Version: 1.06
*Added images to the page and added more information in the introduction
STOP: If you haven't passed your CompTIA Security+ certification exam, start there.
*Added images to the page and added more information in the introduction
STOP: If you haven't passed your CompTIA Security+ certification exam, start there.
Introduction
Getting into the cyber security field can be full of frustration for those exiting college or transitioning from another career. The internet is full of paid courses and free classes that are sometimes good but frequently bad. But most often, you are overwhelmed with options.
What if there was a free guide connecting all of these resources together into a concise methodology that also prepares a person for the rigors of a career as an InfoSec Analyst?
This page aims to do just that. I will cut through all the noise and point you in the direction of the need to know. Taking you from aspiring cyber security professional to Junior SOC Analyst.
Not sure if a SOC Analyst role is for you check out my blog on A Day In The Life Of A SOC Analyst.
If you decide this is the path for you, here you will find the best affordable resources for the essential Junior SOC Analyst knowledge!
I promise we won't go into advanced topics, and we won't cover skills that are rarely used. YOU WILL JUST LEARN THE ESSENTIALS.
After this roadmap, feel free to move on to the Intermediate level topics or explore on your own.
As you work your way through the material, make sure you understand and can explain the topics to others. In your interviews, you will likely be asked to do this. Your goal is to get interviews and then do better than other people interviewing so that you get the offer.
If you follow my advice, you should have a shiny new job or be very close to an offer letter by the end of this program.
As a bit of warning, experiences in job hunting do vary. Some people get jobs super fast, but the process takes a longer time in certain circumstances. The job market, the season of the year, what you are looking for in a job, and just plain ole luck can all impact how fast you get your first job.
Be patient with the process, and just keep learning. The more you know, the more competitive a candidate you will be.
In this roadmap we will cover both soft and technical skills. You need both if you are going to land the job. Topics that will be covered are:
The reason this guide is starting with the soft skills is because you need to be ready to interview for jobs at anytime. The listings don't stay up long, so when you see one, take a shot. You don't want the fact that you don't have a resume, holding you back from a job.
Go ahead and start applying. In between interviews, you should be studying the knowledge in this guide, incrementally getting better at the interview process and learning fundamental SOC skills.
What if there was a free guide connecting all of these resources together into a concise methodology that also prepares a person for the rigors of a career as an InfoSec Analyst?
This page aims to do just that. I will cut through all the noise and point you in the direction of the need to know. Taking you from aspiring cyber security professional to Junior SOC Analyst.
Not sure if a SOC Analyst role is for you check out my blog on A Day In The Life Of A SOC Analyst.
If you decide this is the path for you, here you will find the best affordable resources for the essential Junior SOC Analyst knowledge!
I promise we won't go into advanced topics, and we won't cover skills that are rarely used. YOU WILL JUST LEARN THE ESSENTIALS.
After this roadmap, feel free to move on to the Intermediate level topics or explore on your own.
As you work your way through the material, make sure you understand and can explain the topics to others. In your interviews, you will likely be asked to do this. Your goal is to get interviews and then do better than other people interviewing so that you get the offer.
If you follow my advice, you should have a shiny new job or be very close to an offer letter by the end of this program.
As a bit of warning, experiences in job hunting do vary. Some people get jobs super fast, but the process takes a longer time in certain circumstances. The job market, the season of the year, what you are looking for in a job, and just plain ole luck can all impact how fast you get your first job.
Be patient with the process, and just keep learning. The more you know, the more competitive a candidate you will be.
In this roadmap we will cover both soft and technical skills. You need both if you are going to land the job. Topics that will be covered are:
- LinkedIn and Resume Prep
- Finding Appropriate Roles
- Interview Prep
- SIEMs
- Windows
- Networking
- Web Applications
- Attacker Methodology
- Basic Malware Analysis
The reason this guide is starting with the soft skills is because you need to be ready to interview for jobs at anytime. The listings don't stay up long, so when you see one, take a shot. You don't want the fact that you don't have a resume, holding you back from a job.
