I'm about to have my first technical interview on security fundamentals (mitigations, web-based, a little bit low-level security, cryptography, …). Can someone suggest me some resources (books, blogs, websites, …) where I can take it as reference and review my knowledge? (except the google security interview github note :)). Besides I find it hard to find the documentation on mitigations common attack :( Thank you in advance! YOE: 1 year TC: 66k #cybersecurity #interview #security#apple
DoD has some good info around Zero trust. Platform One has publishes works on High level designs.
Wow thank you so much!
Check out certify breakfast YouTube channel, he provides very good breakdowns on security concepts. Particularly review his CySA certification playlist since it has a very structured breakdown.
Thank u so much!
I think this guide is useful https://danielmiessler.com/study/infosec_interview_questions/
Thank you, its really help
I’ve had hiring managers ask me these questions verbatim. More than once. I’ve also been in large companies where other hiring managers have asked these questions verbatim. It’s kind of crazy.
I would go over owasp best practices, around csrf, xss, sqli, hashing, sessions and so forth Understand how tls works(not in depth, but basic steps), same origin policy and cors, if you don’t you’ll be in trouble :)
Cors is a hot topic last couple of years. Def brush up on this. Csrf and request smuggling are two of the “harder” topics so I’d read about that. Also come up with a step by step process for how to pentest a web app. That helps a lot.
Second this recommend for OWASP
If you need to learn it hella quick then I’d recommend running through some tryhackme. If you want a deeper dive then I’d recommend portswigger academy. Imo the big problem with security is that these resources present you information where they abstract the fundamentals. If you have time I’d focus on web dev, networking first and then move into web app secs. Just my two cents. If you have a compsci degree you should be covered though.
+1 to this. Portswigger's web academy is great, as is nailing your fundamentals
Secure code warrior and develop enough skills for green belt
Also most of the web app pentesting content on YouTube is hot garbage. Rana Khalil is good though.
Trying studying for CISSP exam, covers a lot of security fundamentals
same idea when I first started looking for resoures, thanks anw :))
hey man, we are in kinda same boat, if u dont answering, what is your current role and whats your background, education, certs etc. i am currently working as a jr network engineer w some security stuff have like 10 months of exp, just want to see where do i stand! also good luck!
Im currently security researcher :))
Tech Industry
11h
504
How’s capitalism going?
AMA
Yesterday
3261
I have worked at TikTok US core tech for 3 years. AMA.
Health & Wellness
15h
918
Issues with sleep
2024 Presidential Election
18h
1313
Uh oh: President Trump leads Biden 49% to 43% in a two-way race.
India
17h
3153
Why is it so G*damn difficult to move money out of India
YOE and TC?
Updated 😅
I've never understood the obsession here with TC. TC is not relevant to the question.