How do I learn more about security? How do I get hands on practice outside school/internships?
- I like TryHackMe a lot for starting out from scratch, it doesn't require much programming knowledge and teaches linux basics
- has some great simple explanations for important concepts like networks and TLS
- better for those who have some knowledge of programming & OS, more challenging than TryHackMe
- a vulnerable python application that lets you learn and patch web vulnerabilities in source code
- best for those with good grasp of web application topics and python
- did I mention you can actually patch vulnerabilities in code? very cool
- a vulnerable web app that teaches you the top web vulnerabilities
- beginner friendly
- videos that give a high-level overview of concepts in application security
- some nice pdfs with lists of common tools used in industry
- a capture the flag game that is permanently available (not just for a competition)
- great beginner challenges
- has nice high-level overviews of security topics like password cracking, cryptography, and vulnerabilities like SQL injection
- a beginner-friendly site with CTF challenges
Cool newsletters, podcasts, and communities to learn
tl;dr sec by Clint Gibler
- weekly email
this week in security by Zack Whittaker
- weekly email
Darknet Diaries by Jack Rhysider
- episodes about major security incidents:
- 19: Operation Aurora, major 2009 cyberattack against big companies like Google
- 29: Stuxnet, 2010 computer worm that damanged Iran's nuclear program
- 53, 71, 72, 73: Wannacry, 2017 ransomware attack on Windows
- 54: NotPetya, 2017 cyberattack on Ukraine
- 86: 2012 Linkedin data breach
- other cool episodes:
- 63: Vodafone Greece & Athens Olympics
- 92: the Pirate Bay
- 93: Kik (started at UWaterloo)
- has local chapters across the world with talks, networking events, conferences
- focused on application security but has people across many areas in security
- great resources to learn like Juice Shop
most of these have student scholarships available
- a local security conference hosted in major cities around the world
- probably has a conference near you, happens yearly
- good quality technical talks, good for networking with local employers & cool security people
- big BSides conferences: BSides San Francisco, BSides Las Vegas
- the big annual hacking conference in summer in Las Vegas
- great hands-on workshops, many CTFs, different "village" groups host content on different areas in security (ie Blue Team Village, AppSec Village, etc)
Usually more research and student focused
- Security Symposium
- Symposium on Usable Privacy and Security (SOUPS)
- Enigma
- also has an annual EU conference
- free to attend virtually since the pandemic
- a casual, virtual beginner-friendly conference
- held annually in Montreal
- focused on reverse engineering
- expensive
- pre-pandemic, used to host IRL event in San Francisco annually
- annually in Las Vegas (& hybrid)
- beginner-friendly events like mentorship, resume workshops, beginner friendly CTF
- annually in the US (variable location)
- has student chapters across the world
not very budget friendly, usually aimed at higher level industry leaders. many vendors come to sell their security products to companies. don't recommend going as a student unless it's free:)
- basically BlackHat in Toronto
- annually in Las Vegas, right before DefCon
are you a UWaterloo student? consider these courses and resources!
- courses
- CO 487: Applied Cryptography
- CS 458/658: Computer Security and Privacy
- CS 758: Cryptography/Network Security
- ECE 628: Computer Network Security
- ECE 716: Communication Security
- check out CrySP's course list (not updated)
- research
- CrySP research group
- runs a speaker series on privacy
- Center for Applied Cryptographic Research
- overarching research group, includes CrySP and other research labs in ECE
- CrySP research group
- financial aid for students attending conferences
- if you're part of the faculty of math, check out funding grants
- if you're in another faculty, you probably have something similar
- KW Cybersecurity meetup group
it's easy to be overwhelmed with resources and information when starting out; make sure to prioritize what's most important for your goals and manage your time outside school/work so you don't burn out. keep it as simple as possible.
I also acknowledge everyone's learning style is different; I learn best with hands-on and visual resources, so most of my list is hands-on workshops or videos. if you learn best through reading, there are many great lists of books out there on security topics.
top resources I used as a beginner with technical background:
- TryHackMe
- Darknet Diaries podcast
- Computerphile youtube channel
- other students interested in security