Go ahead and start applying. In between interviews, you should be studying the knowledge in this guide, incrementally getting better at the interview process and learning fundamental SOC skills.
LinkedIn and Resume Prep
After you have your CompTIA Security+ certification, it is time to get on the job market. All topics below are designed to make your resume look better and help you land interviews.
The two key areas you need to focus on are your LinkedIn Profile and resumes.
Your LinkedIn profile is necessary to attract recruiters looking to fill their ranks with entry-level people. It will also be used to produce a resume optimized for resume scanning software. Recruiters actively search for candidates on LinkedIn. Matter of fact, this is how I landed my first InfoSec job.
Yes, you should have two resumes. One for computers and one for humans.
Often human resource departments get tons of applications for a single job. They use software to help them sort through the pile. The program will scan resumes for keywords and items matching the job requirements. Those that match go into the good pile; all others are discarded.
At first glance, this sounds great, but some human-readable resumes don't scan well. To avoid missing out on a job based on formatting, we use LinkedIn to help.
Read these blogs to set up your LinkedIn and create a software-friendly version.
GETTING INTO INFOSEC: 11 STEPS FOR SETTING UP YOUR LINKEDIN FOR MAXIMUM RESULTS
GETTING INTO INFOSEC: CREATING A RESUME USING YOUR LINKEDIN PROFILE
Assuming you have one already, your human resume is for when humans need to read it. For instance, when a recruiter asks for one. You could also take your pretty resume with you to in-person interviews. I make it a habit to bring one just in case the interviewer doesn’t have a copy.
You want to impress every chance you get. A well-designed resume not only makes it easy for people to read about you, but it is something that can help you stand out from other candidates as well.
In the future, I will add some content to help with the resumes. In the meantime, here is a resume template from simplycyber.io. If you haven't been to the site, check it out. He has tons of free resources for people getting into infosec.
For even more information on resumes check out the, Improve Your Resume page.
The two key areas you need to focus on are your LinkedIn Profile and resumes.
Your LinkedIn profile is necessary to attract recruiters looking to fill their ranks with entry-level people. It will also be used to produce a resume optimized for resume scanning software. Recruiters actively search for candidates on LinkedIn. Matter of fact, this is how I landed my first InfoSec job.
Yes, you should have two resumes. One for computers and one for humans.
Often human resource departments get tons of applications for a single job. They use software to help them sort through the pile. The program will scan resumes for keywords and items matching the job requirements. Those that match go into the good pile; all others are discarded.
At first glance, this sounds great, but some human-readable resumes don't scan well. To avoid missing out on a job based on formatting, we use LinkedIn to help.
Read these blogs to set up your LinkedIn and create a software-friendly version.
GETTING INTO INFOSEC: 11 STEPS FOR SETTING UP YOUR LINKEDIN FOR MAXIMUM RESULTS
GETTING INTO INFOSEC: CREATING A RESUME USING YOUR LINKEDIN PROFILE
Assuming you have one already, your human resume is for when humans need to read it. For instance, when a recruiter asks for one. You could also take your pretty resume with you to in-person interviews. I make it a habit to bring one just in case the interviewer doesn’t have a copy.
You want to impress every chance you get. A well-designed resume not only makes it easy for people to read about you, but it is something that can help you stand out from other candidates as well.
In the future, I will add some content to help with the resumes. In the meantime, here is a resume template from simplycyber.io. If you haven't been to the site, check it out. He has tons of free resources for people getting into infosec.
For even more information on resumes check out the, Improve Your Resume page.
Find Jobs
Finding an entry-level job can be rough. Yes, cyber security lacks professionals but only roles for experienced roles. Entry-level positions like you are looking for are relatively rare. You need to stay on top of the job market to find them and make sure you standout as a candidate.
I am not saying this is an impossible task, far from it. These jobs just won't be handed to you. You need to look at job listings every day because the positions get filled quickly.
