Top products from r/cybersecurity

We found 42 product mentions on r/cybersecurity. We ranked the 56 resulting products by number of redditors who mentioned them. Here are the top 20.

Next page

Top comments that mention products on r/cybersecurity:

u/Milkmanps3 · 2 pointsr/cybersecurity

People have recommended some good things, but as a student myself i will tell you this: Before moving into advanced things, PLEASE - learn the basics. Learn how operating systems work and how to use them in an administrative capacity (Yes, that means Windows AND Linux. I notice a lot of my peers are uninterested in Windows administration but from what I've gathered most organizations are windows shops). Learn basic to intermediate networking, this is a MUST. Programming is not a requirement to going into security but i'll tell you this; it'll really help you gain a better understanding of how computers work, as well as give you that extra set of skills to pull out of your pocket when trying to solve a problem. If anything I recommend learning something like Python, or C.


Also, a personal opinion of mine is: Only learning what college teaches you is not enough for security, regardless of if you want to go blue team or red team, or do malware analysis/reverse engineering. You should be self learning outside of school as well. Set up a home lab (/r/homelab) to familiarize yourself with different systems, and to get hands on experience with different technologies. It will teach you so much, and when you go for that first entry position your interviewers will be impressed with everything you know. Mine certainly were, and not to sound cocky but I'm still in school to graduate next year and I got an internship, got hired on part time during the school year because they were impressed with my performance during the internship, which is to be converted to a full time employee should I wish to continue working there when I graduate.

Put in the work and you'll be rewarded. So many people skip the basics because it's not as "fun" or interesting, but especially in security- you can't keep building on top of something that doesn't have a good foundation or you'll end up with a mess. If you know the basics you'll be able to work on basic things, and then the more advanced things as well once the ground is solid.


Also, don't listen to everything they teach you in school. Depending on your school a lot of the information security curriculum may be very outdated (10-15 years old). Learning older things is useful, but you really need to learn newer stuff as well because new things pop up every single day. You can try getting your CompTIA A+, Network+, and Security+ to cover some of the basics. That will really help you - it's pretty much first year curriculum.


Edit: NoStarch books are some of my favorite security(and programming) books

and CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide by Darril Gibson is one of the best books for the Security+ test. Professor Messer's free videos are absolutely amazing.

u/sold_myfortune · 3 pointsr/cybersecurity

Early 30s is definitely not too late. I also have a bachelors in psychology and I made the jump to infosec four years ago at forty-one. Here is the blueprint for people starting from scratch:

You should be aiming to eventually get a position as a Security Operations Center (SOC) analyst.

A SOC analyst position gives you some insight into a whole range of different information security problems and practices. You'll see incoming recon and attacks, your org's defenses and responses, and the attacker's counter responses. You'll get experience using a SIEM. You'll become familiar with all of the tools in place and start to figure out what works and what doesn't. You'll learn the workflow of a security team and what the more senior engineers do to protect the enterprise. After a couple of years, you'll probably have a much better idea about your own interests and the path you want to pursue in your career.

Here's how you get there:

Step 1: Get the Network+ certification (Skip the A+, it's a waste of time for your purposes). You MUST understand IPv4 networking inside and out, I can't stress that enough. A used Net+ study guide on Amazon should be less than $10. Professor Messer videos are great and free:

Mike Meyers has about the best all in one Network + book out right now, you can get that from Amazon. You can also check out Mike Meyers' channel on Youtube, he has a lot of Network+ videos: Mike Meyers Network+

Step 2: Start learning some basic Linux. The majority of business computing is done on a unix type platform, this will not change anytime soon.

For Linux, I'd highly recommend "Unix and Linux System Administration Handbook" by Evi Nemeth, et al. The information is presented in a way that is comprehensible to regular people. You can get a used copy of the fourth edition for about $15.00. The second edition got me through my first three jobs back in the day :) Sys Admin Handbook

Step 3: Start looking for helpdesk or tech support jobs. You have to do a year or two there to get some practical experience. If you can use your Community College Career Center to get an internship instead which would line you up for a SOC job then do so.

Step 4: Get the Security+ certification.

Step 5: While in your tech support job try to do every security related task you can.

Step 6: Attend Bsides conferences (very cheap), there is almost certainly one within a couple hours of you.

Step 7: Join a local hackers group similar to NoVA Hackers or Dallas Hackers.

Step 8: Network with everyone you can at security conferences and in your hackers group.

Step 9: After you get those certs and some technical work experience, apply for every SOC position you can. It might be difficult to move, but you might have to consider moving to a tech hub because that's where the jobs are. Seattle, San Francisco and NYC are all outrageously expensive so consider some up and coming tech cities like Dallas, Raleigh NC, Nashville or Austin. Mastercard's infosec dept. is out of St. Louis now. KPMG has a huge facility in Orlando. Dallas Hackers

Step 10: Take the free online Splunk Fundamentals class while you're waiting.

