(Part 2) Best products from r/ITCareerQuestions
We found 45 comments on r/ITCareerQuestions discussing the most recommended products. We ran sentiment analysis on each of these comments to determine how redditors feel about different products. We found 224 products and ranked them based on the amount of positive reactions they received. Here are the products ranked 21-40. You can also go back to the previous section.
21. Learn Windows PowerShell in a Month of Lunches
- Used Book in Good Condition
Features:
22. Learn Windows PowerShell in a Month of Lunches
- Nylon ripstop upper with lightweight welded synthetic overlays
- Adjustable hook-and-loop instep strap
- Breathable mesh lining
- Padded tongue and collar
- Grippy rubber FastLift outsole
Features:
23. CanaKit Raspberry Pi 3 Complete Starter Kit - 32 GB Edition
- Raspberry Pi 3 (RPi3) Model B Quad-Core 1.2 GHz 1 GB RAM
- On-board WiFi and Bluetooth Connectivity
- 32 GB Micro SD Card (Class 10) - Raspberry Pi Recommended Micro SD Card pre-loaded with NOOBS, USB MicroSD Card Reader
- CanaKit 2.5A USB Power Supply with Micro USB Cable and Noise Filter - Specially designed for the Raspberry Pi 3 (UL Listed)
- High Quality Raspberry Pi 3 Case, Premium Quality HDMI Cable, 2 x Heat Sinks, GPIO Quick Reference Card, CanaKit Full Color Quick-Start Guide
Features:
24. Complete CCNA & CCNP Cisco Certified Network Professional Home Lab Kit
- Complete CCNA & CCNP Cisco Certified Network Professional Home Lab Kit
Features:
25. Hacking: The Art of Exploitation, 2nd Edition
- Easy to read text
- It can be a gift option
- This product will be an excellent pick for you
Features:
26. The First 90 Days: Proven Strategies for Getting Up to Speed Faster and Smarter, Updated and Expanded
- Harvard Business School Press
Features:
27. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
- No Starch Press
Features:
28. Blue Team Field Manual (BTFM) (RTFM)
- A Good Smile import
- From the popular anime series
- Includes three face plates for multiple expressions
- Includes P90 weapon p-chan and shooting effect parts
- Two VZ61 submachine guns and combat knife
Features:
30. The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory
Wiley
31. Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry
Syngress Publishing
32. Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 8
- Syngress
Features:
33. Incident Response & Computer Forensics, Third Edition
McGraw-Hill Osborne Media
34. Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
- Wiley Publishing
Features:
35. The IDA Pro Book, 2nd Edition: The Unofficial Guide to the World's Most Popular Disassembler
- Used Book in Good Condition
Features:
37. The Phoenix Project: A Novel about IT, DevOps, and Helping Your Business Win
- IT Revolution Press
Features:
40. Cryptonomicon
- Features an adjustable rise for extended use to suit your growing baby
- Two sizes will fit from birth to potty. Snaps provide added longevity.
- Leg gussets provide superior protection against leaks
- Pair with basic Prefold Cloth Diapers and save $2000 over disposables!
- Bonus Dainty Baby Reusable Bag. Image shown does not represent actual colors that will ship.
Features:
I'd say stop focusing on certifications and start focusing on learning how to do things.
How extensive is your Home Lab?
Have you built out any VM's yet?
Have you built a Windows domain yet?
Have you built a Squid proxy on Linux yet? (Not that Squid is super-useful anymore, but its a decent project with clear results.)
Have you built a pfSense firewall yet?
Have you bought a Raspberry Pi yet (the cheapest Linux Server on the planet)?
When you apply for that next-level job you have in mind, in the interview I am not going to ask you questions that might appear on a certification exam. I am going to ask you questions related to real-world scenarios of problems I think you are likely to encounter in the job under discussion. And I need to see how well you are ready to deal with them.
-----
"I can't afford any of those things..."
If you are trying to learn everything on just one computer or laptop, that's certainly a problem.
But if you have a second PC, just a $300-500 clunker, it changes everything.
CentOS Linux is free.
KVM Virtual Machine manager is free.
Linux Foundation - Intro to Linux for Free
Linux Foundation - Online Course Catalog - some free some paid
DigitalOcean Linux Tutorials
Docker Self-Paced Training
Windows Server 2012R2 Evaluation is free.
Windows 10 Professional Evaluation is free.