For a quick reference on where to find job postings check out my post on the topic:
GETTING INTO INFOSEC: 10 RESOURCES FOR JUNIOR SOC ANALYST JOB LISTINGS IN 2021
Make sure to setup alerts for the keywords:
Although a role may say, junior, the organization will often still look for experienced people. To weed out roles that will waste your time, look for job listings with 0-2 years, 1-2, or no experience requirements.
My list of infosec job sites can be found on the Find a Job page.
To also help with job hunting, get involved in local infosec and IT communities. Networking can be a gamechanger especially to nab that first job. If you are presentable and people like you, they may offer you a job on the spot or offer you a chance to interview.
For more information on this topic, see my blog:
GETTING INTO INFOSEC: 7 WAYS TO GET INVOLVED IN THE INFOSEC COMMUNITY TO NETWORK AND LEARN
I am not saying this is an impossible task, far from it. These jobs just won't be handed to you. You need to look at job listings every day because the positions get filled quickly.
For a quick reference on where to find job postings check out my post on the topic:
GETTING INTO INFOSEC: 10 RESOURCES FOR JUNIOR SOC ANALYST JOB LISTINGS IN 2021
Make sure to setup alerts for the keywords:
- Junior SOC Analyst
- Junior Security Operations Analyst
- Cybersecurity Analyst
- Cyber Security Analyst
Although a role may say, junior, the organization will often still look for experienced people. To weed out roles that will waste your time, look for job listings with 0-2 years, 1-2, or no experience requirements.
My list of infosec job sites can be found on the Find a Job page.
To also help with job hunting, get involved in local infosec and IT communities. Networking can be a gamechanger especially to nab that first job. If you are presentable and people like you, they may offer you a job on the spot or offer you a chance to interview.
For more information on this topic, see my blog:
GETTING INTO INFOSEC: 7 WAYS TO GET INVOLVED IN THE INFOSEC COMMUNITY TO NETWORK AND LEARN
Interview Prep
If you are getting hired with no experience in cyber security, people are taking a significant risk on you. Call it gatekeeping if you want, but your skills are unproven in the work environment. Your future boss doesn’t know if you can learn the skillset.
The good news is you can show them you are worth the risk in two ways; your resume and interview skills.
If you have made it to the interview, your resume did its job. Now you have to dazzle the companies with your brilliance. Tell them all about the things you have been learning.
Your goal in the interviews is to show the companies that you have a great foundation in cyber security and are actively building your skills. You may not be proven, but you can show them that you are as close to a sure bet as possible.
This blog discusses common topics you may be asked about in an interview:
GETTING INTO INFOSEC: TOP 8 JUNIOR SOC ANALYST INTERVIEW QUESTIONS TO STUDY
This video discusses tips that can help you stand out from all the other candidates and helps explain what is going through the minds of the interviewer. If you understand them, you can better prepare:
Junior SOC Analyst Interview Tips to Help You Standout(Video)
Check out the Interview Prep page for links to additional tips on external sites. I will add new ones as I discover them.
The good news is you can show them you are worth the risk in two ways; your resume and interview skills.
If you have made it to the interview, your resume did its job. Now you have to dazzle the companies with your brilliance. Tell them all about the things you have been learning.
Your goal in the interviews is to show the companies that you have a great foundation in cyber security and are actively building your skills. You may not be proven, but you can show them that you are as close to a sure bet as possible.
This blog discusses common topics you may be asked about in an interview:
GETTING INTO INFOSEC: TOP 8 JUNIOR SOC ANALYST INTERVIEW QUESTIONS TO STUDY
This video discusses tips that can help you stand out from all the other candidates and helps explain what is going through the minds of the interviewer. If you understand them, you can better prepare:
Junior SOC Analyst Interview Tips to Help You Standout(Video)
Check out the Interview Prep page for links to additional tips on external sites. I will add new ones as I discover them.
Expand Your Knowledge
Some of this training will require you to get a subscription to a service. However, some of the material is free. I will indicate beside the course title whether it is free or not.
