packet', and yes, it usually involves just sniffing, saving, and indexing all traffic at your network ingress/egress. there's some good open source frameworks like moloch for doing that, or if you've got money kicking around, something like solera or netwitness will do the trick nicely.

Man, look at this guy over here who thinks he knows something about metasploit! ;-)

Yeah, Metasploit Unleashed is a great place to start, and if you want more this book is basically Metasploit Unleashed 2: The Unleashening - Now With More Narrative.

If you still want more, you're probably better off with something like Pentesting With Kali that puts metasploit in its context and forces more hands on use or you should be prepared to follow the blogs for new features and read the source.. It's not that bad in there, really. ;-)

Some thoughts:

I've had people recommend the following books:

• Malware Analyst's Cookbook
  
  
• The Art of Memory Forensics
  
  
• For the next 23 hours or so, there's a Humble Bundle about hacking that might have some pertinent stuff (you already have PMA, but there's some other things that could be useful, and it's an amazing price)
  
  Other resources:
  
  
• Lenny Zeltser's site
  
  
• Dennis Yurichev's huge book on RE, available in a "lite" version as well as Russian
  
  
• He also has a challenge page if you want to try RE yourself

The first thing to remember is that the OSI model doesn't completely fit many of the network protocols which are widely in use today. Some of our protocols fit nicely in the OSI slots, and others straddle multiple slots. This is a fact of history: many of the network protocols we use today were invented (in some form) before OSI and the OSI model. OSI was, to some extent, a competing set of networking protocols and ideas. That doesn't mean that the OSI model doesn't have great value in allowing people to think clearly about networks.

Ok, what is the OSI model? It is a multi layered model that breaks the delivery of networked applications up into layers, names Physical, Data Link, Network, Transport, Session, Presentation, and Application. The general idea is that each layer of the stack presents a clean interface (sometimes called a contract) to the one above it, such that the lower layers could be swapped out without changing th operation of the upper layers. Some of these layers are more interesting than others, so I'll focus on those.

• First, Physical. The physical layer refers to the actual transmission of bits over a wire, the design of the wire, the design of the transceivers that drive the wires, and the way that the digital signal is encoded into an analog signal (because digital signals don't really exist - they are just an abstraction).
  
  
• Next, Data Link. This has got to do with how (typically fixed size) groups of bits - called frames - are moved around the network. How do they find where they are going (physical addressing)? How do we stop multiple users of the network from breaking each other (access control)?
  
  
• Network. This provides a logical abstraction of the data link layer. Addresses become logical (more like a phone number than a physical address) and the problem of how to move packets (groups of frames) across a complex network is addressed.
  
  
• Transport. The layers below allow packets to arrive out of order, get lost, get corrupted, and so on. Transport provides abstractions on top of the network that hide some of these warts. TCP is one such example: if packets are delivered at all, they are delivered in-order, completely and correctly. This layer might also provide some other level of logical addressing, like TCP and UDP port numbers.
  
  
• Session. The session layer is interested in faking a 'connection'. In a packet-based network, there is no actual physical connection. The session layer (some parts of TCP for example) creates a logical connection.
  
  
• Presentation. As we get higher up the stack people disagree more and more about what each layer means in modern networks. Presentation is the biggest one. You can read wikipedia's take, but you'll get a different one from every book. Encryption (like SSL) is nearly always lumped into this layer.
  
  
• Application. Finally, the meat of the matter. What are we using the network for? HTTP is the most famous application layer protocol (look at your address bar for http://), but is only one of a menagerie of protocols.
  
  
• (Bonus Layer) Politics. The political layer is an ongoing joke among networking types, and it refers to how politics trumps everything else on the network.
  
  Highly recommended Computer networks by Andrew Tanenbaum. It's the best book for noobs by far.

A good start would be to study for any standard certifications in the field, since they cover the basic topics and hey, why not get certified while you are at it? Comptia's N+, Cisco's CCENT or CWNP's CWTS cover the fundamentals of networking.
On the other hand, you could just go through free online lectures like this one on youtube or this one offered by MIT. Of course, there's always the good old-fashioned way to learn- borrow any standard textbook like Tanenbaum.

No offense, but if you're that unfamiliar with basics like DNS records, please don't try to run your own mailserver.

I'm not picking on you, honest. It's not a task for the green or the faint of heart, and the best case scenario is you end up in blocklists from now until doomsday before too much damage gets done.

I really can't recommend the ORA animal books strongly enough (I just ordered 2 more while getting these links.) The Cricket has all you need to know about DNS, even if you're not using BIND and Safe, though a few years old, is still an excellent resource, just not, perhaps, an exhaustive one.

There are some good suggestions here, especially DonnyTheWalrus's reply.

However, regarding books I'd personally suggest the book "Head-First Javascript Programming"(make sure you get the latest the one that says "programming" in the title, as that is the more modern one.) or "A Smarter Way". In my opinion, these books are really good at taking a newbie into the intermediate level of Javascript by taking advantage of some of the best things we've learned about learning in general.

Definitely agree, it's hard to get these concepts to stick unless you've used them. I've struggled with JavaScript in the past but I'm currently reading Head First JavaScript from O'Reilly and I find it's suuuper helpful because it explains everything clearly with good examples and also has you code along with it to help you really grasp the concepts.

Incredibly oversimplified, but not entirely inaccurate. Good job. You might be interested in a book I posted above, it's called Tubes.

http://www.amazon.com/Tubes-Journey-Internet-Andrew-Blum/dp/0061994952

Edit: I'm impressed that you were able to come up with such a clear explanation of networking given your age. You might have the type of mind that would do well in the networking industry. Do yourself a favor and seek out more information on the intricacies of network design and implementation.

You need to take the time and learn and educate yourself. It is a constant process.

I'd say the very first step is to develop yourself such a mindset what cryptographers calls "professional paranoia". Always think from the security point of view when looking at systems and apps and designs and so on.

I recommend you to read Cryptography Engineering: Design Principles and Practical Applications. It is not PHP related (as you'd guess from the name), but covers also some things related to web app development. Most importantly, it helps you to grasp the idea of this "security mindset".

The already posted OWASP link gives you some good pointers about common securty problems, but make sure you understand the issues and solutions behind them (instead of just "only plain memorizing" them).

Also, you could get some pointers from this Wep Application Security Quiz.

Do you have the image file itself?
If yes, open it in a tool like Active @ disk-editor.(http://www.disk-editor.org/) This tool highlights disk information in colours and gives verbose information for you to easily understand what parts on the disk/image you're looking at. Great way to start off and learn things about filesystems. Also I highly recommend the File System Forensics book by Brian Carrier. (https://www.amazon.com/System-Forensic-Analysis-Brian-Carrier/dp/0321268172)

Learn the fundamentals before you touch any of the crap from a vendor.

Computer Networks by Andy Tanenbaum. Available from Amazon but you should buy a used copy on abebooks for < $10. A newer (e.g. 2002) edition is preferable.

Once you've read that feel free to pick up the trade-oriented certification guides that will teach you command line stuff.

Also, put Linux on an old computer or two. Don't spend more than $100, any old junk will do. Play around with the network tools.

Good luck!

For what it's worth, cryptography is famously hard to get right and I would strongly recommend that you use existing crypto software if you are actually trying to secure your computer.

That said, if you're interested in coding and want to learn more about encryption just for fun, you should check out the Matasano Crypto Challenges. They teach you about the fundamentals of cryptography by having you build a bunch of ciphers and then break them.

