Threat Intelligence is a hard field to break into. It requires a deep understanding of a number of different areas like information security, network security, application security, and web security. As a beginner trying to learn more about this area myself, I know from experience it can be a lot to navigate if you’re going the self education route. I’ve wasted so many hours taking wrong turns, getting lost, even moving backwards! With this in mind, I wrote this blog to help fellow beginners navigate the complicated world of threat intelligence. I’ve listed the steps I would’ve taken if I were to start over from the beginning, but with the benefit of knowing what the straight line path looks like in hindsight.
I’ve picked up bits and pieces of web security knowledge through my job as a web developer. But I found early on that there were just enough gaps in my knowledge that I was just spinning my wheels trying to dive deeper into the topic. I decided to take a step back, and start from the very beginning.
The following list is for the ABSOLUTE beginner, no technical background required. The goal here is to build a solid foundation from the beginning so that you can move on to the next level with confidence.
A class taught by Frank Chen at UCLA. All lecture slides, and other materials from the class are posted here for the public. It’s a non technical introduction to the field of Cyber Security for someone with zero experience. I’d even recommend this class to my parents or non engineering friends. Check out the syllabus here.
I’ve seen this book recommended in multiple places as a good starting point for people interested in hacking, but have little to no experience. It’s a light intro to a very broad range of security topics, but points you to more advanced details for every topic it covers. The link points to the book on Safari Books Online, which offers a free 7 day trial with no credit card required.
Now that we’ve got a working knowledge of some of the basics, we can get our first taste of Threat Intelligence.
A git repo of various public documents, whitepapers, articles about APT campaigns. You’ll probably still have questions while working through these reports (I sure did). But you’ll have enough background info and vocabulary to read through and enjoy the material. I included this step here because I thought it was fun to read through and be reminded of some of the cool work going on and get excited about the field and my progress again.
If you’re unfamiliar with reddit, it’s a place where you can find an online community of people with similar interests. The r/netsec group is a subreddit of people interested in the field of network security and related fields. The link points to the group’s “where to start” page, a collection of resources covering many of the topics we’ve just been introduced to in more detail.
This collection was recommended to me by Kyle Wilholt, a Sr. Security Researcher here at DomainTools. It’s got a ton of resources more specific to the threat intelligence field, including some of the basic tools and frameworks used in threat hunting and investigation. It’s the only resource in this post I haven’t gone through, or am still going through myself, but it looks awesome! And it’s definitely my next step.
Last note about these links, this isn’t a complete list that will take you from beginner to security expert. It’s just a starting point to help get you going in the right direction, from zero experience to solid beginner.
And that’s it for now, I purposely didn’t want to include too many items in this list. One of the major struggles I ran into was being overwhelmed by all the great resources out there, and trying to figure out where to start. As you go through this list, you’ll find you have no problem finding an infinite amount of really great links and resources to branch off to from here, trust me!