If a subscription is required, it will be a reasonably nominal cost of under $30 a month. These are the best low-cost options I have come across.
As a side note, I don't get any affiliate money or advertising dollars for these suggestions. I love them and use them myself.
If a subscription is required, it will be a reasonably nominal cost of under $30 a month. These are the best low-cost options I have come across.
As a side note, I don't get any affiliate money or advertising dollars for these suggestions. I love them and use them myself.
SIEMs
This is by far the most common tool used by SOC analysts. Logs come in, and analysts can search them quickly to find clues to illuminate the cause of an alert.
Most of your time as a SOC analyst will actually be spent on this tool. The only question is, which tool will your future employer use? Unfortunately, I can't answer that, but I can help you get experience with a very common SIEM.
Experience in a SIEM will help you stand out as a candidate. You will almost always be asked in an interview if you know what a SIEM is. In my experience, most candidates do not, and even fewer have used one. But you will be different. You will have used one and understand how it fits into the cyber security picture.
During your studies, focus on the log sources versus the actual tool. Learn enough of the tool to get your searches working, then spend the rest of your time understanding what you are seeing. The network and Windows logs types will be pretty much the same from company to company.
Training
TryHackMe Splunk 101(THM VIP Access Only) – This class goes through Splunk's must-have skills and a few others.
TryHackMe Splunk 2 (THM VIP Access Only) – This course came from the Boss of the SOC content and will take you through an actual investigation using Splunk. You can’t get a much better experience than this before being on the job. From my experience and participation in Boss Of The SOC, I can tell you that the scenarios are real world.
Most of your time as a SOC analyst will actually be spent on this tool. The only question is, which tool will your future employer use? Unfortunately, I can't answer that, but I can help you get experience with a very common SIEM.
Experience in a SIEM will help you stand out as a candidate. You will almost always be asked in an interview if you know what a SIEM is. In my experience, most candidates do not, and even fewer have used one. But you will be different. You will have used one and understand how it fits into the cyber security picture.
During your studies, focus on the log sources versus the actual tool. Learn enough of the tool to get your searches working, then spend the rest of your time understanding what you are seeing. The network and Windows logs types will be pretty much the same from company to company.
Training
TryHackMe Splunk 101(THM VIP Access Only) – This class goes through Splunk's must-have skills and a few others.
TryHackMe Splunk 2 (THM VIP Access Only) – This course came from the Boss of the SOC content and will take you through an actual investigation using Splunk. You can’t get a much better experience than this before being on the job. From my experience and participation in Boss Of The SOC, I can tell you that the scenarios are real world.
Windows Operating System
One of the first things I like to teach students is the Windows Operating System. Why? Because in most environments, 90% or more of the monitored devices are Windows-based. By understanding how the underlying operating system works, you will best be able to investigate potential threats, know what normal looks like, and be able to analyze artifacts to fill in blanks left by logs. The information in this section will be fundamental to other areas, including Windows Forensics, Memory Analysis, and malware analysis.
In this section you will learn about Windows processes, start-up items, the registry, and available logs.
NOTE: I have skipped Linux intentionally. Most interview questions will be focused on other topics.
In this section you will learn about Windows processes, start-up items, the registry, and available logs.
NOTE: I have skipped Linux intentionally. Most interview questions will be focused on other topics.
Registry
The registry is typically used to configure Windows. However, bad guys use the registry to persist on a computer even after a reboot. As an analyst, you need a basic understanding of this Windows feature to understand how changes are made and which keys are commonly abused.
You will see interactions with the registry through process logs and registry-specific logs.
Training
Windows Registry 1 of 3 by Advanced Digital Forensics- A video that discusses the fundamentals of the registry.
Registry Hives - Official documentation on the registry Hives
Windows Registry - A detail review of the various Windows Hives.
You will see interactions with the registry through process logs and registry-specific logs.
Training
Windows Registry 1 of 3 by Advanced Digital Forensics- A video that discusses the fundamentals of the registry.
