“Where do I begin?”
At the Raleigh ISSA chapter, we get this question a lot. Whether you’re just coming out of school, or are wanting to make a mid-career transition, you want to “break in” to the Information Security (“InfoSec”) field. That’s great!
We have some bad news and some good news. The bad news is that InfoSec isn’t easy; you’ll need to study hard, learn a lot of seemingly arcane topics and commands, and then apply them to networks and situations where you either want to prevent a compromise, or create one (in a penetration test where you have the full permission of the network owner, of course).
The good news is that there are a lot of free and low-cost resources you can use right away to learn about InfoSec! We’ve created a list below of some of them and will be adding more in the future. Good luck, and don’t be afraid to ask us questions!
First thing: Start practicing on your own equipment. DO NOT practice on or attack or otherwise scan, enumerate, harass, bend, fold, spindle or do anything untoward against any system you do not own or have express permission to touch! Instead, download and install a free hypervisor like VirtualBox or VMWare, then download the ISO files for Kali Linux and Metasploitable and convert them into virtual machines. Practice by using Kali to attack Metasploitable, all on your own computer!