Copy pasted from: https://www.reddit.com/r/IAmA/comments/6ajstf/im_eugene_kaspersky_cybersecurity_guy_and_ceo_of/dhfi1j5/?sh=744a6787&st=J2KZV1B8
If you actually want to get into the security field, here's a ton of free resources to get you started. It's also worth noting that one of the best things about this field is that no one (respectable) cares about your educational background: if you can do the work, you'll get hired in a heartbeat.
Open Security Training - collection of free, week long bootcamps taught by some very smart folk. I've only taken their intro to x86 class, but Xeno Kovah is a smart dude.
/r/netsec - sub dedicated to security stuff. You'll probably understand nothing, but just start skimming through and looking up stuff on the fly. After a few months, you'll start being able to follow along. I recommend avoiding /r/hacking and /r/howtohack as it's filled with FUD and skids (script kiddies).
/r/learnprogramming - you must know how to at least read programming languages to be in this field.
Also worth mentioning:
Shell Storm CTF Repo - collection of capture the flag challenges. almost all of these will have a blog post somewhere of someone solving them.
Crypto Pals - a hold-your-hand walkthrough of implementing and breaking cryptographic algos. Originally created by some sharp crypto guys working at Matasano.
OWASP Top 10 - fair bit of drama surrounding OWASP as an org, but still a solid place to go learn the basics of webapp sec. I highly recommend the NoVA and DC chapter meetups. The people who run them put a lot of work into bringing not only excellent speakers, but ensuring it stays entirely vendor neutral. They come down pretty hard on anyone trying to make a sales pitch.
nVisium's Intentionally Vulnerable Apps - bit of a shameless self-plug. We've been developing a bunch of intentionally vulnerable web apps on a ton of different frameworks. All apps are named as .nV, such as django.nV.
Notable blogs:
To Shell and Back - network. Run by a smart pentester.
harmj0y's blog - network, also run by a smart pentester.
Skull Security - network, password cracking, other misc topics. Run by a Google Sec employee.
nVisium - another shameless self-plug. web apps.
Krebs on Security - Brian Krebs talking about security as a culture. Focuses more on trends than nitty gritty technical details, but still a good read.
Portswigger's Blog - owner of Burpsuite, the tool for web appsec.
Google's Project Zero - lots of low level and protocol stuff.
Irongeek - intro level tutorials and video hosting for several security cons.
Smashing the Stack for Fun and Profit - not a blog but a very famous paper written back in the 90s. Absolutely essential reading for anyone looking to get into exploit dev and reverse engineering. Concepts are still 100% applicable today (although modern exploits do have to jump through a lot more hoops).
And finally, certification: the OSCP - I loathe most certs in this industry. They're nothing more than cash schemes and I have met some truly dumb people that hold 10+ certs. That said, I highly recommend the OffSec certs. They focus on network pentesting, reverse engineering, and exploit dev. The exams are not multiple choice. You get 24 hours to break into 5 different machines. You then write a report and send it in. This is a cert that requires real, hands on application of TTPs, not just theoretical understanding (which is easy). The Pentesting With Kali (PWK) class that precedes the OSCP cert is fantastic for going from nothing but a bit of bash knowledge to being able to have a solid fundamental understanding of network pentesting. You get access to their virtual environment with a lab guide to actually apply all the things you're learning. Be warned: their motto is "try harder," and for good reason. 60 days of lab time + a cert attempt is ~$900. That may sound like a lot, but other cert orgs will charge several grand for a one week bootcamp.
Above all, you must have a passion for the work and be willing to teach yourself. This is not an industry that caters to the lazy nor those that need to be spoon fed information. Pro-activeness is key.
I've got a ton of other specialized resources depending on what niche you're most interested in. Feel free to ping me with any questions or the like.
And finally, for any folk out there that already have security chops, hit me up. My company is constantly hiring and looking for people that can hit the ground running.
Thanks for gold :) how do I convert it to whiskey?