Career Path Security Basics

Most people starting a career in IT security have a huge interest in topics like hacking, programming, system administration, networking and so on. When you apply for a junior position, employers normally expect basic skills and huge motivation. In this article you can find some useful resources for learning the basic skills that are useful for all career paths in IT security. More specific articles for specialized career paths like penetration tester, DFIR expert, malware expert and so on, are about to follow.

If you have any ideas or suggestions for additional useful courses, please feel free to leave a reply in the comment section below or just add them to your personal training list.

I suggest to look for suitable courses or certifications, to set yourself a goal and make a plan how to reach your goal.

If you want to read how I started my career in IT security have a look here.

Programming

Depending on your career, you should have knowledge in various programming languages. As a penetration tester, these could be assembly, C, javascript, HTML, python and bash for the beginning. Programming skills are not only useful for penetration testers, but also for other career paths. For example in a blue team, programming skills are very useful for automatization.

In this section you can find some examples for learning basic programming, more specialized examples follow in the career path sections.

HTML

Html & JavaScript

Learn Basics by building your own Computer

Build a Modern Computer from First Principles: From Nand to Tetris
Content: Teaches the basics of computer sience by building a computer from ground up. There is also a great TED talk about the course.
Career: All
Level: Beginner
Price: Free or with certificate

Programming Python

Python might be the most important language to learn as a starter.

Programming for Everybody (Getting Started with Python)
Content: Python Basics
Career: All
Level: Beginner
Price: Free or with certificate

There is a ton of free resources on the web, this also looks useful:
https://www.python.org/about/gettingstarted/
https://www.learnpython.org/

More EDX courses: https://www.edx.org/learn/computer-programming

More coursera courses: https://www.coursera.org/browse/computer-science/software-development

Programming Bash, Learning Linux

For all career paths, you will need Linux skills.

https://www.bash.academy/
https://www.learnshell.org/
http://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO.html

If you lack of basics in Hardware, OS and so on consider this one:
https://www.professormesser.com/free-a-plus-training/220-901/comptia-220-900-course/

Networking

Professor Messer’s CompTIA N10-007 Network+ Course
Content: Great and free video course for preparing the CompTIA Network+ exam, I recommend to add a book nevertheless.
Career: All 
Level: Beginner
Price: Videos are free

All in One CompTIA Network+
Author: Mike Meyers
Content: Coverage of the CompTIA Network+ certification exam objectives, goes into the topics in depth. I liked the questions after each chapter. Came with a CD with an exam simulator long ago, now the content is online. 
Career: All 
Level: Beginner
Buy at Amazon U.S.
Buy at Amazon Germany

You may consider to do the certification for the CV.

More Coursera courses: https://www.coursera.org/browse/computer-science/computer-security-and-networks

Learn about http:
https://developer.mozilla.org/en-US/docs/Web/HTTP
https://www.tutorialspoint.com/http/

Basis Security

The Cuckoo’s Egg Decompiled Course
Content: Highly recommended course by Chris Sanders, teaching the basics of attacking and defending networks through the lens of the famous “The cuckoos Egg” book by Clifford Stoll.
Career: All
Level: Beginner
Price: Free

Professor Messer’s CompTIA SY0-501 Security+ Course
Content: Same as the Network+ course for Security+, I also recommend to read a book additional for preparation.
Career: All 
Level: Beginner
Price: Videos are free

Mike Meyers’ CompTIA Security+ Certification Passport
Author: Dawn Dunkerley
Content: For preparing the CompTIA Security+ Certification this book is recommended. It covers every topic from the exam and also includes review questions as well as a practice exam.
Career: All
Level: Beginner
Buy at Amazon U.S.
Buy at Amazon Germany

You may consider to do the certification for the CV.

Introducion to Cybersecurity
Content: Short non technical introduction course for everyone who is curious about cybersecurity. Explains the basic concepts from a higher level.
Career: All
Level: Beginner
Price: Free or with certificate

More EDX courses: https://www.edx.org/learn/cybersecurity

More Coursera courses: https://www.coursera.org/browse/computer-science/computer-security-and-networks

Stay tuned, my next article will be about the career path for penetration testers.

