Best products from r/cybersecurity
We found 47 comments on r/cybersecurity discussing the most recommended products. We ran sentiment analysis on each of these comments to determine how redditors feel about different products. We found 56 products and ranked them based on the amount of positive reactions they received. Here are the top 20.
1. UNIX and Linux System Administration Handbook, 4th Edition
- New
- Mint Condition
- Dispatch same day for order received before 12 noon
- Guaranteed packaging
- No quibbles returns
Features:
2. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide
- Sybex
Features:
3. Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers
- Syngress
Features:
4. Hacking: The Art of Exploitation, 2nd Edition
- Easy to read text
- It can be a gift option
- This product will be an excellent pick for you
Features:
5. Rtfm: Red Team Field Manual
- 98dB of room filling, crystal clear sound with less than 1% total harmonic distortion (Sound Pressure Level measured using pink noise at 1 meter, C-weighted. Total harmonic distortion calculated as electrical measurement of amplifier distortion)
- Deep Bass Modules add serious low end frequency without the need for an external subwoofer
- Connect to your TV with an easy, one-cable setup (analog and digital cables included in the box) - The perfect complement to any small to medium size HDTV
- Wirelessly stream your music from a smartphone or tablet via Bluetooth
Features:
6. CompTIA Security+ Guide to Network Security Fundamentals - Standalone Book
- There are two types of people in this world.. 1) Those who can extrapolate from incomplet data
- Lightweight, Classic fit, Double-needle sleeve and bottom hem
Features:
8. Cybersecurity Incident Response: How to Contain, Eradicate, and Recover from Incidents
- Individually packaged (12x42 inch each) 100% Viscose Rayon exfoliating scrub bath scrub.
- As it shrinks after soaked in water, it needs to be stretched back to tightly fit user’s hand to provide the best surface tension and the rough feel idealized for exfoliating purposes.
- Made of 100% Viscose Rayon from naturally occurring fibers ideal for revitalizing skin by improved circulation; machine washable.
- Gentle scrubbing will remove dead (and dry) skin cells and clean skin pores to eliminate blackheads.
- Monthly usage will ensure healthy and smooth skin that is blemish and blackhead free with diminished wrinkles (due to improved collagen) and long length (42 inches) allows easy reach for back and feet wash and the results will be immediate and last for weeks.
Features:
10. The Hacker Playbook 2: Practical Guide To Penetration Testing
- ISBN13: 9781449381653
- Condition: New
- Notes: BRAND NEW FROM PUBLISHER! 100% Satisfaction Guarantee. Tracking provided on most orders. Buy with Confidence! Millions of books sold!
Features:
11. Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder.
- 98dB of room filling, crystal clear sound with less than 1% total harmonic distortion (Sound Pressure Level measured using pink noise at 1 meter, C-weighted. Total harmonic distortion calculated as electrical measurement of amplifier distortion)
- Deep Bass Modules add serious low end frequency without the need for an external subwoofer
- Connect to your TV with an easy, one-cable setup (analog and digital cables included in the box) - The perfect complement to any small to medium size HDTV
- Wirelessly stream your music from a smartphone or tablet via Bluetooth
Features:
12. MSI PS63 Modern-096 15.6" Ultra Thin and Light Professional Laptop Intel Core i7-8565U GTX1050Ti 8GB DDR4 512GB SSD Win10
- 15. 6" FHD, IPS level Anti-Glare Wide View Angle Thin Bezel 100%sRGB1920x1080 16: 9NVIDIA GeForce GTX1050Ti (Max-Q)4G GDDR5
- NVIDIA GeForce GTX1050Ti (Max-Q)4G GDDR5 HDMI-out 4K @ 30Hz
- HD 512GB M. 2 SATA 8GB (8G*1) DDR4 2666MHz 2 Sockets; Max Memory 32GB
- Cpu Core i7-8565u 1. 8 - 4. 6GHz Intel PTT
- USB 3. 1 Gen 1 Type C (with Display)*1 USB 3. 1 Gen2 *1; 3. 1 Gen1*2 (1 Port support QC3. 0) Wireless Intel 9560 Jefferson Peak (2x2 802. 11 ac) BT 5 720p HD Webcam
Features:
14. The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities (Volume 1 of 2)
- Used Book in Good Condition
Features:
15. CompTIA Security+ All-in-One Exam Guide, Fifth Edition (Exam SY0-501)
- High Quality Steel Construction
- Hands Free Ball Pick Up
- It is Patented
Features:
16. Black Hat Python: Python Programming for Hackers and Pentesters
- No Starch Press
Features:
18. Think Like a Hacker: A Sysadmin's Guide to Cybersecurity
- ⭐️ AWARD WINNING - Reviewed by OB/GYN’s & Chiropractors. Won awards from Baby Maternity Magazine, Mom’s Choice and the New York Baby Show. Other pregnancy pillow brands can’t say that.