Microsoft Virtual Academy
Microsoft MSDN Product Evaluation Center -- Free Downloads
Microsoft TechNet Product Evaluation Center -- More Free Downloads
If you only have a single computer, and cannot afford a second computer, you still have options:
Amazon Web Services has a free offering for you to build virtual machines to play with:
https://aws.amazon.com/free/
If you want something a little more permanent, Amazon Light Sail now lets you build low-end virtual servers for as low as $5/month:
https://amazonlightsail.com/pricing/
Microsoft also has some free offerings for virtual servers:
Microsoft Azure Cloud Services Free Trial Center
Microsoft Training Info Center
Microsoft Ignite Training Convention Video Center
Microsoft MSDN Video Training Portal
-----
In my opinion:
If you think you are likely to apply for some Government or Contractor positions that require security clearances, go ahead and complete the Security+.
But I think you might want to focus a little more time on combining technologies into scenarios where you learn how to perform business operations tasks, rather than add another narrow-focused skillset.
I also encourage you to make yourself gain comfort with Linux.
YES: you will need to learn a whole new world of syntax and terminology, and learn to do more with syntax and less with icons.
But the benefits are real, and significant.
Buy one of these:
Amazon: Raspberry Pi 3 Complete Kit $75
That's a complete Linux Server. Just add a USB keyboard, mouse & HDMI monitor.
Watch two or three of these videos, and observe that all of the biggest players working on the sexiest of technology projects are all doing it on Linux:
USENIX Site Reliability Enginering Convention 2014 Presentations - Free
USENIX Site Reliability Enginering Convention 2015 Presentations - Free
USENIX Large Installation System Administration Conference 2014 Presentations - Free
USENIX Large Installation System Administration Conference 2015 Presentations - Free
-----
> [MCSA]... But again, how far can I really go trying to learn this with home equipment? I'm sure I could install a Server OS, but I don't know if I can play with the inner workings on a home network enough to familiarize myself with the content.
If you have a small home server, you can install Windows Server 2012 R2 evaluation on it, and add the Hyper-V service, and run at least 2 virtual machines on it.
The Server could become a domain controller. Then you add a guest server and a guest client using Windows 10 evaluation and another Windows server eval license.
Now you join them to a domain together and start writing GPO policies and playing in the Forest...
That can also be done in Azure cloud with virtual machines. The challenge is the short duration of the free period in Azure cloud.
You don't need math, but it's nice to know.
You don't need a degree, but they're nice to have especially when moving into management and job searching.
​
My background:
I transitioned from a role as accountant and CPA to managing the IT resources full-time for the business I worked at. Eventually it became too much to try and balance both, so I made the leap into an MSP. I used to build computers for people in my spare time and set up church networks, so I was a little more seasoned when applying. I've been in one about 3 years. Granted, each MSP is different, but my life has been hectic. Talk about drinking from a fire hose. If anything positive has come from this is lifelong friends and fast knowledge gains. You'll work on lots of different items, different problems, and it will train you to be efficient in time management and a good "Googler." Or you won't and you'll know more about yourself even more so.
​
You won't get 65K a year from a help desk job with no experience. I started at 32K, which was a huge drop from the 60K I was making, but I needed a change. I made up the salary loss within year and half of proving myself.
​
My plan for you, if you're able:
​
​
Anyone can disagree, or agree, but my small circle of IT professionals here (about 60 of us in same clubs, professional organizations, etc.), most of us have had similar paths and successes by doing most of these.
I’ve been working on this for a while, so I might as well drop it here. It should provide an authoritative answer for “How do I get started in CyberSecurity”
Before I get started, there are a few things I need to explain about cybersecurity - There are a ton of different areas of “CyberSecurity”.
This post is specifically catered around the core concepts of cybersecurity.
The most basic thing you need to understand about cybersecurity: It revolves around stuff communicating with other stuff. Anything from side-channel attacks to large-scale DDoS’ - stuff is insecure because stuff communicates with other stuff. Communication can be hard understand and even harder to define (let alone secure). I know this is a very vague statement, but it’s one of the core, fundamental concepts of cybersecurity.
The second most basic thing about cybersecurity you need to understand - “hacking” (I hate that word) as it’s known is not some bond-villain type activity. It’s intentionally mis-using something that already exists in a way that introduces a security flaw into the environment. Sometimes the right circumstances line up and this flaw can be leveraged into something, but sometimes it can’t.
I split up my resources into offensive-based and defensive-based because it’s important for you to understand that while each of these groups are individually important, each knowledge area is not as effective without the an understanding of the other one.