Links

Thanks @SparkyS04 for proofreading.

EDX courses for free

EDX courses can be taken for free. Of course then you will miss the certificate, but the content is the same. Also you have a time limit for viewing the content, but in my experience it is more than enough.

Here is a short example:
After logging in with your account (register if you do not have one) search for the course you want attend to.

For the example I choosed “Introduction to Cybersecurity”.

Choose “Enroll now” on the course page:

Scroll down a bit and choose “Audit this course”:

One the next page you can just start the course. A dialog might be shown that you can earn the certificate, you can just ignore that or choose “Explore the course” here:

Enjoy and keep learning!

Review EDX Course Security in Office 365 (Microsoft CLD245x)

Recently I took the course Security in Office 365 using the free Audit Access, the final exam and the Certificate are missing here.
The sections of the course are:
  • Threats and data breaches targeting your data
  • Office 365 Advanced Threat Protection
  • Office 365 Threat Intelligence
  • Auditing, alerting and reporting in Office 365
  • Advanced Security Management in Office 365
After each section there is a quiz, as well as an final exam with 20 questions (missing in the free version). I’ll go through each section adding some notes.
Introduction to Security in Office 365
Threats and data breaches targeting your data
  • how threat actors gain access
  • kill chain
  • how the work and threat landscape changed
  • on-premises environment vs “gray area” (cloud etc.) in terms of controll and security
  • phishing
  • malware
  • spoofing
  • escalation of privilege
  • data exfiltration
  • data deletion including ransom ware
  • data spillage (“Data spillage occurs when protected data is transferred to a system that doesn’t provide the same level of protection as the source.”)
  • as well as password cracking
  • malicious insiders
Security solutions in Office 365 
  • Exchange Online Protection (EOP)
  • Office 365 Advanced Threat Protection (Office 365 ATP)
  • Office 365 Threat Intelligence
  • Auditing and alerts
  • Advanced Security Management (ASM)
  • EOP (not End Of Protection 😉 but Exchange Online Protection)
  • Office 365 Threat Intelligence
  • Threat Dashboard
  • Auditing and alerts
  • Advanced Security Management (AMS)
  • Threat detection
  • Enhanced control
  • Discovery and insights
Introduction to Secure Score
  • Overview of Office 365 Secure Score
  • security related measurements
  • Office 365 Secure Score API
  • API & powershell
  • downstream data for other tools and SIEM etc.
  • The Secure Score dashboard
  • The Secure Score analyzer tab
  • Increasing your security posture
  • I liked some of the points:
    • Enabling multi-factor authentication on all admin accounts
    • Designating more than one global admin
    • Enabling auditing across workloads
    • Enabling mailbox auditing
    • Having a weekly review of sign-ins after multiple failures
    • Having a weekly review of sign-ins from unknown sources
    • Having a weekly review of sign-ins from multiple geographies
Implementing and Managing Office 365 ATP
Introduction to Exchange Online Protection
  • The anti-malware pipeline in Office 365
  • Zero-hour auto purge
  • ZAP, detect spam or malware that was undetected by heuristics and delivery patterns
  • Phishing and spoofing protection
  • SFP, DKIM, DMARC
  • Spoof Intelligence
  • Give overview of spoofing attempts, allow spoofing for certain senders for certain addresses
  • Managing spoof intelligence
Overview of Office 365 Advanced Threat Protection
  • How ATP expands protection provided by EOP
  • Safe attachments
  • sandbox/detonation chamber 😀
  • Safe attachment policy options
  • Safe links
  • URL detonation -> mix of safe links and sage attachements
  • Safe links policy options
Managing Safe Attachments
  • Creating safe attachment policies in the Security and Compliance Center
  • Creating safe attachments policies using Windows PowerShell
  • Modifying an existing safe attachments policy in the Security and Compliance Center
  • Creating a transport rule to bypass safe attachments
  • Safe attachments end user experience
Managing Safe Links
  • Creating safe links policies by using the Security and Compliance Center
  • Creating safe links policies using Windows PowerShell
  • Modifying an existing safe links policy
  • Create a transport rule to bypass safe links