If you're looking into doing this more professionally, I've been told that Cryptography Engineering and Applied Cryptography are some good resources, though I haven't read them myself.

Brian Carriers book on File System Forensics is a must, http://www.amazon.com/System-Forensic-Analysis-Brian-Carrier/dp/0321268172

Next, any of Harlan Carvey's Books. These cover the basic (as well as advanced) Windows Artifacts such as the Registry, Event Logs and Timeline creations. He also has lots of open source tools that he demonstrates in the books:

http://www.amazon.com/Windows-Forensic-Analysis-Toolkit-Second/dp/1597494224/ref=sr_1_5?s=books&ie=UTF8&qid=1414266778&sr=1-5&keywords=harlan+Carvey

Check out the free SANS Webcasts in their archives. Lots of good videos on forensic and security related topics. They also have a free forensic tool called "SIFT" which is a VM loaded with free/open source forensic tools (LINUX based)

https://www.sans.org/webcasts/archive

Everyone seems to be pretty on point with their responses so I'll just throw some ideas out there that you can look into to maybe find a more exciting vector:

• Track down a botnet command and control infrastructure
  
• Reverse engineer programs with known 0 days to see if you can find said zero day
  
• Look into memory forensics (http://www.amazon.com/The-Art-Memory-Forensics-Detecting/dp/1118825098)
  
• Look into Red Teaming: There are positions out there that not only require you to "hack" an organization, but you have to be able to break into it physically as well
  
• Write some malware that gets past VirusTotal (https://www.virustotal.com/)
  
• If you are into puzzles check out the Defcon badge challenge
  
  Good luck!
  

VirtualLanger.com has a great study guide. I know the guy personally, he's awesome.

Mastering VMware vSphere 5.5 by Scott Lowe. Should literally be your bible if you're going for DCV.

I used the 5.0 version of Scotts book AFTER failing fairly badly by using The Official VCP5 Certification guide.

VMware study guides and practice exams Also helpful. Be critical of anything you read though, it'll help you learn the material better. Here's my favorite email response I received, ever.

Shpadoinkles,
Thanks for your interest in VMware certifications ans sorry for the delay in getting back to you. You are correct, that item would have been accurate for vSphere 4 but not 5. I will change the item to reference the CIM Server service on the host.

Thanks,
Josh

After reading Scotts book, I had in depth enough knowledge that I realized one of the VMware practice questions had an incorrect answer. I challenged it and got it updated.

Finally, hands on time. This is the most important. You'll get questions like, "In this menu, if you select this option, what is no longer available?" And it'll be a menu option that is so rarely used you'll shake your head in confusion. I went in cocky the first time as I studied that Official Cert Guide like crazy. Took it camping with me, read it before bed, read it at work. Nothing prepares for that test like being in the GUI or command line.

Get on the waiting list for the ICS class at stanly community college its like $250 for an official vmware course (training partner) you can buy the lab books, take the class and you get access to a bunch of free vmware software esxi, workstation, cloud offerings as well as discount voucher codes.

https://vmware.stanly.edu/

Then pick up mastering vsphere 5.5 by scott lowe, and read that and the documentation.

http://www.amazon.com/Mastering-VMware-vSphere-Scott-Lowe/dp/1118661141

https://pubs.vmware.com/vsphere-55/index.jsp
(There is a zip file of the all the documentation you can get and they are pdfs. at the bottom of the contents section)

Sign up at vmware learning and they have a free practice exam, as well as materials for the vca you can run through.

https://mylearn.vmware.com/mgrReg/login.cfm?ui=Full

You can build a lab if you dont have one a laptop using vmware workstation just max out the ram, I recommend building the lab from scratch a couple times to get use to it then from there you can use autolab for working on learning to use the software without having to manually rebuild.

http://www.labguides.com/

What you're asking for is kind of silly.... Here's a series that's all about real theoretical attacks though. You're not going to find information on how to steal money from a bank, but you can read books from hackers who have done a lot of interesting things, like a group of friends who won nearly a million dollars in Las Vegas by reverse-engineering slot machines in Kevin Mitnick's book.

The ever-excellent Khan Academy has produced a very nice and short series of videos explaining how cryptography works. Anyone who understands basic high school arithmetic can follow this. If you have ever been interested in the science of codes, ciphers, breaking them, etc. this is worth a look:

http://www.khanacademy.org/science/brit-cruise/cryptography

More in-depth treatments of cryptography can be found here:

https://www.coursera.org/course/crypto

and here:

http://www.youtube.com/playlist?list=PL71FE85723FD414D7&feature=plcp

And for the truly hard-core some of best books on crypto are:

http://www.amazon.com/Applied-Cryptography-Protocols-Algorithms-Edition/dp/0471117099/ref=sr_1_1?s=books&ie=UTF8&qid=1340524661&sr=1-1&keywords=applied+cryptography

and

http://www.amazon.com/Practical-Cryptography-Niels-Ferguson/dp/0471223573/ref=sr_1_1?s=books&ie=UTF8&qid=1340524712&sr=1-1&keywords=practical+cryptography

and

http://www.amazon.com/Cryptography-Engineering-Principles-Practical-Applications/dp/0470474246/ref=sr_1_2?s=books&ie=UTF8&qid=1340524751&sr=1-2&keywords=practical+cryptography

https://www.amazon.com/Framework-Design-Guidelines-Conventions-Libraries/dp/0321545613/ref=sr_1_1?ie=UTF8&qid=1479150755&sr=8-1&keywords=net+framework+design+guidelines

It is by far the best book on API design for any language. I highly recommend it no matter what you program in.

Plus it explains what the .NET developers were thinking when they created it, so you'll get a better understanding of how the APIs were laid out. This not only helps you find what you need faster, but also makes it easier to create new libraries that feel like the built-in ones.

Choice of programming language differs among researchers but Python seems to be pretty common. I suggest you get the books Violent Python and Grey Hat Python . The former is more beginner friendly for people new to security. As for getting started with InfoSec maybe try reading the Security+ books?

I don't know much about any other websites other than Coursera, so I don't know if there are any courses I'm missing on the other websites.

Security:

On Coursera, I highly recommend the
Cyber Security Specialization. It covers a varied approach to security from multiples perspective and a great start for anyone.

After that you will have to look around for the specific type of security you are interested in. You won't find a MOOC because it is probably too specialized.

If you want a more mathematically rigorous courseload in crypto, I would suggest doing both Crytography I and Lectures by Christof Paar

Networking:

Sadly I haven't come across a good networking course. My current suggestion is to read Computer Networking: A Top down approach. You should be able to find PDFs of 6th ed (don't tell anyone I said that) which is similar to the 7th ed except the last chapter.

After that, you should be comfortable enough, but if you want to dive in deeper, read CCNA and CCNP books for the specific part you want to get a good understanding of (I would suggest starting with CCNA R&S).

The TCP/IP Guide - It's a little dated these days and barely touches IPv6, but it's a good, quick look at a lot of the glue services that you will eventually need to understand and troubleshoot: DNS, SNMP, NTP, etc.

TCP/IP Illustrated, VOL 1 - Here's where we get into the nitty gritty. This shows you what is happening in those packets that cross the wire. Invaluable if you go onto doing Performance Engineering functions later on, but still good.

NMAP Network Scanning - NMAP is a godsend if you don't have remote login rights but you need to see what's happening on the far end of the connection.

