How I’m learning about Information Security
I recently found myself in a position at work where I needed to upskill myself quickly in the field of Cybersecurity, more specifically, Information Security. I thought I might share some beginner resources I have used.
Dr Soper’s Information Security Lessons on YouTube was a godsend! It helped to give me a great foundation. He breaks down Information Security to the bare basics and explains every concept so well that I really did feel a lot more confident after doing the course. The part on types of attacks gave me the right keywords to search for to learn more about real world examples of cyber security breaches. For example, I searched for Denial of Service attacks and came across the story of a teenager, who went by the alias Mafia Boy, who launched a Denial of Service attack on many big companies like Yahoo and AOL at the time and took down their websites for a number of hours and
I subscribed to a few podcasts on Information Security on Spotify so that I could listen to cyber security news. I’m currently subscribed to InfoSec Overnights — Daily Security News by Paul Torgersen which has short episodes on Cybersecurity news. This is great for gaining a feel for and understanding the cyber security breaches that have taken place. The last podcast episode was on the 31st of December 2019 and it doesn’t look like there will be any new episodes. However, I think it is still worth listening to all the old episodes as they provide a lot of information. I’m also subscribed to the UNSECURITY: Information Security Podcast by Evan Francen and Brad Nigh and the Information Security Podcast which has longer episodes and talks about Cybersecurity issues in more depth.
I signed up to the Information Security: Context and Introduction course on Coursera particularly to learn more about Security Management. I went straight to week 4 of the course which covered that topic. The course is by Royal Holloway, University of London.
I have also been talking to colleagues at work to understand what their responsibilities are within the Information Security team and what their journeys into the field have been like.
To help keep track of all the things I am learning, I have a document where I keep a list of acronyms, definitions and other interesting concepts I have learned. They often serve as a good tool for later reference.
There are many branches of Information security and it’s almost impossible to know every single bit in depth, so the strategy I have chosen for my learning is to learn about the field broadly then choose one area to focus on and deepen my knowledge there. I’ve chosen to build my skills in, and understanding of, Governance, Risk, Compliance and Assurance (GRCA).
