Getting Started in Information Security

Dakota Nelson
Aug 18, 2016

Infosec is a way of life.

I’m probably getting nods from half of the information security (infosec) industry after saying that, and a disgusted look from the other half. For better or for worse, security is more than just a job for a huge number of people. What this means for the field is a whole different blog post, but it does certainly mean one thing:

Breaking into the security industry is staggeringly difficult for beginners.

As someone put it to me:

I have tried to learn the basics of it but it seems like an industry that you must love so that you would know about it … and I am struggling with this task.

In other words, “how do I even get started?”

Below are some resources that I and others have found useful for our first adventures in IT security. (have more things you think should be added? let me know)

Keep in mind, though, as you read through the resources below, that security is an enormous field. Nobody can understand it all, much less be an expert at everything. Does that sound intimidating? It shouldn’t - because you don’t have to understand it all. Poke around in the stuff below. Look at the things that seem interesting. Skim aggressively. And when you find something you love? Dive in!


Nope, I’m not joking. Well, maybe a little - these articles provide a great overview of the field that is information security and how to get started.

News, Events, Etc.

Staying up-to-date is perhaps the most taxing part of the infosec lifestyle. Everything moves incredibly fast, and the firehose of information can be hard to keep up with - or turn off.

General Overview

One of the most difficult parts about security is that there’s just so much scattered knowledge to know. These lists should help get you up to speed - no need to memorize everything, a good overview and an ability to quickly look things up should do. Find something particurly interesting? Go crazy!

In-Depth Introductions

Want a comprehensive compendium of knowledge on a a topic? These are great ways to get started on an aspect of security without hopping frantically across the Internet.

  • In Hacking the Xbox , Andrew “bunnie” Huang provides an incredible book introducing hardware hacking and detailing various ways to “enjoy a Microsoft Xbox game console without the mindless tedium of playing video games.” A free copy has been released by the author at
  • Ever wondered how exploits actually work? Hacking: The Art of Exploitation is a great place to start. I’ve heard of people avoiding this book due to the somewhat campy title - something something don’t judge a book by its cover.
  • Want to know how to do offensive security professionally? Penetration testing is real, and Georgia Weidman shows you how in Penetration Testing: A Hands-on Introduction to Hacking. (I hear if you use code GEORGIA at checkout good things will happen)
  • While this course is somewhat focused on Cobalt Strike, an advanced attack tool built by Raphael Mudge, the lessons learned in it apply everywhere. Check out for nearly 6 hours of great lessons on how modern advanced attackers do their thing.


There are security conferences across the world where people come together to talk about and share the things they find fascinating. Most of them record and release their talks, so you can share in the learning even if you can’t travel.

  • is an absurdly large collection of talks from a huge number of conferences. Have at it!

The Black Market

Seriously - learning from attackers is a great way to understand what the current cutting-edge techniques are. Adversaries have strong incentives - making a living, not getting caught - to be the best they possibly can. Besides, these are the people you’ll likely be defending against someday. It’s best to get to know them.

Hands-On Practice

Actually putting your knowledge to use is the best way to learn, but hacking especially can be a bit difficult to get experience in without breaking a law or two. Here are some ideas on how to do it the right way.


You have more questions? Many others have gone before you, and most of them are happy to help. There are more wonderful security people on Twitter than I could possibly count, but here are eight in no particular order to get you started:

Overwhelmed? Take a deep breath: you don’t have to know everything. Skip around, skim for things that look interesting, and only dive in if you want to. Everyone was a beginner once - focus on discovering something you find fascinating. The joy of learning is the real objective here - enjoy the journey, and keep in touch.

Was this useful? Consider giving us your email below so we can send you more great stuff!