- ⭐️ POOL OR BED - Cozy Bump's extra thick bed allows you to feel secure as you're lying on the pillow in the pool or bed. Other prenatal brands are thin and you can feel your pregnant stomach touching the ground.
- ⭐️ RELIEVE LOWER BACK PAIN - The patented decline in the leg section of the pillow allows gravity to kick in and decompress your spine. Other maternity cushions don’t have a decline so there is no back support.
- ⭐️ FITS ALL BELLYS - The adjustable bump allows you to adjust the size of the hole in sleeper to fit your tummy. If you need an even larger hole for your body, you can flip the bed over to find your comfort.
- ⭐️ INFLATABLE - Float and rest in the pool or ocean. Blow up the Cozy Bump easily with an air pump (sold separately) and use it alternately as a raft.
Features:
People have recommended some good things, but as a student myself i will tell you this: Before moving into advanced things, PLEASE - learn the basics. Learn how operating systems work and how to use them in an administrative capacity (Yes, that means Windows AND Linux. I notice a lot of my peers are uninterested in Windows administration but from what I've gathered most organizations are windows shops). Learn basic to intermediate networking, this is a MUST. Programming is not a requirement to going into security but i'll tell you this; it'll really help you gain a better understanding of how computers work, as well as give you that extra set of skills to pull out of your pocket when trying to solve a problem. If anything I recommend learning something like Python, or C.
​
Also, a personal opinion of mine is: Only learning what college teaches you is not enough for security, regardless of if you want to go blue team or red team, or do malware analysis/reverse engineering. You should be self learning outside of school as well. Set up a home lab (/r/homelab) to familiarize yourself with different systems, and to get hands on experience with different technologies. It will teach you so much, and when you go for that first entry position your interviewers will be impressed with everything you know. Mine certainly were, and not to sound cocky but I'm still in school to graduate next year and I got an internship, got hired on part time during the school year because they were impressed with my performance during the internship, which is to be converted to a full time employee should I wish to continue working there when I graduate.
Put in the work and you'll be rewarded. So many people skip the basics because it's not as "fun" or interesting, but especially in security- you can't keep building on top of something that doesn't have a good foundation or you'll end up with a mess. If you know the basics you'll be able to work on basic things, and then the more advanced things as well once the ground is solid.
​
Also, don't listen to everything they teach you in school. Depending on your school a lot of the information security curriculum may be very outdated (10-15 years old). Learning older things is useful, but you really need to learn newer stuff as well because new things pop up every single day. You can try getting your CompTIA A+, Network+, and Security+ to cover some of the basics. That will really help you - it's pretty much first year curriculum.
​
Edit: NoStarch books are some of my favorite security(and programming) books
and CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide by Darril Gibson is one of the best books for the Security+ test. Professor Messer's free videos are absolutely amazing.
Early 30s is definitely not too late. I also have a bachelors in psychology and I made the jump to infosec four years ago at forty-one. Here is the blueprint for people starting from scratch:
You should be aiming to eventually get a position as a Security Operations Center (SOC) analyst.
A SOC analyst position gives you some insight into a whole range of different information security problems and practices. You'll see incoming recon and attacks, your org's defenses and responses, and the attacker's counter responses. You'll get experience using a SIEM. You'll become familiar with all of the tools in place and start to figure out what works and what doesn't. You'll learn the workflow of a security team and what the more senior engineers do to protect the enterprise. After a couple of years, you'll probably have a much better idea about your own interests and the path you want to pursue in your career.
Here's how you get there:
Step 1: Get the Network+ certification (Skip the A+, it's a waste of time for your purposes). You MUST understand IPv4 networking inside and out, I can't stress that enough. A used Net+ study guide on Amazon should be less than $10. Professor Messer videos are great and free: https://www.youtube.com/user/professormesser
Mike Meyers has about the best all in one Network + book out right now, you can get that from Amazon. You can also check out Mike Meyers' channel on Youtube, he has a lot of Network+ videos: Mike Meyers Network+
Step 2: Start learning some basic Linux. The majority of business computing is done on a unix type platform, this will not change anytime soon.