Wireshark Network Analysis - Most useful tool in your toolbox, IF you can use it, for proving the negative to your customers. At some point you're going to be faced with an angry mob in Dockers and Polos who want to know "WHY MY THING NOT WORK?". This is the book that will let you point to their box and go "Well, as soon as the far side sends a SYN/ACK your box sends a FIN and kills the connection."

Learning the bash shell - You're a network engineer, you're going to be using Linux boxes as jump boxes for the rest of your life. Shell scripting will let you write up handy little tools to make your life easier. Boss wants to blackhole China at the edge? Write a quick script to pull all of the CN netblocks from the free FTP server APNIC owns, chop it up in sed and AWK, throw a little regex in for seasoning and you're done. And when he comes back in 30 days for an updated list? Boom, it's done even faster.

The vendor specific books are nice, but I can't tell you how many network engineers I've run across who couldn't tell me how DNS worked or how a three way handshake worked or couldn't write a simple script in Bash to bang out 300 port configs in 30 seconds. There are a shit ton of paper CCIEs out there, but those books up there will make you stand out.

Great response, for those looking Andrew Blum has an interesting book [Tubes](Tubes: A Journey to the Center of the Internet https://www.amazon.com/dp/0061994952/ref=cm_sw_r_cp_api_LkXMybX93FKGH) which is basically a full book ELI5 if anyone is interested in reading more. It looks like it can be had on amazon used for about $2.

Some search terms for how the internet works: Packet switched networking, TCP, IP, SSL.

I don't think I have ever read a book about basic internet workings, the internet is really the best place to read about that stuff (hence the search terms).

Instead I will list some books which look at how we define security and why secure systems fail:

Secrets and Lies is a good primer discussing trust / networks / cryptography and a few other things at a high enough level to be interesting to a lay reader: http://www.amazon.com/Secrets-Lies-Digital-Security-Networked/dp/0471453803/ref=sr_1_4?ie=UTF8&qid=1419753343&sr=8-4

Art of Intrusion is packed full of stories about how systems (computers or otherwise) fail and become insecure: http://www.amazon.com/Art-Intrusion-Exploits-Intruders-Deceivers/dp/0471782661/ref=sr_1_1?ie=UTF8&qid=1419753466&sr=8-1 the sister book Art of Deception (stories about Social Engineering) is also pretty good.

The Code Book, mostly history, but provides a great introduction to cryptographic concepts. http://www.amazon.com/The-Code-Book-Science-Cryptography/dp/0385495323/ref=pd_rhf_se_s_cp_7_RTJS?ie=UTF8&refRID=1RRWWY0RNX7G8HRYPFFS

Good advice here. I also recommend Todd Lammeles CCNA book after you've done the Network+. Download GNS3 for playing around.

Also, start using Linux now if you haven't already. Debian, Ubuntu, or CentOS are fine to get started. The majority of network gear is running some flavor of Linux these days. Get comfortable doing things from the command line.

As a reference book, I recommend this: http://www.amazon.com/gp/aw/d/159327047X/ref=s9_topr_hm_bwS_g14_i1

Head first books are really good except you should get the up to date version.

http://www.amazon.com/Head-First-JavaScript-Programming-Freeman/dp/144934013X

I read that javascript book back in the day and i definitely liked it. I'm not sure what's different in the new one but with programming it's always good to be up to date. If you can't get it then this one will do. Everything in there still works and javascript still has pretty much the same idea as in that book.

Sorry this has taken me so long to get too. Been busy.


First, understand that Kali is nothing mote than a collection of tools. Its those tools that you are actually wanting to learn.


KaliTutorials is one place you can start.


Also, there is an abundance of videos on YouTube and if you are serious about wanting to learn penetration testing/security makes sure you book mark Irongeek


Like I said earlier, by the time books are written, edited, and published, they can often be out of date.


If you do want to understand some of the basics, here are books you should look at:


Metasploit: The Penetration Tester's Guide


rtfm


btfm


Basic Security Testing with Kali Linux 2 I havent read this one but I have heard good things


The Hacker Playbook


[The Hacker Playbook 2] (https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing/dp/1512214566/ref=pd_sim_14_4?_encoding=UTF8&pd_rd_i=1512214566&pd_rd_r=2HDYK8BDM5MR8PV03JG8&pd_rd_w=kiAl7&pd_rd_wg=fAjYi&psc=1&refRID=2HDYK8BDM5MR8PV03JG8)


Also a good list of resources can be found here: cybrary.it

The TCP/IP Guide

The Illustrated Network

A bit dated, but pretty well respected:
TCP/IP Illustrated (There are 3 volumes)
----------------------------------
You can find most of this info freely on the web though.

(edit, books are not for beginners and black hat has better reviews)

There are two books, not sure if they are too advanced and I think both are writen for python 2.7 but they are more or less on the subject, one is called 'Gray Hat Python' and another 'Black Hat Python'

https://www.amazon.com/Gray-Hat-Python-Programming-Engineers/dp/1593271921
https://www.amazon.com/Black-Hat-Python-Programming-Pentesters/dp/1593275900/

You could read reviews of these two books to see if this would be a good starting point. Othervise I would search youtube for keywords like 'python network security' and similar...

Well TCP/IP is an entire protocol suite. In addition to IP, TCP, and UDP, it includes higher level protocols like HTTP (uses TCP), DNS (UDP more commonly than TCP), and ICMP (uses IP, not TCP or UDP).

My understanding is that it's called TCP/IP because those were the first protocols and everything else coalesced around/on top of them. Microsoft offers a pretty decent chart showing examples of the layering/encapsulation of the protocols in the suite here.

If you want to dive deeper, Steven's three-volume TCP/IP Illustrated is the de facto reference manual for the Internet -- though dated, it's still very useful and available for cheap used. Alternatively, No Starch came out with a tome of their own called TCP/IP Guide which I've heard a couple colleagues recommend.

Interconnections: Bridges, Routers, Switches, and Internetworking Protocols (2nd Edition)

Internetworking with TCP/IP Volume 1 (5th Edition)

TCP/IP Illustrated, Volume 1: The Protocols (2nd Edition)

are the three 'vendor neutral' books that are recommended by INE as resources for all CCIE tracts.



Cisco CCIE book list contains the following:

Other Publications

Cisco Documentation

Configuring IPv6 for Cisco IOS (Edgar Parenti, Jr., Eric Knnip, Brian Browne, Syngress, ISBN# 1928994849)

Interconnections: Bridges & Routers, Second Edition (Perlman, Addison Wesley, ISBN# 0201634481)

"Internetworking Technology Overview" Available through Cisco Store under doc # DOC-785777

Internetworking with TCP/IP, Vol.1: Principles, Protocols, and Architecture (4th Edition)
(Comer, Prentice Hall, ISBN# 0130183806)

IPv6: Theory, Protocol, and Practice, 2nd Edition (Pete Loshin, Morgan Kaufmann, ISBN# 1558608109)

LAN Protocol Handbook (Miller, M&T Press, ISBN# 1558510990 )
Routing In the Internet (2nd Edition) (Huitema, Prentice Hall, ISBN# 0130226475)

TCP/IP Illustrated: Volumes 1, 2, and 3 (Stevens/Wright, Addison Wesley, ISBN# 0201633469, 020163354X, 0201634953)



edit1:
I own the first three and recommend them for vendor neutral network engineering books, with Perlman's book being the best switching book I've personally ever read.


edit2:
also I find wikipedia articles on computer related topics to be top shelf. I would recommend many of the references and papers referenced in the https://en.wikipedia.org/wiki/Network_theory
article.