Registry Hives - Official documentation on the registry Hives
Windows Registry - A detail review of the various Windows Hives.
Processes
Processes are fundamental to how you interact with an operating system. In fact, anything you do in Windows involves a process in one way or another.
Understanding the relationship between children and parent processes will help you tremendously while you are sleuthing as an analyst.
Looking into the future, in order to grasp more advanced topics such as process hollowing and process injection attacks, you must first learn the basics.
Training
Windows Process Genealogy by 13 Cubed - A video that discusses windows process and normal startup items.
Understanding the relationship between children and parent processes will help you tremendously while you are sleuthing as an analyst.
Looking into the future, in order to grasp more advanced topics such as process hollowing and process injection attacks, you must first learn the basics.
Training
Windows Process Genealogy by 13 Cubed - A video that discusses windows process and normal startup items.
Event Logs
Event logs are how software tracks errors, changes, and interactions. For this training section you will be focused on the Windows Operating System software logs.
As an analyst, these logs will be your primary medium for investigations. The better you understand the different types of logs, the more efficient an analyst you will be. If you are like me, I knew nothing about logs at the beginning of my career.
By the end of this section, you will have an idea of the logs you have to work with and the information contained within.
Training
SANS DFIR Webcast - Incident Response Event Log Analysis - A video that explains various types of logs and uses them to analysis a cyber event.
James Brodsky, Dashing Through the Logs | KringleCon 2019 - A video that covers critical Windows-based security event log sources like Sysmon, and PowerShell.
Windows Event Logs (THM VIP Access Only) – A short course that takes you through using Windows logs and native tools to investigate. I did run into some issues with this one. If you have problems as well, use the guides to get over any speed bumps. This is still one of the better courses on this topic.
Sysmon (THM VIP Access Only) – A course that covers Sysmon, which is like a regular Windows logs but on steroids. Many environments are now choosing to log these types of events as well. Pay attention to EventCodes 1 and 3. They will be your bread and butter for the SOC.
As an analyst, these logs will be your primary medium for investigations. The better you understand the different types of logs, the more efficient an analyst you will be. If you are like me, I knew nothing about logs at the beginning of my career.
By the end of this section, you will have an idea of the logs you have to work with and the information contained within.
Training
SANS DFIR Webcast - Incident Response Event Log Analysis - A video that explains various types of logs and uses them to analysis a cyber event.
James Brodsky, Dashing Through the Logs | KringleCon 2019 - A video that covers critical Windows-based security event log sources like Sysmon, and PowerShell.
Windows Event Logs (THM VIP Access Only) – A short course that takes you through using Windows logs and native tools to investigate. I did run into some issues with this one. If you have problems as well, use the guides to get over any speed bumps. This is still one of the better courses on this topic.
Sysmon (THM VIP Access Only) – A course that covers Sysmon, which is like a regular Windows logs but on steroids. Many environments are now choosing to log these types of events as well. Pay attention to EventCodes 1 and 3. They will be your bread and butter for the SOC.
Active Directory
You can't hop on an organizational network for a large enterprise without running into Active Directory. Administrators use this Windows tool to efficiently manage all the computers, servers, and accounts on a network.
Understanding how administrators use Active Directory will help you understand why attackers often target servers running the service. By the end of this training, you should know what Active Directory is and have some ideas of how it is used.
Training
Active Directory Basics (THM) – A short course on Active Directory. This course teaches you the basics for this prevalent service to make investigation easier for you.
Understanding how administrators use Active Directory will help you understand why attackers often target servers running the service. By the end of this training, you should know what Active Directory is and have some ideas of how it is used.
Training
Active Directory Basics (THM) – A short course on Active Directory. This course teaches you the basics for this prevalent service to make investigation easier for you.
Networking
When studying for certifications, networking is just a bunch of stuff you have to memorize. But, in cybersecurity, you have to use this knowledge to investigate events. You need to double down on this info and start learning how to put it into practice.
Some SOC environments focus more on network activity than system activity. In these environments, you must understand practical networking.
