Clint Gibler Profile picture
Mar 8 15 tweets 10 min read
🚨Security Career Resource Thread 🚨

1️⃣ 2️⃣ resources to break into the field or take your career to the next level 👇

#infosec #cybersecurity #security
Learn:

🎓 How to get into various fields: pentesting, SOC analyst, AppSec, ...

🎫 Certs - do they matter? For which roles?

🧪 Doing security research

📣 Building your brand via blog posts, conference talks, and more

💸 How to think about compensation
📺 Launch your cybersecurity career: @IppSec's advice on how to become a skilled professional

* Technical tips
* Keeping a positive mindset
* Life is what you make it

#bugbounty #bugbountytips

📺 2022 Cybersecurity roadmap: How to get started?

@_JohnHammond joins @davidbombal and shares:

* The first thing to learn
* Recommended resources
* Should you do CTFs?
* Are degrees/certs useful?

and more

📺 The best Hacking Courses & Certs? Your roadmap to Pentester success

@rana__khalil joins @davidbombal to discuss the best courses and best cert to become a pentester in 2023

* Skills you need
* How get experience & land a job
* #bugbounty

+ more

🕵️‍♀️ So you want to be a SOC Analyst?

@eric_capuano's blog series on landing your 1st role

1. Set up a small VM environment
2. Put on your adversary hat and make some noise, emulate an adversary and craft detections, and more.

blog.ecapuano.com/p/so-you-want-…
🪜 Dropbox Security Engineer Career Framework

Dropbox's documentation that outlines the scope, impact, and other expectations from junior individual contributor through Principal Security Engineer

Great reference 👍

Probably great due to @frgx et al

dropbox.github.io/dbx-career-fra…
👩‍🔬 Demystifying Security Research

@alexjplaskett covers topic selection, brainstorming and collaboration, motivation and mindset, note taking, surveying related work, and more

🧵 on what makes a good research topic


alexplaskett.github.io/demystifying-s…
🎓 Reflections on the CS academic and industry job

Candid reflections by @rown

See also his Part 2: "Why I chose OpenAI over academia"
rowanzellers.com/blog/rowan-job…

rowanzellers.com/blog/rowan-job…
👩‍💻 Skills you need transitioning from pentester to Product Security

Great thread by @anantshri and many others

#infosec #appsec

🗺️ Creating a certification plan

Rohit Hegde shares his opinions on the pros/cons of certifications, how one can go about it, developing a plan, and more

abstraction.blog/2023/01/10/cer…
🗺️ Security Certification Roadmap

473 certs grouped by:

* Communication & network security
* IAM
* Security architecture
* Asset security
* Risk mgmt
* Security assessment & testing
* Software security
* Security operations

By @PaulJerimy

pauljerimy.com/security-certi…
📈 How to build your InfoSec career

@leifdreizler on why you should be writing blogs, appearing on podcasts, and presenting at conferences... and how to get started!

How to encourage your team to do the same
leif.substack.com/p/share-the-sp…

leif.substack.com/p/the-infosec-…
💼 Update on being Independent [3 years later]

@zoph shares his reflections and lessons learned after being an independent AWS consultant for several years

zoph.me/posts/2023-01-…
@zoph If you found this thread useful, please like/RT so more people can see it 🙏

If you want more like it, you can join 14,000+ of security professionals keeping up with security research in 10min/week:
tldrsec.com

Or follow me @clintgibler for more

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Clint Gibler

Clint Gibler Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @clintgibler

Jan 11
✅ How to *actually* roll out YubiKeys/WebAuthN

Industry advice is to "just do it"

But it's actually really hard in practice

8 resources on lessons learned from companies who've done it 🧵
1/ @frgx on how Figma switched their Okta to only allow phish-proof WebAuthn/FIDO MFA

2/ And @frgx's follow-up thread on the good, the bad, and the lessons learned

Read 11 tweets
Jul 21, 2022
📚 tl;dr sec 142
* @fransrosen Single click account takeovers via OAuth
* @EricMichaud, @ConsensysAudits Cryptocurrency security
* @pry0cc pdiscovery-bot
* @miguelhzbz, @maellyssa k8s Prometheus attack surface
* @joseadanof Awesome Cloud Native Trainings

tldrsec.com/blog/tldr-sec-…
@fransrosen @EricMichaud @ConsenSysAudits @pry0cc @MiguelHzBz @maellyssa @joseadanof 📢 Sponsor: Are your APIs still at risk? Read the Protecting APIs from Modern Security Risks white paper from @SaltSecurity for critical components needed to secure your APIs content.salt.security/protecting-api…
Read 9 tweets
Dec 16, 2021
📚 tl;dr sec 113