Some info on distro differences:

• List of Linux Distributions (the chart is particularly useful)
  
• Comparison of Linux Distributions
  
  A few book recommendations: (books are generally the way to go)
  
  
• The Linux Command Line
  
• How Linux Work
  
• Linux Bible
  
  A few online resources:
  
  
• Introduction to Linux
  
• Tecmint's Beginner's Guide For Linux
  
• Linux Insides (advanced, but free)
  
  Videos/courses:
  
  
• Learn Linux In 5 Days (wait until Udemy has a $10 sale, they always do)
  
• Introduction to Linux
  
• Linux Tutorial for Beginners
  
  Some great past reddit threads I've saved for reference:
  
  
• Troubleshooting Commands
  
• Commands To Run On Unfamiliar System
  
• How Did You Get Your Start
  
• The Dark Corners Of Vim Your Mom Never Told You About

This was awesome, thanks. I work just a few blocks from 60 Hudson and 32 6th (My company gets their internet from Rainbow Broadband, streamed from the antenna on the top of 32 6th) and have always wanted to see what the data centers and switch infrastructure inside actually looks like. But I'm not holding my breath.

If anyone else is interested in this stuff, I recommend reading Tubes by Andrew Blum. He worked for years to get exclusive looks inside the workings of these exchanges, and then tells you all about it. According to his book, the main entrance for network cables into 60 Hudson is a hole a few feet wide in the basement that every tenant has to pay for space in, making it the most expensive tiny sliver of real estate in Manhattan.

> Tanenbaum's Operating Systems - Design and Implementation

It's the bible. Also get his Computer Networks book, another bible :) He's a great writer too, it was one of the few mandatory books we had I read front to back for pleasure.

I would suggest "Cryptography Engineering" by Ferguson, Schneier and Kohno (https://www.amazon.com/Cryptography-Engineering-Principles-Practical-Applications/dp/0470474246).

It gives a good introduction on how cryptography is used while not bothering with too much details. It's also oriented on building secure schemes which are helpful for security.

The detail you can always learn later ;-)

• The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System, 2nd Edition (2012)
  
  This book covers rootkit development, not analysis, on Windows 7 and x86/IA32. It's a must read, if you're interested in rootkits.
  
  
• Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats (Release date set to january 2019)
  
  While not yet released, it looks very promising. Over the years, Microsoft has continually introduced better protections against rootkits and malware in Windows. Among other things, the book will cover how some of the rootkits/bootkits seen in the wild have bypassed protections such as Secure Boot, kernel-mode signing, Patch Guard and Device Guard.
  
  I'd also recommend having a look at the following books:
  
  
• Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software (2012)
  
  
• Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation 1st Edition (2014)
  
  
• The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory 1st Edition (2014)
  
  
  Also, Windows Internals for both Windows 7 and Windows 10 is a great reference to have laying around.

Can you program? If not, learn it! Start out with an easy to learn programming language like Pascal or Java and move on to the more complex C++ and eventually Assembler. Once you've understood the basics of programming (variables, loops, functions etc.) it is a matter of 2 weeks to learn the syntax of a new language.
Get familiar with Linux/UNIX. Learn how user rights work, how the run levels and shell scripts work. Read a lot of code and man pages. The definition of a hack is making a system do something it is not supposed to do. So you have to find a weak point by reverse engineering. Sometimes programmers make mistakes in their code, like a wrong variable type you can then exploit. Learn how a buffer overflow works http://en.wikipedia.org/wiki/Buffer_overflow Also I'd recommend these books: http://www.amazon.com/The-Art-Intrusion-Intruders-Deceivers/dp/0471782661 http://www.amazon.com/Linux-Nutshell-Ellen-Siever/dp/0596154488/ref=sr_1_1?s=books&ie=UTF8&qid=1345626761&sr=1-1&keywords=o%27reilly+linux http://www.amazon.com/Programming-Absolute-Beginner-Experience-Technology/dp/1598633740/ref=sr_1_1?s=books&ie=UTF8&qid=1345626801&sr=1-1&keywords=learn+programming Have fun and good luck!

Stanly has a wait list, but the price can't be beat.

I also think Pluralsight is very very good and worth trying to convince your company to sign up for. If not, it's probably worth it to sign yourself up for $30 a month or whatever it is now.


Lastly, for VMware, these are the two books people seem to swear by for the VCP:
http://www.amazon.com/Mastering-VMware-vSphere-Scott-Lowe/dp/0470890800/ref=pd_bxgy_b_text_y (This is the vsphere 5 version, I believe there is a 5.5 version as well if you're interested)

and

http://www.amazon.com/Official-Certification-Guide-VMware-Press/dp/0789749319/ref=sr_1_1?s=books&ie=UTF8&qid=1394466897&sr=1-1&keywords=vmware+certification

Yes.

Hacking Exposed

Shellcoders Handbook

Reverse Engineering

Malware Analyst's Cookbook

Gray Hat Python

Gray Hat Hacking Second Edition

Writing Security Tools & Exploits

Sockets, Shellcode, Porting and Coding: Reverese Engineering Exploits and Tool Coding for Security Professionals

Professional Penetration Testing

These are definitely some books you could start with. Once you've gone through those, you'll know more then a lot of them out there :)

There's these reddit threads on r/netsec:
http://www.reddit.com/r/netsec/comments/d3hua/how_to_get_started_in_netsec/
http://www.reddit.com/r/netsec/comments/ekyjw/interested_in_learning_about_network_security/

http://www.reddit.com/r/netsec/comments/es4si/what_are_some_good_netsec_books_out_there/
http://www.reddit.com/r/netsec/comments/g6r71/getting_started_in_network_security_a_list_of/

There's also loads of blogs and websites around, if you go hunting or look at some of these netsec threads, you'll find loads more material.

• Jot down a list of areas you were unsure of during the test (i.e. vMotion requirements, HA, SSO, etc) and then research them more.
  
• Take the practice tests again. At the end of each one, look at the chapters you were lacking in the results and reread those areas.
  
  I would also pick up the Mastering vSphere 5.5 book and use that to fill in gaps on the areas you're not doing well with.
  
  Another training resource would be CBT Nuggets. They do a free 7 day trial, sign up when you have 7 days to spend going through their VCP550 material (don't forget to cancel if you don't want to continue with their videos).
  
  Then also lab lab lab. Everything that is explained in the book, you should be doing in a lab. Doing it will help you remember and it will also allow you to hit problems when you do it incorrectly (it happens). When you hit a problem, fixing it is very beneficial to learning about the technology. If you don't hit any problems, break stuff on purpose and fix it.
  
  You can get a trial of all the software and then use an OpenSource system for the NAS/SAN pieces (FreeNAS/Openfiler) or even use the free EMC vVNX appliance (resource hog though).
  
  Those were the steps I took for the test.

Start with reference data sets: https://www.cfreds.nist.gov/

and free tools like Autopsy and SleuthKit: https://www.sleuthkit.org/autopsy/

And the bible on digital forensics: https://www.amazon.com/System-Forensic-Analysis-Brian-Carrier/dp/0321268172

before worrying about proprietary tools like EnCase. Autopsy is like free EnCase. Same principles apply.