One other thing to note - Certifications are great, but you need to de-couple the idea that certifications=knowledge/skills in this field. There are certainly certifications that break out of that mold, but for the most part, this holds true. I’ve ordered them in the order in which I used/learned with these resources, so you can follow-along directly in order (if you want to). I learned offense first, so that’s the way I’m laying it out here.
Offensive-Based:
I started my career in InfoSec by studying for the most basic, foundational certification: The Security+. This is the best beginner-level cert that says “I know something about security.”
I learned by going through Professor Messer’s entire course, and I felt pretty ready after I went through it all. Here’s the link to his Sec+ course
Now, lets get into some practical stuff. OverTheWire. These are war-games, or CTF’s - challenges designed to test your practical ability in security, but also designed to help you learn new things. CTF’s are the absolute best way I’ve found to learn security. Here’s the link to OverTheWire in case Google is down. If you get stuck, here are some helpful write-up’s.
Do them in this order:
At this point, you should be set to start with the books and Hacking Labs.
At this point, I’d recommend going for another certification - CEH. Once you have the CEH, you’re ready to move into more practical-based certifications. Here's what I used to learn and practice the CEH:
Now, lets get into some more practical exploitation. PentesterLabs focuses a bit more on WebApp stuff, but I’ve found its the best intro-environment (as it is relatively scripted scenarios, and you don’t have to do as much recon). They're fairly explanatory, and will walk you through the solution if you get stuck.
Next, lets get into HackTheBox (Exploitable virtual machines, ranging in difficulty. You’re going in mostly blind here, so you have to do your own recon and enumeration): HackTheBox
Here are some helpful write-ups (Written Explanations):
Also, there’s some super awesome video explanations by IppSec
After you get through most of these, you should be set to start on your OSCP. The OSCP contains a course (Penetration Testing with Kali), a lab environment (~50-60 vulnerable boxes), and a practical lab test at the end. OSCP
After you’ve completed the OSCP, then you have enough knowledge to continue directly down the cert path, and the courses (in combination with the certs) put out by Offensive Security contain enough good content to where you don’t have to study other resources. The certification path from here on out splits into two different areas: Technical, and management.
If you’re at this point, getting past the OSEE, you can pretty much walk into any offensive-based job, slap you’re cert on the table, and they’ll hire you. You don’t need my help anymore here.
Now, here's the management path:
Having the technical background of the OSCP, plus a CISSP, PMP, and MBA would create an extremely potent executive - one who can understand the technical details and risk, and who then could translate that into verbiage that other executives could understand.
So, you’re overall standard security offensive certification path should look something like:
OR
Now, for the Defensive-based side.
Congrats! If you feel like you're up for a challenge then I'd say go for it as long as you feel like you've got a good support structure in and out of the company. To answer your question, my transition was somewhat mentored by my old boss followed by an abrupt changeout of new-boss-for-newer boss. If I could do anything differently from that time period, it would've been to force the issue of getting performance metrics on my own terms rather than waiting for someone to tell me what my team's metrics would be.
In case any of these might help I'll offer a couple quick considerations/suggestions:
Best of luck!
Never lie. That said I have been "unqualified/underqualified" for every position I have held if you look at measures like years of experience. This isn't a deal breaker. Put yourself in the hiring managers shoes. If you want to have a team that is working on bleeding edge technology and projects you have to make some compromises on experience. Particularly if you don't have a enormous budget to throw around. The critical things I look for are below.
Smart - I deal with complex problems everyday. A requirement for working with my team is that you can keep up.
Passion - Am I hiring someone who is passionate about the work and role. Do you work with this stuff in the spare time or just for a paycheck.
Ambition - If their is a gap in skills is the applicant going to work hard to fill the gap as quickly as possible. Would you read books and do research to learn the concepts.
Attitude - Are they a good fit for the team. Can I explain what needs to be done and count on you to solve problems and proactively tell if you are struggling.
Look for smaller companies where you will have the opportunity to wear as many hats as possible. The pay will be lower but your playing a long game with your career :) get the experience and find out which hat you like best.
Here is are two great books on the topic.
https://www.amazon.com/Smart-Gets-Things-Done-Technical/dp/1590598385
https://www.amazon.com/gp/aw/d/1119087252/ref=mp_s_a_1_6?ie=UTF8&qid=1484396909&sr=8-6&pi=SL75_QL70&keywords=stretch+book
Good luck!
Oh and when you land that next position. This book will help get you off on the right foot.
https://www.amazon.com/gp/aw/d/1422188612/ref=mp_s_a_1_1?ie=UTF8&qid=1484397012&sr=8-1&pi=SL75_QL70&keywords=first+ninety+days
Absolutely love being a pentester and the cyber security industry. If you are willing to put in the time and study it can be very rewarding. CEH is a good step in the right direction and should open doors for you.