These courses will help reintroduce networking topics to you with a more practical spin.
Training
Network Fundamentals (THM Free and VIP) – A training module that reviews things you should already know, such as the concepts of network LAN and OSI Model. Then it expands on the topics of packets and expanding networks.
How The Web Works (THM Free and VIP) – This is a training module that takes you through the topics of DNS and web services. Both are topics people typically struggle with and they will be in your interviews. Make sure you understand these to set yourself apart from other candidates.
Some SOC environments focus more on network activity than system activity. In these environments, you must understand practical networking.
These courses will help reintroduce networking topics to you with a more practical spin.
Training
Network Fundamentals (THM Free and VIP) – A training module that reviews things you should already know, such as the concepts of network LAN and OSI Model. Then it expands on the topics of packets and expanding networks.
How The Web Works (THM Free and VIP) – This is a training module that takes you through the topics of DNS and web services. Both are topics people typically struggle with and they will be in your interviews. Make sure you understand these to set yourself apart from other candidates.
Web Applications
Many attacks involve using web applications, whether it is web protocols, exploiting applications, or using the apps as part of the attack. Therefore, it is crucial to learn about web applications and how the web works. You just can't get by without an understanding of this topic.
Make sure that you understand of the following topics:
Training
How The Web Works (THM Free and VIP) – This is a training module that takes you through the topics of DNS and web services. Both are topics people typically struggle with and they will be in your interviews. Make sure you understand these to set yourself apart from other candidates.
Make sure that you understand of the following topics:
- HTTP and HTTPS protocols
- What's in a web request
- Knowledge of common web responses
- Common attacks
- How botnets and attackers use websites
Training
How The Web Works (THM Free and VIP) – This is a training module that takes you through the topics of DNS and web services. Both are topics people typically struggle with and they will be in your interviews. Make sure you understand these to set yourself apart from other candidates.
Attacker Methodology/Log Analysis
I don't know if you know this, but understanding the attacker methodology is huge in your journey to becoming a great analyst. As you grow in your tradecraft, you will be able to see attacks by simply looking at a few logs.
The thing is, attackers go through the same process no matter how good they are. In the cyber security industry, we call this process the attacker methodology. By understanding what phase of the attack you are seeing, you increase the likelihood you will find the other pieces of the attack.
But right now, I just want you to understand the phases of attacks and tools you can use to continue growing your understanding.
Training
Mitre ATT&CK: The Play at Home Edition by Katie Nickels and Ryan Kovar - A video that discusses how various roles in cybersecurity can use the Mitre ATT&CK matrix. This is a common framework that many organizations are starting to integrate into their security program.
Persistence Mechanisms by 13Cubed - A video that discusses the persistence phase of the attacker methodology.
SANS DFIR Webcast - Incident Response Event Log Analysis by Hal Pomeranz - A video that dives into log analysis.
DerbyCon - Living Off The Land A Minimalist Guide To Windows Post Exploitation by Christopher Campbell and Matthew Graeber - A video that covers a common tactic of attackers living off the land. This is bad guys using normal administrator tools for evil purposes.
Gozi, Part1: The Rise of Malware-as-a-Service by MaliciousLife - A podcast discussing malware as a service. Most malware you come across will be part of one of these cyber crime services.
The Equifax Databreach Pt I and Pt II by MaliciousLife - A set of podcasts discussing how the Equifax data breach occurred. These podcasts will help you understand the full attack chain.
Investigating Windows (THM Free) – This short course is a Windows investigation like the title says. You RDP to the system and look for clues to answer questions. I think this content provides an interesting perspective to the journeyman learner. I know when I first started out, I wish I was directly on the system to investigate. This is that scenario. Enjoy.
The thing is, attackers go through the same process no matter how good they are. In the cyber security industry, we call this process the attacker methodology. By understanding what phase of the attack you are seeing, you increase the likelihood you will find the other pieces of the attack.
But right now, I just want you to understand the phases of attacks and tools you can use to continue growing your understanding.