For Linux, I'd highly recommend "Unix and Linux System Administration Handbook" by Evi Nemeth, et al. The information is presented in a way that is comprehensible to regular people. You can get a used copy of the fourth edition for about $15.00. The second edition got me through my first three jobs back in the day :) Sys Admin Handbook
Step 3: Start looking for helpdesk or tech support jobs. You have to do a year or two there to get some practical experience. If you can use your Community College Career Center to get an internship instead which would line you up for a SOC job then do so.
Step 4: Get the Security+ certification.
Step 5: While in your tech support job try to do every security related task you can.
Step 6: Attend Bsides conferences (very cheap), there is almost certainly one within a couple hours of you.http://www.securitybsides.com/w/page/12194156/FrontPage
Step 7: Join a local hackers group similar to NoVA Hackers or Dallas Hackers.
Step 8: Network with everyone you can at security conferences and in your hackers group.
Step 9: After you get those certs and some technical work experience, apply for every SOC position you can. It might be difficult to move, but you might have to consider moving to a tech hub because that's where the jobs are. Seattle, San Francisco and NYC are all outrageously expensive so consider some up and coming tech cities like Dallas, Raleigh NC, Nashville or Austin. Mastercard's infosec dept. is out of St. Louis now. KPMG has a huge facility in Orlando. Dallas Hackers
Step 10: Take the free online Splunk Fundamentals class while you're waiting.
Step 11: Keep going until you get that SOC analyst job.
Guess what, you're an infosec professional!
That SOC analyst job should pay between $50K and $60K. You'll stay there for a year to eighteen months and get a couple more certifications, then leave for a new job making $75K to $85K. After five years in the tech/cybersecurity industry you should be at $100K+.
The program above is mainly for people that are starting from absolute scratch and using no resources beyond the Internet. If you're actually in some sort of formal program I'd also highly recommend at least one programming class, preferably in python. Being able to automate tasks is an invaluable skill as a SOC analyst and will set you apart from those that can't.
If you really want it, you can do it. Determination is by far the most necessary trait for a successful IT career, way more important than talent, connections, or intelligence (though of course those are all nice).
Based on reading some of your comments it looks like what you are really asking about is "how do I learn security engineering?"
The answer is by reading resources that explicitly teach the concept, because it is a specific discipline that blends software engineering, systems engineering, and computer security theory. It is probably most properly classified as a sub-discipline of systems engineering, so reading about systems engineering in general can be useful as well.
The following do not teach you "how to hack" they teach "how to look at this system/application from a security point of view" which seems to be what you are looking for.
Resources:
Both of those books can be bought through Amazon or there are PDFs online. I have the first two and am now buying the last one after reading a bit of the PDF I found.
Be warned, the last two books are very large. The second one would probably cover two semesters worth of material. The last one is nearly 1200 pages across two volumes.
The MIT videos are great.
Regardless of the above, Security+ or equivalent would give you a base level of knowledge from which you could get more out of the above materials. You can get Sec+ study guides online cheap/free, either in book or articles or video lecture form. Cybrary has great free cybersec lecture courses including Sec+.
It's never too late. I didn't get into the field until my mid 20s. It really just takes an interest and a desire to learn. Cyber security is a pretty large field so play around in the different sub-fields and find the one(s) that interest you.
Here are some resources to get you started:
Books:
Wargames:
Programming (My opinions):
Hope this helps and welcome to the world of cyber security (it is very addicting -- you have been warned lol)!
https://www.amazon.com/gp/product/1337288780/ref=ppx_yo_dt_b_asin_title_o05_s00?ie=UTF8&psc=1
This was the book I used. I originally rented it for a class, but had to change my schedule up so I just decided to keep it and start studying. I would definitely read another though. Or watch Professor Messers videos if I were to study again. I feel like the book I used was really good, but I definitely would have been more prepared had I used another dedicated study material. Had I rented a second book, I would have rented this one
https://www.amazon.com/CompTIA-Security-Guide-Fifth-SY0-501/dp/1260019322/ref=sr_1_5?crid=14IBV4EVTTAYM&keywords=comptia+security%2B&qid=1562432800&s=books&sprefix=comptia%2Cstripbooks%2C171&sr=1-5
I used their COMPTIA IT Essentials book and I thought it was very good. Those would be my personal recommendations for books, because they are what I am familiar with. I think if you can, you should absolutely watch Messer's videos though. They are really amazing.