For entry level positions, pentesting is usually split into two areas, web application and internal/external infrastructure. It's good to have knowledge of both but it's worth choosing which area interests you the most. Personally, I specialise in web applications & API and there is a lot of online resources to help you. (As you have mentioned owasp top 10, I'll assume web apps is your interest)
The best way to learn a vulnerability and get a good understanding is to create vulnerable web pages (this also gives you something to take into an interview). I would suggest doing some basic LAMP stack (Linux, Apache, Mysql, PHP) - Don't let this put you off as it's actually pretty simple. If you can make a few vulnerable pages to display vulnerabilities, you will fly through entry level interviews.
it's really simple to do.. Here is a form that is vulnerable to cross-site scripting. (a few lines of php with some html)
---
<form method="POST" action="">
<p> <input type="text" name="xss"/></p>
<input type="submit">
<?php
$value = $_POST['xss'];
echo $value;
?>
Reading Material:
https://www.amazon.co.uk/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470
https://www.amazon.co.uk/Network-Security-Assessment-Know-Your/dp/149191095X
Practical learning
DVWA (Damn Vulnerable Web App) - Purposely vulnerable web pages to practice exploiting.
http://www.dvwa.co.uk/
Once you have a bit of experience have a look at hackthebox
https://www.hackthebox.eu/
Fiction Books
Cryptonomicon - Very few books make up a cypher system based on playing cards, have a story that spans WW2 through the present day and in large part revolve around creating an alternate digital currency, a data haven and startup life.
Neuromancer - this is the book that created cyberpunk and that inspired all those bad movie ideas about hacking in 3D systems. That being said, it marked a real turning point in SciFi. Without this book "cyber" security specialists would probably be called something else.
Snow Crash - This is much more breezy than the other two but still has very recognizable hacking/security elements to it and is just fun.
Non Fiction
Surely You're Joking Mr. Feynman - This isn't a book about technology so much as deduction and figuring things out (while being hilariously entertaining).
I included all these here in large part because they are what inspired me to get into development and sysadmin work and I bet that I'm about 20 years older than you if you're just getting into the field - so there's a decent chance that your coworkers are into them too.
Powershell in 30 days of Lunches is what I buy for all my team members expressing an interest. It is hands down one of the best books to start with that I have found and my team recommends.
Also check out /r/PowerShell
Pick up Powershell in a month of lunches and grab a free month trial of pluralsight. Two great resources for learning the basics.
For your lab, check on your local craigslist; someone is always getting rid of some gear there. If not there try EBay, can’t swing a dead cat without hitting a CCNA lab kit like these: Cisco Lab Kit
Once you have lab equipment, get some windows servers spun up as that will make learning powershell both applicable and rewarding to you.
Pluralsight has some good videos for the MCSA Server 2012. If you sign up for Visual Studio Dev Essensials, you can get a free 3 months with Pluralsight.
https://www.visualstudio.com/free-developer-offers/
I should add, if you're going for the MCSA cert, I've heard it's Powershell heavy. You can get started with Powershell with Learn Windows PowerShell in a Month of Lunches
I think the Powershell in a Month of Lunches series is considered pretty good.
Learn Linux
http://linuxcommand.org/tlcl.php
Learn Power shell / BASH
https://www.amazon.co.uk/Learn-Windows-PowerShell-Month-Lunches/dp/1617294160/ref=sr_1_1?ie=UTF8&amp;qid=1527669274&amp;sr=8-1&amp;keywords=powershell+in+a+month+of+lunches
Learn Programming in Python
https://www.amazon.co.uk/Python-easy-steps-Mike-McGrath/dp/1840785969/ref=sr_1_1?ie=UTF8&amp;qid=1527669308&amp;sr=8-1&amp;keywords=python+in+easy+steps
I have personally used the Python and the Linux book I highly recommend them.
https://www.educational-business-articles.com/5-step-problem-solving/
A lot has come from on the job experience, but it also comes from setting goals for myself.
In December I knew nothing about Windows PowerShell, so I started researching. I bought Learn Windows PowerShell 3 in a Month of Lunches. I used that to start making some automated AD reports.
My other goals for this year are Security+ by June 31st. Then read Learn Windows PowerShell Toolmaking in a Month of Lunches in July. And finally get Linux+ by December 31st.
This is my most aggressive year, mainly because I am starting to feel stagnant in my current job.