See if you can get it used, but this book is well worth it. Giant book, wouldn't go cover to cover unless you wanted a sleep-aid, but great as a reference https://www.amazon.com/TCP-Guide-Comprehensive-Illustrated-Protocols/dp/159327047X

>I timed myself and it took me an hour and a half to finish one section of a chapter to understand it and highlight the important stuff (haven’t even gotten around the notes)

Typically when I read a long, boring, dry text I highlight the shit out of it and take notes. I try not to just read it with words going in one ear and out the other - I'll take it a chunk at a time, sift through the horse shit, and extract the point it is trying to make.

Then I put it in my notes. (I use OneNote a lot. Its free and it allows me to get creative with notes with colors and arranging text and diagrams, etc.)

I sort of got the idea from the "Head First" series of books.

Take a look at this and click "see inside". https://www.amazon.com/Head-First-JavaScript-Programming-Freeman/dp/144934013X/

The information in the book is in chunks sort of "splattered" on the page. Important concepts are large and colorful - smaller supporting concepts surround the important ones.

Structuring books like this works well for me.

I believe that organizing concepts in text in one long string of black and white letters and words is not always the best way for humans to understand and retain information. Its what were used to seeing, its been around for centuries, but with the flexible publishing tools we have today, I argue better approaches are possible.

Funny you should mention The Pragmatic Programmers. When I started working on The D Programming Language I've been seriously discussing working with TPP. (They pay very good royalties for one thing.) After a few discussions, it became clear that they want me to obey their exact format and toolchain, which I found rather limiting. They wouldn't want to accommodate some simple requests such as multi-page tables. So I decided to go with Addison Wesley Longman instead, which gives me total control over format (I send them the final PDF). I think this will be a win for the reader.

There was a lot he left out of The Code Book. If I recall he didn’t even mention elliptic curves or the NSA’s duplicitous role in influencing their recommendation by NIST. Simon briefly mentions the history of elliptic curves here.

I would give Cryptography Engineering a read. It’s more technical than Simon’s book but if this topic interests you this approachable book is going to be a great read.

Simon also compiled a list of links for what he considers are good “what’s next” recommendations: https://simonsingh.net/cryptography/crypto-links/

For the overall picture (vSphere only), you can't go wrong with Scott Lowe's Mastering vSphere 5.

Epping and Denneman wrote a technical deepdive book on clustering which really gets into the nitty gritty.

And for storage, Mostafa Khalil wrote the bible.

Also, if you want to really dive into the virtualization arena, definitely check out the VMware community site. Follow people on twitter, join the live podcasts (community podcast and vBrownBags), etc... Listening to recorded podcasts is also a great way to learn.

I love Tubes: A Journey to the Center of the Internet. It’s great in that it goes to physical locations that are important to the Internet, and described them. If you’re a Service Provider Engineer, many will be familiar but described through the eyes of someone fairly non-technical. If you’re an enterprise Engineer, some will be familiar, and some will be all new. Really fun, quick read.

There's Andrei Alexandrescu's book, The Day Programming Language, which has been well received. Andrei is one of the language designers and joined Walter Bright pretty early in the process of designing D2, the current version of D.

I haven't read it (I prefer online documentation and forums), and I'm unfamiliar with the book you mentioned (I'm mostly familiar with K&R's C).

Anyway, hope this helps!

Most current information you are going to want to read online. There is no substitute for that. The books I'm currently reading through are:

The Web Application Hacker's Handbook 2nd Ed

The Tangled Web

Metasploit: The Penetration Tester's Guide

Webbots, Spiders and Screen Scrapers

NoStarchPress fanboy all the way :)

Keep in mind, though, that the technical requirements are only half of being employable. You also need to be a good employee, who can work with the client and keep them satisfied. For those, I recommend:

True Professionalism

Trusted Advisor

What most consider the original is actually titled:

• Hackers by Steven Levy
  
  More recently, there have been several excellent titles. My suggestion is stick to non fiction as it will truly scare the yell out of you.
  
  
• Kingpin by Kevin Paulsen
  
  
• Hackers and Hacking by Margaret Haerens
  
  
• Cyber War by Richard C Clarke
  
  
• Schneier on Security by Bruce Schneier ---
  Almost everything by Bruce
  
  
• The Art of Intrusion by Kevin Mitnick. He has a couple of books as you may know. The advantage is he offers the perspective of a "former" hacker.
  
  I can recommend more but these are good starting points. Fiction is fun but for pure terror, grasping what these authors are revealing is the key.

I'd recommend taking a look at Framework Design Guidelines: Conventions, Idioms, and Patterns for Reusable .NET Libraries.

It's a pretty easy read and gives very comprehensive guidelines for designing libraries.

If you want to run Bind to learn it I'd install it on another computer and point your pi-hole to it. That way if you break Bind you can tweak the pi-hole and get your DNS back working.

I run a pair of pi-holes pointed to a copy of Unbound on a different server that is then pointed at OpenDNS. I could use the Unbound as a resolver rather than a forwarder but I like some of the OpenDNS features.

Playing with Unbound a bit before jumping into Bind is a good idea, for Bind I'd suggest this 600 page book:

https://www.amazon.com/DNS-BIND-5th-Cricket-Liu/dp/0596100574

A 500 count bottle of aspirin and some ice for your forehead after you start banging it on your desk.

Number 1 pitfall - not actually reading the manual...

There's such a wealth of good accessible information both online and in print that you should try to absorb some of it before you start this process.

Apart from the actual product docs themselves (which are actually pretty good) VMware have some good resources here [https://my.vmware.com/web/vmware/evalcenter?p=vmware-vsphere51-ent&lp=default#tab_preinstall] and here [https://my.vmware.com/web/vmware/evalcenter?p=vmware-vsphere51-ent&lp=default#tab_install]

There's also 3rd party books/resources worth checking out including this great one
[http://www.amazon.co.uk/Mastering-VMware-VSphere-Scott-Lowe/dp/0470890800/ref%3Dsr_1_1?ie=UTF8&qid=1319188175&sr=8-1] This [http://www.amazon.com/VMware-vSphere-Design-Forbes-Guthrie/dp/1118407911] is an advanced book looking at vSphere design but it's quite readable and it does make you realise that it's often worth thinking about how you design/build your VMware environment and what you can do early on to make your environment highly available and meet your performance objectives.

You mentioned lack of budget for training - make them spring for just a few bucks for a pluralsight subscription for a couple of months and watch their online video based training materials for VMware [http://pluralsight.com/training/Courses/Find?highlight=true&searchTerm=VMware]

vSphere Essentials will do what you need. Depending on how fast you're going to grow your virtual datacenter, you may want to look at the other options and consider the cost differences. I've never had to upgrade from Essentials, so no clue what that process is like.

Yes, the hypervisor is the same across the various versions.

Mastering VMware vSphere 5 by Scott Lowe.

Attend VMworld.

As a final note I'd get more RAM in your servers if I were you. Servers are memory hungry. I personally find that I always have plenty of CPU resources available but fall short on RAM. However, it really depends on the workload you're throwing at your cluster, so ymmv.

Have fun!

If you're looking for practice you can use sysinternals notmyfault but you have to first configure the system to produce a complete memory dump. Another option is memoryze from Fireye (previously Mandiant) though it looks like it hasn't been updated in awhile. I also recommend picking up a copy of The Art of Memory Forensics. That should be enough to get your feet wet.

edit; I forgot to mention Lenny Zeltzer's cheat sheet's as well. While not specifically related to memory forensics there is a sheet covering just about every aspect of infosec from incident response, volatility, reverse engineering, assembly language, analysis report writing, and much much more.

For me, Head First JavaScript Programming was a lifesaver when I first started learning JS. I just wish that I had started with it.