Training
Mitre ATT&CK: The Play at Home Edition by Katie Nickels and Ryan Kovar - A video that discusses how various roles in cybersecurity can use the Mitre ATT&CK matrix. This is a common framework that many organizations are starting to integrate into their security program.
Persistence Mechanisms by 13Cubed - A video that discusses the persistence phase of the attacker methodology.
SANS DFIR Webcast - Incident Response Event Log Analysis by Hal Pomeranz - A video that dives into log analysis.
DerbyCon - Living Off The Land A Minimalist Guide To Windows Post Exploitation by Christopher Campbell and Matthew Graeber - A video that covers a common tactic of attackers living off the land. This is bad guys using normal administrator tools for evil purposes.
Gozi, Part1: The Rise of Malware-as-a-Service by MaliciousLife - A podcast discussing malware as a service. Most malware you come across will be part of one of these cyber crime services.
The Equifax Databreach Pt I and Pt II by MaliciousLife - A set of podcasts discussing how the Equifax data breach occurred. These podcasts will help you understand the full attack chain.
Investigating Windows (THM Free) – This short course is a Windows investigation like the title says. You RDP to the system and look for clues to answer questions. I think this content provides an interesting perspective to the journeyman learner. I know when I first started out, I wish I was directly on the system to investigate. This is that scenario. Enjoy.
Basic Malware Analysis
You may not do full malware analysis at the junior level, but you will do some. These resources will introduce the topic to you and provide you with the skills needed to conduct Tier 1 triage. By the end of these courses, you should get a good idea of the malware you are seeing and how to find indicators to help you determine if the malware successfully executed.
Training
Practical Malware Analysis Essentials for Incident Responders by Lenny Zeltser - A video from one of the biggest instructors on malware analysis. He breaks down the topic so that you can have a great understanding of how it works in the real world.
MAL: Researcher (THM) – One of the everyday tasks for an analyst is to determine if a file is malicious or learn more information about a known malicious file. This course teaches you the concepts to do these tasks.
Malware Analysis (THM Free and VIP) – An entire training module on investigating malware. This will be good information for your interview. Undoubtedly, you will get asked malware questions. With this lab, you will get hands-on experience so that your answer consists of more than just the typical response, “Run Antivirus.”
Training
Practical Malware Analysis Essentials for Incident Responders by Lenny Zeltser - A video from one of the biggest instructors on malware analysis. He breaks down the topic so that you can have a great understanding of how it works in the real world.
MAL: Researcher (THM) – One of the everyday tasks for an analyst is to determine if a file is malicious or learn more information about a known malicious file. This course teaches you the concepts to do these tasks.
Malware Analysis (THM Free and VIP) – An entire training module on investigating malware. This will be good information for your interview. Undoubtedly, you will get asked malware questions. With this lab, you will get hands-on experience so that your answer consists of more than just the typical response, “Run Antivirus.”
Bonus Training
A site called HackTheBox also has fantastic training in their academy. However, you can't just hop in and do all their courses with the freemium service. You have access to a few to start with, and as you complete the modules, more unlock.
Like I said, the training is great, but I would suggest going this route only after you have exhausted these other resources.
Check out HTB Academy.
Like I said, the training is great, but I would suggest going this route only after you have exhausted these other resources.
Check out HTB Academy.
Conclusion
This guide is something I wish was available when I first started out. But, back then the community wasn't as developed and resources were scattered all over the internet. Today you have wonderful people and companies providing free or low cost resources to help people like you. I hope this program serves you well on your path to becoming a cyber security professional and if it does let me know! I love hearing success stories. The world can always use some more good news.
If you want to stay up to date on the The Cyber Union, sign up for the newsletter. If you want to support my efforts, please sign up for my new Patreon. With the membership you get a vote on what content is coming up and access to a private Q&A.
If you want to stay up to date on the The Cyber Union, sign up for the newsletter. If you want to support my efforts, please sign up for my new Patreon. With the membership you get a vote on what content is coming up and access to a private Q&A.
