Unless you want to stay at the surface, I’d suggest you pick a topic to start with and learn from there. Most computer security topics end up at the network and programming level (some exceptions include social engineering and operational security). You can start with networking, but eventually you’ll need to be able to read and write code if you really want to get into security. You’ll need to understand how things like buffer overflows work, what they look like in code. Be able to answer questions like “how do I convince the compiler to not optimize away my securely erasing memory and then freeing it with a noop”. How to program securely (you’ll also have to split apart the difference between “security = no holes in code” and “security = no leaking information” because they’re not the same).
There are a ton of topics under the umbrella of security. Security Now! isn’t bad. You may also want to check out ‘Paul’s security weekly’, This week in Law, Packet pushers, Risky Biz, DtSR (Down the Security Rabbit Hole), The Social-Engineer podcast. There are probably others, but thats a reasonable start off the top of my head. You may want to get on an OpenBSD mailing list. You can learn a lot there. Lastly, walking away with more questions than answers is a good sign. It means you still have things to learn. Enjoy that feeling, and dig in. > On Apr 24, 2017, at 9:36 PM, Mike C. <[email protected]> wrote: > > Perhaps I've missed Security oriented threads and/or PLUG Talks, but I'm > very interested in connecting with other security wonks. It's one of the > many reasons I chose Linux a decade ago. > > I went to a couple of talks in town on cyber security & privacy. They > were both sparsely attended. I learned a few new tips & tricks, but > mostly went home with a bunch of questions to research. > > I listen to the Security Now! podcast. I've worked w. Firewalls, VPNs, > Tripwire, and other "bolt-on" technology. But there's so much I don't > know and I feel like a cyber security victim in the waiting from > governments, criminals, corporations, etc > > There's a monthly RainSec meetup. It's intended for "Security > Professionals". Which I'm technically not. Has anyone attended a RainSec > meetup? > > There's also the Beer of Trust PGP Key-Signing events, > http://calagator.org/events/1250471462, which I unfortunately keep missing. > > I'm also not just interested in the tools and best practices, but also > how they intersect with our constitutional rights and freedoms. > > So, what's the ask, you're thinking. I guess I'm wondering if there are > any Linux / Android Security Pros and/or wonks on PLUG and what the > group interest level is on PLUG talks on cyber security & privacy. > > Thank you, > > Mike > > > > > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug > > -- Louis Kowolowski [email protected] Cryptomonkeys: http://www.cryptomonkeys.com/ Making life more interesting for people since 1977 _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