I also recommend the You Don't Know JS series.

Here are a few books I recommend:

Blue Team Handbook


Defensive Security Handbook


The Practice of Network Security Monitoring


Crafting the Infosec Playbook


And don't forget the NIST Cyber Security Framework

I would refer you to Framework Design Guidelines, Krzysztof Cwalina. It's an awesome book that deals with best practices. It will not help to learn .NET or C# or VB or whatever, but will provides usefull guidelines about general design principles.

Chapter 3, is Naming Guidelines. Part 3.2 is General Naming Convention. A lot of specific point are approched and you have Brad Abrams, Jeffrey Richter, and others known programmer giving their opinion on each point. Extremely informative !!

Here's one excerpt, among many many more.

> AVOID using identifiers that conflict with keywords of widely used programming languages.

> JEFFREY RICHTER : When I was porting my Applied Microsoft .NET Framework Programming book from C# to Visual Basic, I ran into this situation a lot. For example, the class library has Delegate, Module, and Assembly classes, and Visual Basic uses these same terms for keywords. This problem is exacerbated by the fact that VB is a case-insensitive language. Visual Basic, like C#, has a way to escape the keywords to disambiguate the situation to the compiler (using square brackets), but I was surprised that the VB team selected keywords that conflict with so many class library names.

EDIT : Refering to sanity's post earlier, it is the second point in part 3.2.1 of the book :

> DO favor readability over brevity. The property name CanScrollHorizontally is better than ScrollableX (an obscure reference to the X-axis).

go get scott lowe's mastering vsphere 5.5. also go check out vmware's free learning videos. to get some good hands on experience check out vmware's free hands on labs. good luck.

I took general networking courses in college as part of my major and honestly, I didn't learn much. If you want a good book on general networking, read this fantastic book by Radia Perlman:

Interconnections: Bridges, Routers, Switches, and Internetworking Protocols (2nd Edition)
http://www.amazon.com/Interconnections-Bridges-Switches-Internetworking-Protocols/dp/0201634481/ref=sr_1_1?ie=UTF8&qid=1321155480&sr=8-1

If it's a college course where you can get a CCNA at the end, I'd recommend taking that.

If its mostly linux thats the problem, you can try studying with https://linuxacademy.com/. You can make virtual servers that you can mess with. You just need Putty and TightVNC. Follow one of their courses, like Linux Essentials.

You might also check out the Linux Bible. Linux is good to know if you're going for network administration.

For general security stuff, I'd recommend Mike Meyers Security+ Passport. Very clear writing and it just goes over what you need to pass the test. It also comes with a load of practice test questions (Total Tester) which was the most helpful thing I used to pass the test.

And if you have problems with port numbers, use this. Take it one or twice a day until you know all of them.

As another poster said, you don't necessarily need a SAN, these days you would be best off starting with storage connected over your network (VLANed and QoSed), you could start with a NAS device and use NFS datastores.


If you wanted to go for a SAN you can get an iSCSI SAN as also already mentioned Dell EqualLogic is a good option

A couple of books to read :

Scott Lowe et al. Mastering VMware vSphere 5.5

http://www.amazon.com/Mastering-VMware-vSphere-Scott-Lowe/dp/1118661141

Storage Implementation in vSphere 5.0

http://www.amazon.com/Storage-Implementation-vSphere-VMware-Press/dp/0321799933/

The latter book is a good in depth look at storage from VMware press.

The main thing to be aware of for storage is IOPs and latency, these are the biggest performance killers as you scale. So design around desired IOPs (Input/Output Operations Per Second).

For people who want to get into network security and have have a moderately good grasp on programming, I nominate Gray Hat Hacking . Each chapter in the book is basically devoted to a certain aspect of hacking (windows exploits, xss attacks, metasploit, etc). It's a good all around introduction to pretty much all the important aspects you need to know.

next, I recommend getting familiar with metasploit as it can save you a lot of time with a lot of different types of attacks. The guys from offensive security have a website , but there is also an ebook available if you want it.

It's important to understand security from both an offensive and defensive side of things.

• The Practice of Network Security Monitoring: Understanding Incident Detection and Response
  
  
• Applied Network Security Monitoring: Collection, Detection, and Analysis
  
  Either one of these two should get you started. I haven't personally read the 2nd one, but I've heard good things.
  
  Followup/Read along with either/both of the following:
  
  
• [Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems] (http://amzn.com/1593272669)
  
  
• Network Forensics: Tracking Hackers through Cyberspace

If VMware is the route you want to go then I'd watch the VCP-DCV video series on CBTnuggets.com. Keith does a great job walking you through setting up a nested ESXi lab and prepares you for the VCP550 exam.

I'd also pick up a copy of Mastering VMware vSphere 5.5

Please keep in mind that if you are wanting to get certified in VMware you'll have to take one of their mandatory [classes].(https://mylearn.vmware.com/mgrReg/plan.cfm?plan=45082&ui=www_cert)

Not all will be. Metasploitable comes in a vm. I believe Damn Vulnerably Linux (DVL) is a live cd. DVL is discontinued though so its hard to find.

You could always install vulnerable services yourself and try breaking into them. Check out NVD for vulnerabilities in software. There are also tons of resources out there to learn, some free, some not. For example, Metasploit Unleashed is a good free resource. There are also many books such as An Introduction to Penetration Testing and Metasploit.

Please also remember to keep what ever you do legal. Do not attempt to break into systems unless you have permission from the owner or you own it, etc, etc. This is why I recommended vms. It is easy to keep all pen testing in an isolated environment.

I've been self-hosting DNS for decades. It's totally doable. Reading the grasshopper book wouldn't be a terrible idea.

I finally got off BIND and would encourage everyone else to do the same. I'm using PowerDNS and NSEdit to manage records.

I use a free service as a slave for my secondary DNS server.

Computer Networking: A Top-Down Approach

The book should be mostly sufficient for a modern approach to "end systems". The text content for SDN and NFV is fairly short, while the rest of the content digs pretty deep into the technical side of networking. If you get the newest version, it has been updated to accommodate newer concepts like SDN etc. Included with the book is access to online resources like Wireshark labs to reinforce learning.

The first rule of "learning the basics of hacking" is that you don't ask or talk about "learning the basics of hacking". I learned this the hard way when I was about 12 years old on irc.

And there is really only one shade of hacking, and that is 'gray'. You may become a white hat, or a black hat depending on your motivation. But I personally do not look at anything in absolute contrast. The world is gray, hacking is gray, your mother is gray.

Speaking of 'gray', if I were you I would check out this book

I have not read it myself, only skimmed through it over coffee at barnes&noble. Looks like it covers a very broad spectrum of hacking and seems 'user friendly' enough. Also start reading 2600, and check out securitytube.net

I recommend this book to everyone who writes C#: Framework Design Guidelines

https://www.amazon.com/Framework-Design-Guidelines-Conventions-Libraries/dp/0321545613

I have read it 6 times, and know every detail in the book. I am now absolutely a top tier expert in c#. (I have had roles such as Lead Architect for multiple 1/2 billion dollar projects.) Whenever anyone asks me about how I got so good, I always say this book was what started everything for me.

Read it to understand it. If you do not understand something, research the topic, write test apps and spend your time on figuring out what it means.

The book is a bit outdated, as some topics have changed. For example c# now has variance built in and there is no longer a need for mimicking it.

Additionally, a tool like ReSharper follows the Guidelines outlined in that book, and adds too it. So having ReSharper, and spending the time to understand it's warnings will be additional help.

