Your cart is currently empty!
A 100-Day Home Study Plan for Cyber (with CPE Credit)
Thomas Carlyle once said that “our main business is not to see what lies dimly at a distance, but to do what lies clearly at hand.” This seems prescient for the times – and I hope it can bring a bit of upbeat energy to such a bleak period in our world.
I’m expecting that we’ll all be home for the next 100 days. If you’re reading this in early April, then that takes us all to mid-July. I hope this estimate doesn’t alarm you – but it pays to be realistic in our planning in the hopes that Mother Nature offers us a pleasant surprise.
And like the carpenter who thinks everything looks like a nail, as a lifelong college professor teaching cyber security, I think all of you resemble prospective students – albeit ones that truly need some cheering up. (And please focus on stats: The survival rate for COVID-19 is good.)
So here is what I propose: I will list below 100 learning modules on cyber security – most of them readings or videos, that you can do every day from now until mid-July. All materials come from publicly accessible sites, and most do not violate (ahem) any T’s & C’s.
Then, once we reach around the Fourth of July, you can message me on LinkedIn with the hours you spent. I will happily send you a Continuing Professional Education (CPE) credit certification. (Each module should take about half an hour.)
I hope you decide to take me up on this, because at the end of the 100 days, I assure you that you’ll be smarter and more informed on cyber security. If this doesn’t happen, then what the heck – at least it will help pass some time.
Below are the learning modules. Cut-and-paste them into a file and print. Then tape the list on your computer monitor, right next to your VPN password. Good luck – and keep me posted over the next 100 days. I’ll check back in with you in July. Stay healthy and positive.
——————-cut here ———————–
1. Read blog on how firewalls work: https://cybersecurity.att.com/blogs/security-essentials/explain-how-firewalls-work-to-me
2. Watch video on RSA Algorithm: https://www.youtube.com/watch?v=4zahvcJ9glg
3 – 4. Read “Reflections on Trusting Trust” (two-day process) (https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf)
5. Read Paper on Zero Trust: https://www.tag-cyber.com/downloads/Evolution-of-the-Zero-Trust-Model-for-Cyber-Security.pdf
6. Watch video explanation of Diffie-Hellman: https://www.youtube.com/watch?v=pa4osob1XOk
7. Watch video on surveillance detection of spies: https://www.youtube.com/watch?v=qhkJ6sY2mW0&t=76s
8. Spend 30 minutes on Brian Krebs’ site: https://krebsonsecurity.com/
9. Watch Ted Talk on Cyber: https://www.ted.com/talks/nick_espinosa_the_five_laws_of_cybersecurity?language=en
10. Watch address on State of Cyber 2018: https://www.youtube.com/watch?v=yYohsNewMqk
11 – 12. Read “The Birth and Death of the Orange Book (two day process) https://www.stevelipner.org/links/resources/The%20Birth%20and%20Death%20of%20the%20Orange%20Book.pdf
13 -14. Read Steven Levy’s article on James Ellis (two-day process): https://www.wired.com/1999/04/crypto/
15- 16. Read paper on Cyber Weapon Limits (two-day process): https://academic.oup.com/cybersecurity/article/3/1/59/3097802
17. Spend 30 minutes on Bruce Schneier’s site: https://www.schneier.com/
18. Read Kevin Mitnick Story (Chapter One): https://www.theregister.co.uk/2003/01/13/chapter_one_kevin_mitnicks_story/
19. Watch Ted Talk on cyber: https://www.ted.com/talks/mark_burnette_the_humanity_behind_cybersecurity_attacks
20. Read SANS paper on packet filtering: https://cyber-defense.sans.org/resources/papers/gsec/packet-filter-basic-network-security-tool-100197
21 – 23. Read “An Intrusion Detection Model” (three-day process): https://www.cs.colostate.edu/~cs656/reading/ieee-se-13-2.pdf
24. Watch DEFCON Spot the Fed video: https://www.youtube.com/watch?v=7GODPk-MzKE
25. Here is another video on Diffie-Hellman: https://www.youtube.com/watch?v=NmM9HA2MQGI
26 – 27. Spend two days on this Kerberos site reviewing resources: http://web.mit.edu/KERBEROS/
28. Spend another 30 minutes on Brian Krebs’ site: https://krebsonsecurity.com/
29 – 30. Read the Bitcoin paper (two-day process): https://bitcoin.org/bitcoin.pdf
31. Watch video on OT security monitoring: https://www.youtube.com/watch?v=j4Qw-cY5VcI
32. Watch Ted Talk on personal data: https://www.ted.com/talks/maria_dubovitskaya_take_back_control_of_your_personal_data
33. Read article on CIA model: https://whatis.techtarget.com/definition/Confidentiality-integrity-and-availability-CIA
34. Watch video on State of Cyber 2019: https://www.tag-cyber.com/media/videos/an-address-on-the-state-of-cyber-security-2019
35. Watch this Ted Talk on Cyber Security: https://www.ted.com/talks/rob_may_your_human_firewall_the_answer_to_the_cyber_security_problem
36 – 37. Read paper on UMTS MITM attack (two-day process): https://www.cs.stevens.edu/~swetzel/publications/mim.pdf
38 – 39. Read Lamport paper that served as basis for S/Key (two-day process): https://tnlandforms.us/cns06/lamport.pdf
40. Read James Ellis’ original paper on public key cryptography: https://cryptome.org/jya/ellisdoc.htm
41 – 42. Spend two days on the NIST CSF website reviewing resources: https://www.nist.gov/cyberframework
43 – 44. Read Charlie Miller’s paper on fuzzing mobiles (two-day process): https://www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf
45. Read Bell Labs classic on password security: https://spqr.eecs.umich.edu/courses/cs660sp11/papers/10.1.1.128.1635.pdf
46. Read Gene Spafford’s paper on mutation testing: https://spaf.cerias.purdue.edu/tech-reps/s21.pdf
47. Spend another 30 minutes on Bruce Schneier’s site: https://www.schneier.com/
48. Read PDD-63 (Classic): https://fas.org/irp/offdocs/pdd/pdd-63.htm
49. Read the alert for NotPetya: https://www.us-cert.gov/ncas/alerts/TA17-181A
50. Watch this talk from ten years ago: https://www.c-span.org/video/?291445-5/edward-amoroso-global-cybersecurity-policy-conference
HALFTIME!