Depends on what you want to do. Pen Testing, Network Security, Reverse Engineering?
As peebee stated, learn the stack, protocols, ports and the basics of Networking.
If you want to get into pen-testing...
Good place I started is: https://www.offensive-security.com/metasploit-unleashed/
Good way to get into the Kali Distro and learn how to run Metasploit against vulnerable VM's.
Take a look at https://www.vulnhub.com/resources/ for books, and vulnerable VM's to practice on.
https://www.cybrary.it/ is also a good place with tons of videos on Ethical Hacking, Post Exploitation, Python for Security, Metasploit, etc.
Pick up some books such as
The Hacker Playbook 2: Practical Guide To Penetration Testing
Hacking: The Art of Exploitation
Black Hat Python: Python Programming for Hackers and Pentesters
Rtfm: Red Team Field Manual
The Hackers Playbook and The Art of Exploitation are great resources to get you started and take you step by step on pen testing that will allow you to alter explore the endless possibilities.
Pick up some training in Rub/Python/Assembly since they will be generally used in exploitation and crafting exploits against vulnerabilities. Learning some PHP/HTML will also be good since you will be looking a lot into that.
After understanding it all and practicing try for the OSCP - Offensive Security Certified Professional Certificate. The class is 30,60, or 90 days long (depending on you choice) and will take you by the hand and teach you hands on on how to pen test, enumerate scans, find vulnerabilities, exploit them, traverse networks, etc. After the class is up you will be given a 24 hour exam. Goal is to hack the systems and document the process. I believe this is the best method personally to get into pen testing and learn the basics of it.
Unfortunately, most of the university programs lag significantly behind industry. I've interviewed candidates with graduate degrees in cybersecurity that were not aware of most modern techniques used to find persistent adversaries. The good things those programs provide is a broad coverage of information security as a whole.
I saw you mention "finding the vulnerabilities before the bad guys do". Unfortunately, in the real world the code is either unpublished and you're a software security consultant, analyst, or tester, or it is published and you're fixing a hole that the adversary has already discovered. If your interest is in the software security side, I would recommend two books above all others.
The 24 Deadly Sins of Software Security: https://www.amazon.com/Deadly-Sins-Software-Security-Programming/dp/0071626751?_encoding=UTF8&%2AVersion%2A=1&%2Aentries%2A=0
Writing Secure Code: https://www.amazon.com/Writing-Secure-Code-Strategies-Applications/dp/0735617228/ref=sr_1_1?s=books&ie=UTF8&qid=1499038741&sr=1-1&keywords=writing+secure+code
That said, there is also a lot of work in the systems engineering side of the house - along the lines of credential theft and secure enterprise design. If you think this might be interesting to you, I would recommend reading papers such as these:
Microsoft Pass the Hash Whitepaper: https://www.microsoft.com/en-us/download/details.aspx?id=36036
Think Like a Hacker (shameless plug for my book): https://www.amazon.com/Think-Like-Hacker-Sysadmins-Cybersecurity/dp/0692865217/ref=sr_1_sc_1?ie=UTF8&qid=1499038880&sr=8-1-spell
Cybersecurity is typically broken into various subfields, such as reverse engineering, forensics, threat intelligence, and the like - each with its own set of tools and skills. Ultimately, I would recommend attending a decent hacking conference such as DEFCON, DerbyCon, ShmooCon, or the like to get familiar with the field.
+1 to RTMAL11 on the Krebs on Security suggestion. I love reading the blog. Cybersecurity and Cyberwar: What Everyone Needs to Know is also a book I enjoyed. In terms of quick read, I recommend a report on the 2016 threat landscape (needs your info to get the free copy). I also just started reading "The Dark Net" by Jamie Barlett. Good stuff.
Google has a free python course that is great as an introductory: https://developers.google.com/edu/python/
I'd also recommend a book called Violent Python: https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579 (ISBN-13: 978-1597499576 )
Violent Python is written with cyber security in mind and has plenty of code samples where python is applied with cyber security in mind. I'd also highly recommend following Mark Baggett on twitter (I believe he was the technical editor for the book) as the man is an absolute python genius. He always shares inciteful info related to cyber security and usually goes into the very technical analysis of what he shares.