These two resources will help in specifically C#. Additional frameworks such as MVC is touched on, but not explained in detail. I although feel that understanding the language will help you pick up how to use frameworks.

https://smile.amazon.com/gp/product/1593275099/

I am not sure about the size of your environment. If it's small, Splunk may be way outside your budget.

Take a look at that link above if you really want to build an open source solution for security monitoring. It'll take a lot of elbow grease and knowledge of your business to be effective. Pick up the book and build yourself a POC to see what you can see.

I'd check out these two books from the local library and read the first 2-3 chapters. It might contain more than what you need, but these are pretty well written books and don't assume a lot of previous knowledge.

http://www.amazon.com/Structured-Computer-Organization-5th-Edition/dp/0131485210

http://www.amazon.com/Computer-Networks-5th-Andrew-Tanenbaum/dp/0132126958/ref=la_B000AQ1UBW_sp-atf_title_1_1?s=books&ie=UTF8&qid=1376126566&sr=1-1

Or you could just check out your network settings and search for the terms that you encounter (IP address, DNS, DHCP, gateway, proxy, router, firewall)

This is why I recommend all my pen testing peers read a book on cryptography, to better understand how things like this can break in very not obvious ways.

http://www.amazon.com/Cryptography-Engineering-Principles-Practical-Applications/dp/0470474246

The O'Reilly DNS books are great. I highly recommend the BIND and DNS book.

Also don't you want to advance in the field of computer forensics? Here's a book that gives you some understanding of what you will be dealing with, sounds like good application for your computer skills:
http://www.amazon.com/System-Forensic-Analysis-Brian-Carrier/dp/0321268172

And a presentation based on this book to see what it's like:
http://mcgrewsecurity.com/training/extx.pdf

I think it was Mastering vSphere 5 - I am not sure - it was on Amazon. Honestly, I read the book and passed the test. my 5 years of experience pretty much helped me.

Disclaimer, I am not certified, you can't be without a registered class AND test. I have only passed the test and cannot afford the $3K class yet

Edit: Found it! http://www.amazon.com/Mastering-VMware-vSphere-Scott-Lowe/dp/0470890800/ref=sr_1_1?ie=UTF8&qid=1376012706&sr=8-1&keywords=mastering+vsphere+5

For any of those interested in learning more about ISP's, Interconnects, Peering, and how the internet actually works, I've found Andrew Blum's book, Tubes, to be absolutely amazing. I've re-read it three times now. http://www.amazon.com/Tubes-A-Journey-Center-Internet/dp/0061994952

This pdf has some great info on systems administration

This book was a great read. Violent Python

This book goes very deep into exploit development with python in windows environments Gray Hat python

Same author as above, I have not read yet, but it is on my todo list Black Hat python

Heavily C based, but a great explanation of x86 and low level systems Rootkit Arsenal

Practice of Network Security Monitoring is the best place to start.

All of these are good recommendations.

Personally, I would recommend http://www.amazon.com/Linux-Bible-Christopher-Negus/dp/1118999878/.

It's very shallow but broad. Good start if you know next to nothing.

Bro, you should really learn more about this kind of stuff before you get your self in prison. From your posts it is obvious you are up to no good and have barely any knowledge of TCP/IP. I would put aside aside trying to RAT random people and pick up a book on TCP/IP. If you're actually interested in pursing a future in Netsec, RATing people is not going to help you. I suggest you setup a Virtual lab and practice setting up linux/windows servers, understanding how things work is necessary to being an effective hacker.

OpenVPN is very secure. You could rent a VPS and install a OpenVPN server on it, you would then connect to it with the computer hosting the RAT server, on the OpenVPN server you would configure iptables to forward any traffic on a specific port to your RAT servers VPN ip address. You can do that using iptables NAT rules as described here.

It would be far more straight forward to instead just use SSH to forward ports or to instead install the RAT server on the VPS.

Don't RAT random people, just learn how to do this stuff in a virtual environment where you don't break any laws.

Framework Design Guidelines is an excellent book for those that author APIs. I would recommend it to any developer or architect, not just .Net people. Various MS .Net and related team members share their thoughts and opinions on what they did right and wrong with .Net as they share their own, internal design guidelines.

Indeed. As the article concludes, it's better to use a specialized and proven construction like PBKDF2, bcrypt or scrypt if you don't know what you're doing.

I fondly remember a quote from Cryptography Engineering (I think): "Anyone who creates his or her own cryptographic primitive is either a genius or a fool. Given the genius/fool ratio for our species, the odds aren't very good."

Yes, ARPA was on X.25, but that was not the only communication protocol out there. The IP stack was built because the different networks used different protocols and the desire to communicate between them required a standardized one.

Yes, ARPANet, NSFNet, CSNET, and a slew of others were the roots of the internet, but there was NO internetworking going on before that. The internet was born when they started internetworking. Argue with Tanenbaum, not me.

Since I can't find the full text of his book, here's a wiki article citing it: https://en.wikipedia.org/wiki/History_of_the_Internet#Transition_towards_the_Internet

http://www.amazon.com/Computer-Networks-5th-Andrew-Tanenbaum/dp/0132126958/ref=sr_1_1?s=books&ie=UTF8&qid=1377285254&sr=1-1&keywords=Computer+Networks

Have fun.

I have heard a lot of great reviews of Computer Networks by Tanenbaum in terms of its ability to teach networking. Alternatively, you could get the 4th edition book a lot cheaper with the caveat that it is older and may not be completely up to date.

This is a great list, thank you very much.
I also happened to decide to study networking but for a bit deeper, my choice was this book.

https://www.amazon.com/Computer-Networking-Top-Down-Approach-7th/dp/0133594149

This is a complete networking essentials, for grads, phDs, masters.

Is also has a helper site with video notes and animations

https://wps.pearsoned.com/ecs_kurose_compnetw_6/216/55463/14198700.cw/index.html

Yeah, I’m quite sure you don’t understand how the internet works. I’d recommend the book Tubes: A Journey to the Center of the Internet https://www.amazon.com/dp/0061994952/

For networking I would recommend:

• TCP/IP Illustrated by Stevens.
  
• Computer Networks, 5th Edition by Tanenbaum (of Minix fame and more) and Wetherall (taught my networks course at U of Washington).
  
• Seconding RFCs; Ethernet, IP, TCP, UDP, and the protocols layered on top are all there and they're fairly approachable.

You need to know a lot of things to be able to figure that kind of stuff out. Not just low-level programming but details about hardware, tricks the developers used to create the product...

These books might be a good start:

Reversing: Secrets of Reverse Engineering

Gray Hat Python - Since you are familiar with Python right now

Gray hat python is apparently pretty good:
http://www.amazon.com/Gray-Hat-Python-Programming-Engineers/dp/1593271921
(pdf - http://news.asis.io/sites/default/files/Gray-Hat-Python.pdf)

D is starting to become more popular. It's graced the frontpage of /r/programming a bit recently. One recommended resource is the book written by one of the language's developers: The D Programming Language.

Looking for solutions manual of Computer Networking: A Top-Down Approach (7th Edition) in 7th edition only:

The solutions manual is easily available in 6th Edition, but I am looking for the 7th Edition Solutions Manual only. Willing to pay $5 PayPal. There seems to be a version here but I cannot access it, so perhaps someone else can.

Willing to pay $5 PayPal.

Thanks!