* Log4Shell resources
* @JubbaOnJeans, @yashvi3r Security metrics
* How @netflix scales cloud detections
* @orange_8361 CTF challenges
* @prince_of_pasta Least privilege IAM
* Free @falco_org 101 course
* and more!

tldrsec.com/blog/tldr-sec-…
@JubbaOnJeans @yashvi3r @netflix @orange_8361 @prince_of_pasta @falco_org 📢 Sponsor: @goteleport Teleport 8 delivers industry best practices for remotely accessing Windows and Linux servers, databases, Kubernetes clusters, and internal web applications via a single secure, highly available endpoint. Learn more goteleport.com/blog/rdp-acces…
@JubbaOnJeans @yashvi3r @netflix @orange_8361 @prince_of_pasta @falco_org @goteleport Boring AppSec: an awesome #AppSec newsletter by JubbaOnJeansNewsletter
boringappsec.substack.com

@mattomata Zero-friction “keyless signing” with Github Actions
chainguard.dev/posts/2021-12-…

Building Trust in the Software Supply Chain w/ Binary Transparency
binary.transparency.dev
Read 12 tweets
Oct 28, 2021
📚 tl;dr sec 107
* @rung Attacking and securing CI/CD pipelines
* @xntrik Threat modeling in HCL
* @NCCGroupInfosec Cracking random number generators w/ML
* @kottireethi GitHub Actions security best practices
* @pdnuclei Easily validate leaked API tokens

tldrsec.com/blog/tldr-sec-…
@rung @xntrik @NCCGroupInfosec @kottireethi @pdnuclei 📢 Sponsor: Join @Tenable, @awscloud, @techmahindracsr, & more at #Accurics Code to Cloud Security Summit on Wed. Nov 10 @ 8:30am PST. If you’re in the US, register by Fri. to receive a FREE snack box. Preparing for tomorrow’s security challenges today. hopin.com/events/executi…
@rung @xntrik @NCCGroupInfosec @kottireethi @pdnuclei @tenable @awscloud @techmahindracsr Tool for secret management at @elastic
github.com/elastic/harp

Repo of Google's security advisories and accompanying PoCs
github.com/google/securit…

@xntrik: Document your threat models in HCL
github.com/xntrik/hcltm

@daniel_bilar With 👆, you can now lint your TMs with Semgrep
Read 10 tweets
Oct 14, 2021
📚 tl;dr sec 105
* #DevSecOps - @NIST on microservices + service mesh
* @ErmeticSec Defending S3 from ransomware
* @falco_org labs
* Risk-Based Security Decision Making at @netflix
* @brutelogic XSS exercises
* @trailofbits osquery + macOS EndpointSec

tldrsec.com/blog/tldr-sec-…
@NIST @ErmeticSec @falco_org @netflix @brutelogic @trailofbits 📢 Sponsor: Learn how “Detection-as-Code” is changing how security teams write, test and harden detections. blog.runpanther.io/detections-as-…
@NIST @ErmeticSec @falco_org @netflix @brutelogic @trailofbits Risk-Based Security Decision Making at @netflix
eventbrite.com/e/risk-based-s…

@ztgrace A tool for detecting default and backdoor creds
github.com/ztgrace/change…

@omer_gil Bypassing required reviews using GitHub Actions
medium.com/cider-sec/bypa…
Read 9 tweets
Oct 7, 2021
📚 tl;dr sec 104
* New Phrack
* @hakluke, @farah_hawaa 10 often missed web vulns
* @_fel1x C/C++ semantic search tool
* @black2fan, @s1r1u5_ Finding prototype pollution at scale
* @r2cdev Securing your GitHub Actions
* @alex_dhondt Exploiting drones

tldrsec.com/blog/tldr-sec-…
@hakluke @Farah_Hawaa @_fel1x @Black2Fan @S1r1u5_ @r2cdev @alex_dhondt 📢 Sponsor: The DevSecGuide to Infrastructure as Code:
🔬 Research on the state of IaC security
🦋 Practical steps for embracing a DevSecOps culture
🔐 Tips for embedding security throughout the DevOps lifecycle
➡️ Download for free from @bridgecrewio
bridgecrew.io/resource/the-d…
Read 9 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(