  • Safe links user experience in email
  • Safe links user experience in Office 2016
Monitoring and reports
  • Threat protection status report
  • ATP message disposition report
  • ATP file types report
  • Malware detections report
  • Top Malware report
  • Top Senders and Recipients report
  • Spoof Mail report
  • Spam Detections report
  • Sent and received email report
  • Security & Compliance Report Demonstration
Using Office 365 Threat Intelligence
Office 365 Threat Intelligence
“Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.”
  • Microsoft Intelligent Security Graph
    • Source: Windows, Office 365, Cloud Services, 3rd party
  • Threat dashboard
    • reporting tool for C-level
  • Threat explorer
    • analysts, admins
Using the Threat Detection dashboard
  • Threat detections in your tenant
  • Security and malware trends
  • Alerts
  • More insights
  • Threat Intelligence Demonstration
Using Threat Explorer
  • Viewing options in Threat explorer
  • Filtering capabilities in Threat Explorer
  • Drilling for details
  • Incident reports
Implementing auditing, insights, and alerts
Overview of auditing in the Security & Compliance Center
  • Auditing architecture in Office 365
  • Audited activities
  • Office 365 Management Activity API
Enabling mailbox auditing in Exchange Online
  • Mailbox actions logged by mailbox audit logging
  • Enabling mailbox auditing
  • Specifying owner actions to audit
  • Changing the age limit for entries in the mailbox audit log
Searching the audit log
  • Enabling auditing in your tenant
  • Granting permissions
  • Searching the audit log
  • Viewing the search results
  • Filtering the search results
  • Exporting the search results to a file
  • Searching the audit log by using Windows PowerShell
  • Using a SIEM application to access your auditing data
Enabling sharing auditing for SharePoint and OneDrive
  • The SharePoint sharing schema
  • The SharePoint Sharing model and sharing events
  • How to identify resources shared with external users
Managing insights and alerts in the Security & Compliance Center
  • Introduction to insights and alerts
  • Types of insights that are available
  • Types of alerts that are generated
  • Alerts features in the Security & Compliance Center
  • Alert policy settings
  • Default alert policies
  • Viewing alerts
  • Managing alerts
Advanced Security Management
Overview of Advanced Security Management
  • Lesson introduction
  • Anomaly detection policies
    •     Login authentication failures
    •     Administrator activity
    •     Inactive accounts
    •     Location
    •     Impossible travel
    •     Device and user agent
  • Activity policies
  • Anomaly detection and activity alerts
  • Policy templates
  • Productivity app discovery
  • App permissions
Implementing policies and alerts
  • Enabling and accessing Advanced Security Management
  • Creating anomaly detection policies
  • Creating activity policies
  • Reviewing and taking action on alerts
  • Investigating activities in the Activity log
  • Grouping IP addresses to simplify management
Implementing app discovery
  • Log file requirements
  • Supported vendors and their data attributes
  • Creating app discovery reports
  • Reviewing app discovery findings
  • Troubleshooting errors when log files are uploaded
Implementing app permissions
  • App permissions architecture
  • Managing app permissions
  • Approving or banning an app
Conclusion
Unfortunately I do not have access to an Office 365 environment for testing. So I was thankful that the course gives a broad insight of the posibilites of the security configurations of Office 365. Lots of the topics come withshort  examples (like phishing, spoofing etc.) and a short video clip.

From my side more insight on the security mechanisms and more detail on Threat Intelligence would have been great.  The course goes into logging and how to find strange behaviour, malware and threat intelligence. Which was really nice to see how much effort Microsoft put into securing their cloud products.

A lot of the questions in the module assessements questions are more about configuration the platform itself or how tabs are named, I felt a bit like in a MS exam long time ago. Large parts of the content is text and not videos, most courses are a bit different here.

The course gave a good overview and insights for understanding Security in Office 365 for me, that’s what I was looking for.
Links