Infosec Specialisation: Two Fields

TL;DR

Becoming proficient in two infosec fields takes focused effort and a strategic approach. This guide outlines how to choose your specialisations, build foundational knowledge, gain practical experience, stay current, and network effectively.

1. Choose Your Fields Wisely

1. Consider your interests: What areas of cyber security genuinely excite you? Passion fuels learning.
2. Assess job market demand: Research which skills are highly sought after in your region and globally. Websites like Indeed, LinkedIn Jobs, and CyberSeek can help.
3. Think about synergy: Some fields complement each other well (e.g., Penetration Testing & Digital Forensics; Cloud Security & Incident Response). This broadens your skillset.
4. Examples of popular combinations:
   • Network Security & Ethical Hacking
   • Application Security & DevSecOps
   • Incident Response & Threat Intelligence
   • Cloud Security & Compliance

2. Build Foundational Knowledge

1. Core Concepts: Regardless of your chosen fields, master these basics:
   • Networking (TCP/IP, OSI Model)
   • Operating Systems (Linux, Windows)
   • Programming/Scripting (Python is highly recommended)
   • Security Principles (CIA Triad, Authentication, Authorisation)
2. Online Courses: Excellent resources include:
   • TryHackMe: Hands-on learning paths.
   • Cybrary: Wide range of courses and certifications.
   • Coursera/edX: University-level courses on cyber security topics.
   • SANS Institute (expensive, but highly respected).
3. Books: Supplement online learning with foundational texts.
   • Networking All-in-One For Dummies by Doug Lowe
   • Hacking: The Art of Exploitation by Jon Erickson
   • The Practice of System and Network Administration by Thomas A. Limoncelli, Christina J. Hogan, Strata R. Chalup

3. Gain Practical Experience

1. Home Labs: Set up virtual machines (using VirtualBox or VMware) to practice your skills.
   • Create a vulnerable web application (e.g., OWASP Juice Shop).
   • Build a network topology and simulate attacks/defenses.
2. Capture the Flag (CTF) Competitions: Excellent for honing skills in a gamified environment.
   • HackTheBox
   • OverTheWire
   • TryHackMe CTFs
3. Bug Bounty Programs: Earn rewards by finding vulnerabilities in real-world applications (requires significant skill). Platforms include HackerOne and Bugcrowd.
4. Personal Projects: Develop security tools or automate tasks.

4. Specialise & Certify

1. Field 1: Deep Dive: Focus on advanced concepts, techniques, and tools specific to your first chosen field.
2. Field 2: Similar Approach: Repeat the deep dive for your second specialisation.
3. Relevant Certifications (examples):
   • Network Security: CompTIA Network+, CCNA Security, Certified Ethical Hacker (CEH)
   • Application Security: Certified Secure Software Lifecycle Professional (CSSLP), Offensive Security Web Expert (OSWE)
   • Incident Response: GIAC Certified Incident Handler (GCIH), Certified Information Systems Security Professional (CISSP – requires experience)
   • Cloud Security: Certified Cloud Security Professional (CCSP), AWS Certified Security – Specialty

5. Stay Current

1. Follow Industry Blogs & News: Keep up with the latest threats, vulnerabilities, and security trends.
   • KrebsOnSecurity
   • The Hacker News
   • Dark Reading
2. Attend Conferences & Webinars: Learn from experts and network with peers.
3. Participate in Online Communities: Engage in discussions, share knowledge, and ask questions.
   • Reddit (r/cybersecurity, r/netsec)
   • Discord servers dedicated to infosec topics

6. Network Effectively

1. LinkedIn: Connect with professionals in your fields and join relevant groups.
2. Local Meetups: Attend local cyber security events to meet people face-to-face.
3. Contribute to Open Source Projects: Showcase your skills and collaborate with others.

   git clone https://github.com/example/security-project.git