Step 11: Keep going until you get that SOC analyst job.

Guess what, you're an infosec professional!

That SOC analyst job should pay between $50K and $60K. You'll stay there for a year to eighteen months and get a couple more certifications, then leave for a new job making $75K to $85K. After five years in the tech/cybersecurity industry you should be at $100K+.

The program above is mainly for people that are starting from absolute scratch and using no resources beyond the Internet. If you're actually in some sort of formal program I'd also highly recommend at least one programming class, preferably in python. Being able to automate tasks is an invaluable skill as a SOC analyst and will set you apart from those that can't.

If you really want it, you can do it. Determination is by far the most necessary trait for a successful IT career, way more important than talent, connections, or intelligence (though of course those are all nice).

u/doc_samson · 1 pointr/cybersecurity

Based on reading some of your comments it looks like what you are really asking about is "how do I learn security engineering?"

The answer is by reading resources that explicitly teach the concept, because it is a specific discipline that blends software engineering, systems engineering, and computer security theory. It is probably most properly classified as a sub-discipline of systems engineering, so reading about systems engineering in general can be useful as well.

The following do not teach you "how to hack" they teach "how to look at this system/application from a security point of view" which seems to be what you are looking for.


  • NIST SP 800-160 (read through Appendix F which covers tons of secure design principles -- dense but comprehensive)
  • Security Engineering by Ross Anderson is a phenomenal book and essentially the Bible of security engineering
  • The Art of Software Security Assessment is a great book I literally just found a few minutes ago that covers a tremendous amount of information on how to go about conducting application security audits (process to follow, technical key points to look for, threat model analysis, etc)
  • MIT Computer Security lectures basically an entire semester worth of lectures on how to think about security as an engineer

    Both of those books can be bought through Amazon or there are PDFs online. I have the first two and am now buying the last one after reading a bit of the PDF I found.

    Be warned, the last two books are very large. The second one would probably cover two semesters worth of material. The last one is nearly 1200 pages across two volumes.

    The MIT videos are great.

    Regardless of the above, Security+ or equivalent would give you a base level of knowledge from which you could get more out of the above materials. You can get Sec+ study guides online cheap/free, either in book or articles or video lecture form. Cybrary has great free cybersec lecture courses including Sec+.
u/d0cc0m · 1 pointr/cybersecurity

It's never too late. I didn't get into the field until my mid 20s. It really just takes an interest and a desire to learn. Cyber security is a pretty large field so play around in the different sub-fields and find the one(s) that interest you.

Here are some resources to get you started:


u/_Skeith · 1 pointr/cybersecurity

Depends on what you want to do. Pen Testing, Network Security, Reverse Engineering?

As peebee stated, learn the stack, protocols, ports and the basics of Networking.

If you want to get into pen-testing...

Good place I started is:

Good way to get into the Kali Distro and learn how to run Metasploit against vulnerable VM's.

Take a look at for books, and vulnerable VM's to practice on. is also a good place with tons of videos on Ethical Hacking, Post Exploitation, Python for Security, Metasploit, etc.

Pick up some books such as

The Hacker Playbook 2: Practical Guide To Penetration Testing

Hacking: The Art of Exploitation

Black Hat Python: Python Programming for Hackers and Pentesters

Rtfm: Red Team Field Manual

The Hackers Playbook and The Art of Exploitation are great resources to get you started and take you step by step on pen testing that will allow you to alter explore the endless possibilities.

Pick up some training in Rub/Python/Assembly since they will be generally used in exploitation and crafting exploits against vulnerabilities. Learning some PHP/HTML will also be good since you will be looking a lot into that.

After understanding it all and practicing try for the OSCP - Offensive Security Certified Professional Certificate. The class is 30,60, or 90 days long (depending on you choice) and will take you by the hand and teach you hands on on how to pen test, enumerate scans, find vulnerabilities, exploit them, traverse networks, etc. After the class is up you will be given a 24 hour exam. Goal is to hack the systems and document the process. I believe this is the best method personally to get into pen testing and learn the basics of it.

u/PowershellPoet · 1 pointr/cybersecurity

Unfortunately, most of the university programs lag significantly behind industry. I've interviewed candidates with graduate degrees in cybersecurity that were not aware of most modern techniques used to find persistent adversaries. The good things those programs provide is a broad coverage of information security as a whole.

I saw you mention "finding the vulnerabilities before the bad guys do". Unfortunately, in the real world the code is either unpublished and you're a software security consultant, analyst, or tester, or it is published and you're fixing a hole that the adversary has already discovered. If your interest is in the software security side, I would recommend two books above all others.