Starter for 10;
https://www.amazon.co.uk/Rtfm-Red-Team-Field-Manual/dp/1494295504
https://www.amazon.co.uk/Blue-Team-Handbook-condensed-Responder/dp/1500734756/ref=sr_1_1?s=books&ie=UTF8&qid=1485807594&sr=1-1&keywords=blue+team+incident+response
That should start the digging of the rabbit hole.
Edit: I should elaborate a bit, I've been purposefully obtuse. What makes a good Security Engineer? Curiosity, wanting to know how things work, understanding how things tick and really get under the hood of what makes those ones and zeros truly shine. If the above two doesn't get your curious and open your eyes to the MASSIVE amount of learning you need to do, as well as the potential rewards/pitfalls/overwhelming feelings, then move along. ;-)
A lot depends on the school and the program- some are operations focused, others are management focused. What school are you going to? It sounds like you're pretty well ahead already, so I wouldn't worry too much, especially as you will be reading a lot for school, but if I had to give you one book, I'd go with the Hacker's Playbook https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing-ebook/dp/B07CSPFYZ2. Its a far better book that the for dummies series.
GIAC GSE here and I had successfully pass 4-5 GIAC certification via self-study. I can relate your situation completely since I am exactly in the same situation as you 8 years ago.
​
Google up the course authors and buy their Amazon books. Countermeasure Art Active Defense is by John Strand and a course author/instructor for GCIH. The content may be different by underlying concepts is always the same. Buy those books that are written by people who had an affiliation with SANS in a way or another.
​
If books by SANS affiliated authors are not available, then get those books with high reviews that are related to the topic you are studying for.
​
https://www.amazon.com/Offensive-Countermeasures-Art-Active-Defense-ebook/dp/B00DQSQ7QY
https://www.amazon.com/gp/product/B01M3USWQ2/ref=dbs_a_def_rwt_bibl_vppi_i2
https://www.amazon.com/Cybersecurity-Incident-Response-Eradicate-Incidents/dp/1484238699
​
Once you are done with the books, indexed them and buy a practice test to test the book's contents against the exam. Google up any information that the books don't cover and print them out. If you can pass the practice test with those books, then you will do well to pass the exams with those books + google printouts on the actual exams.
You will definitely want to learn Python.
Something like this book would give you a solid foundation.
http://www.amazon.ca/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579/ref=sr_1_1?ie=UTF8&qid=1452120799&sr=8-1&keywords=violent+python
You might want to look into CISM and CISSP for certifications.
http://www.tomsitpro.com/articles/information-security-certifications,2-205.html
You can also look into a CyberSecurity meetup group in your area, or you could start your own and learn off of other people.
Check out this stickied post
Its a lot of good stuff posted there. If you're looking for just the basics and general information, not so much the what is happening now, check these things out:
Watch the videos here:
https://www.professormesser.com/security-plus/sy0-501/sy0-501-training-course/
Buy and read this book:
CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide https://www.amazon.com/dp/1939136059/
With sufficient study you should be able to pass the exam within a month.
Good luck!
I'd be very surprised if you haven't heard or got these given your certs! Either way highly recommend the Blue Team Field Manual and Red Team Field Manual
I'd sit on /r/laptopdeals and /r/buildapcsales (with a laptop filter) for a few days looking for a decent CPU, and then whenever you find a laptop check it against Crucials upgrade tool to see if you could shove enough RAM and memory in it to make you happy at https://www.crucial.com/usa/en/upgrades.
Personally, I own https://www.amazon.com/gp/product/B07WLVXPYP/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&psc=1 and when I have some more money laying around I'll shove in more RAM up to it's maximum 32gb ( https://www.crucial.com/usa/en/compatible-upgrade-for/MSI-(Micro-Star)/ps63-modern) and pickup a larger drive.
I’ve been in the industry for a while and don’t have any cert’s. I’m currently studying for my Security+. I’m 90% sure I could pass the test even without studying but I don’t want to have a chance of wasting the money. I’ve got this book and I think it gives a good overview of the industry.
CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide https://www.amazon.com/dp/1939136059/ref=cm_sw_r_cp_api_i_wkayDbJYN4DMW
This book is incredibly helpful:
https://www.amazon.com/Defensive-Security-Handbook-Practices-Infrastructure-ebook/dp/B06Y18XC5Y/ref=sr_1_2?ie=UTF8&qid=1542398653&sr=8-2&keywords=security+handbook
This was a good book - https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing/dp/1512214566
The blue team handbook is good too
https://www.amazon.com/Blue-Team-Handbook-condensed-Responder/dp/1500734756