51. Read paper on the Bell LaPadula Model: https://www.acsac.org/2005/papers/Bell.pdf
52. Spend today reading about cyber security in Canada: https://cyber.gc.ca/en/
53. Read classic EWD article from Dijkstra in 1975: https://www.cs.virginia.edu/~evans/cs655/readings/ewd498.html
54 -55. Read Framework for Autonomous Machines (two-day process): https://www.tag-cyber.com/analysis/white-papers/cyber-security-framework-for-autonomous-machines
56. Watch video on SSL/CA: https://www.youtube.com/watch?v=T4Df5_cojAs&t=353s
57 – 59. Take three days to read this DHS Study on Mobile Security: https://www.dhs.gov/sites/default/files/publications/DHS%20Study%20on%20Mobile%20Device%20Security%20-%20April%202017-FINAL.pdf
60. Review CMU’s incident response plan (and compare to yours): https://www.cmu.edu/iso/governance/procedures/docs/incidentresponseplan1.0.pdf
61. Read this interview on SDN Security: https://sdn.cioreview.com/cxoinsight/security-advantages-of-software-defined-networking-sdn-nid-23290-cid-147.html
62. Read this article on open source versus proprietary software: https://www.techrepublic.com/article/how-to-decide-if-open-source-or-proprietary-software-solutions-are-best-for-your-business/
63. Spend another 30 minutes on Brian Krebs’ site: https://krebsonsecurity.com/
64 – 65. Spend two days with the AES standard (do the best you can): https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf
66. Read article on SIEM versus log management: https://www.bmc.com/blogs/siem-vs-log-management-whats-the-difference/
67. Spend day learning about Tor: https://www.torproject.org/download/
68. Read article on ISAC versus ISAO: https://www.csoonline.com/article/3406505/what-is-an-isac-or-isao-how-these-cyber-threat-information-sharing-organizations-improve-security.html
69. Spend today learning about security research at NSA: https://www.nsa.gov/what-we-do/research/cybersecurity-research/
70. Watch video on how blockchain works: http://blockchain.mit.edu/how-blockchain-works
71. Spend today on the PCI website: https://www.pcisecuritystandards.org/
72. Listen to podcast on unidirectional gateways: https://www.helpnetsecurity.com/2018/10/05/unidirectional-security-gateways/
73 -74. Read paper on Secure Mobile Voice (two-day process): https://www.tag-cyber.com/downloads/Secure-Mobile-Voice.pdf
75. Watch video on SCADA security: https://www.youtube.com/watch?v=5v9yLlivwA0
76. Watch video on getting started in Bug Bounty: https://www.youtube.com/watch?v=CU9Iafc-Igs
77 – 78. Take two days to read TLS specification: https://tools.ietf.org/html/rfc5246
79. Watch video on GRC: https://www.youtube.com/watch?v=EvQmdMYeFVI
80 – 82. Read “Smashing the Stack for Fun and Profit” (three-day process) (https://github.com/rootkiter/phrack/blob/master/phrack49/14.txt)
83. Spend day reading about Apple platform security: https://support.apple.com/guide/security/welcome/web
84. Watch video on device hacking: https://www.ted.com/talks/avi_rubin_all_your_devices_can_be_hacked/discussion?rss&utm_c
85. Read about the Great Feynman and his lockpicking: http://www.openculture.com/2013/04/learn_how_richard_feynman_cracked_the_safes_with_atomic_secrets_at_los_alamos.html
86. Watch video on installing a reverse proxy at home: https://www.youtube.com/watch?v=QcnAqN_Ihqk
87 – 88. Take two days and watch one-hour interview with Nir Zuk: https://www.youtube.com/watch?v=6FX-TtzZapo
89. Read interview with HD Moore: https://www.darkreading.com/analytics/metasploit-creator-hd-moores-latest-hack-it-assets-/d/d-id/1335860
90. Spend day reading about AWS security: https://aws.amazon.com/security/
91. Spend another 30 minutes on Bruce Schneier’s site: https://www.schneier.com/
92 – 93. Spend two days reading UK report on Huawei security: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/790270/HCSEC_OversightBoardReport-2019.pdf
94 – 95. Take two days to read Bloomberg’s SuperMicro story: https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
96 – 97. Spend two days on DHS incident response handbook: https://www.dhs.gov/sites/default/files/publications/4300A%20Handbook%20Attachment%20F%20-%20Incident%20Response%20.pdf
98. Read article on GDPR: https://medium.com/@ageitgey/understand-the-gdpr-in-10-minutes-407f4b54111f
99. Read article on Bill Gates and Trustworthy Computing: https://www.wired.com/2002/01/bill-gates-trustworthy-computing/
100. Spend your last study day having fun reading Charlie Ciso cartoons! https://www.tag-cyber.com/media/charlie-ciso