The 24 Deadly Sins of Software Security:

Writing Secure Code:

That said, there is also a lot of work in the systems engineering side of the house - along the lines of credential theft and secure enterprise design. If you think this might be interesting to you, I would recommend reading papers such as these:

Microsoft Pass the Hash Whitepaper:

Think Like a Hacker (shameless plug for my book):

Cybersecurity is typically broken into various subfields, such as reverse engineering, forensics, threat intelligence, and the like - each with its own set of tools and skills. Ultimately, I would recommend attending a decent hacking conference such as DEFCON, DerbyCon, ShmooCon, or the like to get familiar with the field.

u/infosecprincess · 3 pointsr/cybersecurity

+1 to RTMAL11 on the Krebs on Security suggestion. I love reading the blog. Cybersecurity and Cyberwar: What Everyone Needs to Know is also a book I enjoyed. In terms of quick read, I recommend a report on the 2016 threat landscape (needs your info to get the free copy). I also just started reading "The Dark Net" by Jamie Barlett. Good stuff.

u/Yukanojo · 1 pointr/cybersecurity

Google has a free python course that is great as an introductory:

I'd also recommend a book called Violent Python: (ISBN-13: 978-1597499576 )

Violent Python is written with cyber security in mind and has plenty of code samples where python is applied with cyber security in mind. I'd also highly recommend following Mark Baggett on twitter (I believe he was the technical editor for the book) as the man is an absolute python genius. He always shares inciteful info related to cyber security and usually goes into the very technical analysis of what he shares.

u/wowneatlookatthat · 3 pointsr/cybersecurity

I'm not sure how it works to specialize your practice, but you might want to pickup the Tallin Manuals:

You probably don't need industry certifications to successfully practice law with a focus in cyber, but then again idk how practicing law actually works. Might have more success asking in one of the lawerly subreddits.

u/davexeno · 4 pointsr/cybersecurity

Starter for 10;

That should start the digging of the rabbit hole.

Edit: I should elaborate a bit, I've been purposefully obtuse. What makes a good Security Engineer? Curiosity, wanting to know how things work, understanding how things tick and really get under the hood of what makes those ones and zeros truly shine. If the above two doesn't get your curious and open your eyes to the MASSIVE amount of learning you need to do, as well as the potential rewards/pitfalls/overwhelming feelings, then move along. ;-)

u/Demonicat · 2 pointsr/cybersecurity

Ok. That is very different than most US schools. You're probably going to need to work hard for that one. I would also suggest the Art of Exploitation to brush up on your advanced programming skills I would also get an account at packt (the free one) and check daily for the free book.

u/HIGregS · 1 pointr/cybersecurity

Although "security through obscurity" by itself is not useful. The book Offensive Countermeasures: The Art of Active Defense by Strand, John; Asadoorian, Paul; Donnelly, Benjamin; Galbraith, Bryce; and Robish, Ethan argues effectively that security through obfuscation can be useful when combined with monitoring and detection.

u/AcadianMan · 2 pointsr/cybersecurity

You will definitely want to learn Python.

Something like this book would give you a solid foundation.

You might want to look into CISM and CISSP for certifications.,2-205.html

You can also look into a CyberSecurity meetup group in your area, or you could start your own and learn off of other people.

u/Joe1972 · 2 pointsr/cybersecurity

These are technical committees that have been working in various topic areas for decades. For any of these areas you will find they have a related annual conference (often a journal too) and if you want to know more you can simply read some past papers, or attend the conference.

You will find all the top academics in the world in most of these topic areas are involved with IFIP TC11. For example, at TC11 this year the following people attended (amongst many many others)

Prof Ravi Sandhu (The guy who came up with role-based access control)

Prof Matt Bishop ( )

Prof Steven Furnell, Prof Gurpreet Dhillon, Prof Johan van Niekerk
These are the people who wrote the ACM / IEEE 's CSEC2017 curriculum. All of them are great to chat to and network with.

u/TwoFoxSix · 9 pointsr/cybersecurity

Check out this stickied post

Its a lot of good stuff posted there. If you're looking for just the basics and general information, not so much the what is happening now, check these things out:

u/intellectualbadass87 · 2 pointsr/cybersecurity

Watch the videos here:

Buy and read this book:

CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

With sufficient study you should be able to pass the exam within a month.

Good luck!

u/Teddy141345 · 1 pointr/cybersecurity

Here is a decently nice set with a clear learning lock (see through).

Here is a 9 piece test lock setup.

This is a tubular picking set.

There are plenty of books and videos online for him to learn from.

u/O726564646974 · 2 pointsr/cybersecurity

I'd be very surprised if you haven't heard or got these given your certs! Either way highly recommend the Blue Team Field Manual and Red Team Field Manual

u/Saft888 · 2 pointsr/cybersecurity

I’ve been in the industry for a while and don’t have any cert’s. I’m currently studying for my Security+. I’m 90% sure I could pass the test even without studying but I don’t want to have a chance of wasting the money. I’ve got this book and I think it gives a good overview of the industry.

CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide