I had a conversation with my uncle Michael recently about getting started with Computer Security. Here are some notes from that call. Input is very much appreciated as I’d like to make it a useful guide 🤓
Dear kids: If you want a job in 5 years, study computer science. If you want a job forever, study computer security.
— Aaron Levie (@levie) December 23, 2014
There doesn’t seem to be a single place/course that is a good starting point. Field is pretty much defined by constant education, constant new attack vectors. Michael’s specialty — forensics and identity management, sometimes border line legal work. It’s a huge field: * Cryptography — why hash, why salted separately, basics (mathematical architecture) * Compression, entropy of information * Database security * Identity management
Steps to get started
Identity management, Cryptography 101
Some links
Latest hacks – https://h1.sintheticlabs.com/ NIST site — http://csrc.nist.gov/ http://sintheticlabs.com/tools.html https://h1.sintheticlabs.com/
//update via Steve Woodrow
- Ryan McGeehan’s set of blog posts (security in the context of growing companies) — https://medium.com/@magoo
- OWASP — https://www.owasp.org
Security courses at universities:
- https://crypto.stanford.edu/cs155/syllabus.html
6.857: Computer and Network Security – Massachusetts Institute of Technology – Spring 2015 – http://courses.csail.mit.edu/6.857/2015/handouts
6.858 / Fall 2015 / Schedule – http://css.csail.mit.edu/6.858/2015/schedule.html