This is a rough list of things that will actually make you better and more employable if you do them, rather than doing another Udemy course, watching YouTube videos, or reading blogposts. Cough.
Get Good at Security:
What You Need to Do:
- First things first, computing fundamentals comes before security. The best way to learn the fundamentals is my Ropper’s Computing Fundamentals Course. Don’t think there is a right way or wrong to enter the field, just make sure you can tread water technically before jumping into security. If you think you already know Linux and the fundamentals, I recommend you check out the Advanced Linux section, I promise you will learn something new.
- The next thing is to learn networking, and I mean actually learn networking. Do the Roppers Learn Networking with CTF course.
- The next step after attaining enough technical knowledge to be dangerous is to build a home lab. This doesn’t mean you need server racks, just at least a computer that can run 2+ VMs at a time. This is the best resource on the topic by a significant margin: Building Virtual Machine Labs: A Hands-on Guide (Second Edition) . It is pay what you want, so pay what you want, and then set up everything that seems interesting, focusing on the security products. In this you will set up a full network, along with Kali and Metasploitable. What is important is that you will learn how to use Metasploit, but only so that you can create good logs for your security monitoring setup.
- Focus on your SIEM instance and learn every single tool on it
- No seriously. Do this. This is the way.
- At least 95% of security jobs are purely defensive. Practice like you play. this is the single most beneficial thing you can do.
- Do all the labs on this site: https://seedsecuritylabs.org/
- Set up a honeypot that faces the internet and do something with what you catch. Maybe do some basic RE. Look at the logs in Security Onion.
If you have done all of these things, documented them and can talk about them well, make it to an interview and don’t get the job, let me know. Everything else is gravy.
For more information on projects that will improve your resume and are interesting, check this out.