If you go down the VMware route (which is what I did):

Free online entry level training: VMware Data Center Virtualization Fundamentals

Free Automated Lab Builder: http://www.labguides.com/autolab/

CBT Nuggets or Pluralsight have training videos available (not free)

An excellent book on the subject is: Mastering VMware vSphere 5.5 (Amazon UK) / Mastering VMware vSphere 5.5 (Amazon US)

Ignore the poor reviews on the Amazon UK page, it's just a bunch of people whining about the Kindle price (check the previous edition, or the US store for more representative reviews).

The Unix book is good, the first one has it's own merits but think more like this ...

http://www.amazon.com/gp/aw/d/159327047X/ref=mp_s_a_1_2?qid=1412784854&sr=1-2.

Sorry for the whole url, I'm using my phone and heading into work.

Links for anyone looking to purchase a copy of these books

 

Mastering VMware vSphere 5.5
Amazon |
Barnes and Noble |
Google Play |
iTunes |
O'Reilly |
Wiley

Mastering VMware vSphere 6
Amazon |
Barnes and Noble |
Google Play |
iTunes |
O'Reilly |
Wiley

 

Happy VMing!

The DNS and BIND book is commonly accepted as the DNS bible. It is mostly about BIND but BIND is the reference DNS implementation and all the concepts apply to most DNS servers.



Of course Wikipedia is also a wealth of knowledge in this area.

DNS can be confusing, I'd recommend 'DNS and BIND' by Cricket Liu for some light reading on DNS structure, records, and best practice implementation... I found it to be incredibly informative

https://www.amazon.com/DNS-BIND-5th-Cricket-Liu/dp/0596100574

I recommend the books "The Art of Intrusion" and "The Art of Deception" by Kevin Mitnik. One of the most famous hackers in history (the movie Hackers was inspired by him and Hackers 2: Takedown is a moderately historical adaptation of his escapades). The books gives a breakdown of what he did and what hacking is really like (in the 80s and 90s, at least). In short, its more research, reading, trial and error, and social engineering than actual typing.

The reason for the extra memory is well I figured I might as well just max out the motherboard from the start considering how cheap memory is in the first place and not worry about wanting to upgrade that down the line. I am planning on starting out with ESXI 5.0 anyway and picking up this book http://amzn.com/0470890800 as my go to reference manual outside of the google library.

I had no plan of using the onboard RAID hardware at all - I've already been warned by a friend (who builds clusters and borderline supercomputers for universities for a living) that the onboard RAID stuff will suck and that I should either buy a separate controller (just like you did) or use a software based configuration. Which brings me to my next question, what would you recommend for to purchase as a separate controller card?

If you already have a basic idea of how the machine works, I really have to recommend D as a powerful and, above all, sensible high-level language that isn't bound to a single platform the way C# is. You can do (almost) everything you can in C++, and more (the almost is multiple inheritance and binding to C++ libraries, but there are ways around both). If you're curious, check out Andrei's book or ask for more info in our IRC channel (irc://irc.freenode.net/#d).

my friend vows by the head first series. I never liked it, but might be good for beginners. http://www.amazon.com/Head-First-JavaScript-Programming-Freeman/dp/144934013X

http://www.amazon.com/Internetworking-TCP-IP-Vol-5th/dp/0131876716/ref=sr_1_1?s=books&ie=UTF8&qid=1351099800&sr=1-1&keywords=Internetworking+with+TCP%2FIP

(think theres a newer edition, thats the one i have however)

One of (if not) the best book ive ever read on networking, I read it whilst i was studing CCNP and have read it another couple of times whilst studying for CCIE, also this;

http://www.amazon.com/Interconnections-Bridges-Switches-Internetworking-Protocols/dp/0201634481/ref=sr_1_1?s=books&ie=UTF8&qid=1351099354&sr=1-1&keywords=Interconnections%3A+Bridges%2C+Routers%2C+Switches%2C+and+Internetworking+Protocols

I did a quick search and found 2 books specifically in your current field of interest. Gray Hat Python and Violent Python

I've never read either of them, but they look interesting.

also if you determined to use Linux/Ubuntu w/e I highly recommend the following references, they have been invaluable to me.

• https://www.amazon.com/How-Linux-Works-Superuser-Should/dp/1593275676/ref=sr_1_1?ie=UTF8&qid=1469055946&sr=8-1&keywords=how+linux+works+what+every+superuser+should+know
  
  
• https://www.amazon.com/Linux-Bible-Christopher-Negus/dp/1118999878/ref=sr_1_1?ie=UTF8&qid=1469055968&sr=8-1&keywords=linux+bible

I can recommend everyone to read this 1616 page book for a sweet and short introduction to TCP/IP.

I've got almost a decade of using VMware products under my belt. I thumbed through Mastering VMware vSphere 5.5 and focused on the things I didn't use on a daily/weekly/monthly basis. I passed with flying colors.

If you're not up to speed on a certain topic, don't lie to yourself, review it and you'll be fine.

Andrei's book on D: "The D Programming Language" would be another great read whether you are looking into the D language or not, it is a great read for general programming design IMHO :-)

Social Engineering: The Art of Human Hacking
All of your security infrastructure is meaningless if I can call Suzy in Accounting and ask her for her password.


TCP/IP Illustrated, Vol. 1: The Protocols
Yes, I know this book is old. This book is the Mutha-Fecking 1969 Camaro 454SS of networking books.
It simply NEVER goes out of style.


Wireshark for Security Professionals: Using Wireshark and the Metasploit Framework
If you don't have a basic understanding of Wireshark and Packet Analysis, you're useless to me.
You don't have to be a wizard. You don't have to look at the Matrix and see Blondes or Red Heads. But you MUST possess a clue.
I have no specific love for this book. Just pick any good looking Wireshark book writen for an InfoSec audience.

DNS and BIND (5th Edition)
The author "Cricket Liu" is THE DNS guy. He literally wrote the book on DNS.

Designing for Cisco Internetwork Solutions Foundation Learning Guide: (3rd Edition)
The Cisco CCDA track will teach you focus on technical requirements, and aligning network functionality to match those requirements. Data Networking is CRITICAL knowledge to InfoSec professionals. But you might find this an easier starting point than CCNA.

https://www.amazon.com/Computer-Networking-Top-Down-Approach-7th/dp/0133594149

This is the 7th edition, i have the 5th which is extremely valuable and precise in it's context. Built very good and easy to understand, but also VERY in-depth.

I read through, cover to cover, http://www.amazon.com/Mastering-VMware-vSphere-Scott-Lowe/dp/0470890800 & http://www.amazon.com/gp/product/0789749319/ref=oh_details_o01_s00_i02?ie=UTF8&psc=1

I also got a chance to go to VMWare Install, Configure and Manage 5.1 (I think that is the course name), but that didn't seem to have as much useful information as the books did.

http://www.allitebooks.in/linux-bible-9th-edition/

Or

https://www.amazon.co.uk/Linux-Bible-Christopher-Negus/dp/1118999878

I bought it as a means of looking things up for those brain fart moments, it’s a good resource, but I wouldn’t recommend trying to read the whole thing in one hit as it’s a lot of information to take in.

I enjoyed reading Networks 5th edition by A. Tanenbaum. It's thorough and pricey, but very well written, witty and provides historical context.

Few books for you to consider - I got these for my course and are hugely useful. I've also included the Encase book as I know our forensics guys go back to it all the time:

Computer forensics using open source tools

The essential Brian Carrier - file system forensics

Real Digital Forensics

Encase training book

Digital Forensics Investigation

Forensic Discovery