Hi everyone, I am seeking some advice to gather my career path to become DevSecOps or Application Security Engineer. These are learning platform I am using or think about using: Cloud Guru for AWS Security which can help me land Security Engineer or Security Analyst role for starter point. I am almost finishing Cloud DevOps Program with Udacity to learn workflow for DevOps. I am planning to use INE platform for penetration testing particular Web Apps penetration testing. Lastly, I am enrolled at University of People online to get my second Bachelor's in Computer Science to get my foundation in place. #cybersecurity #interview #security
For Appsec: Practice as much as you can. Understanding why a vulnerability occurs is more important than copying payload and exploiting. If you have knowledge of at least one programming language, your journey will be easy otherwise you can do it without programming language too. Some resources: Owasp web goat Demotestfire website Owasp cheatsheet series Pentester lab Burpsuite academy Try to understand the vulnerability, what controls developers might have implemented and than think of a bypass. That's the approach.
And of course, you can start with Web Application Hacker's Handbook if you are completely new to the field.
I want to embrace learning programming and get comp security courses underneath my belt so I can think like "programmer". I don't want to become a developer... I thought that approach to take for AppSec
I would suggest you to create or clone a GitHub repository and build upon it one step at a time, adding pre-commit hooks, adding unit testing etc…then start looking into the security aspects using left shift approach. Cloud: AWS Project management: GitHub CICD: Jenkins/circleci or any popular Security SAST: Snyk/Semgrep or any open source DAST: ZAP or any open source Secret management: git secrets(I don’t remember the name) Gather few more details to plan it and implement it. Work on some coding challenges on Hackthebox.
Udacity Cloud DevOps help me create Git account and I already pushing Yaml/Json to repositories. Do you think getting CS degree will help with coding foundation?
There are lot of good resources online to help you guide on this journey. If you have ample amount of time and money getting a degree doesn’t hurt. Also, go through gitlab official documentation, it gives a complete understanding of a software lifecycle, from planning to monitoring.