> Unless you want to stay at the surface, I?d suggest you pick a topic to start > with and learn from there.
I'd say the most interesting topic to me right now is the security & privacy in my digital communications & personal information. > Most computer security topics end up at the network and programming level > (some exceptions include social engineering and operational security). You > can start with networking, but eventually you?ll need to be able to read and > write code if you really want to get into security. Agreed, I kind of hit a wall a few years ago w. network oriented security before the proliferation of smartphones, cloud based software and now IoT. How to program securely (you?ll also have to split apart the difference between ?security = no holes in code? and ?security = no leaking information? because they?re not the same). Yes. Baked in, intentional security vs. afterthought, bolt-on security. Data breaches, info leaks and the exploitation of personal information is the motivating force here. For a few years, I worked to protect the info and interests of corporations mostly. Now it's a much more personal matter. > There are a ton of topics under the umbrella of security. > Security Now! isn?t bad. You may also want to check out ?Paul?s security > weekly?, This week in Law, Packet pushers, Risky Biz, DtSR (Down the Security > Rabbit Hole), The Social-Engineer podcast. A Security Now podcast about all the software we use daily on multiple devices connected to many networks creates a really big attack surface with many vectors that even security researchers are struggling to understand and combat. I used to think about how to be secure against more direct & intentional attacks against my home computer. Now I'm seriously concerned about a rogue band of zombie IoT devices exploiting some little known vulnerability in SuperTux2 and and p0wning my digital life. > You may want to get on an OpenBSD mailing list. You can learn a lot there. Good advice! Will do! > My reading ofthe news and Brian Krebs' blog suggests that the major point of > entry to > securit breaches is the weakest link: people. Yes, both users and programmers. I've been seriously questioning that notion that everyone should write code and everyone should use computer technology & software. > Hi Mike, > > You should consider coming to OWASP meetings as well. One of them is > tonight, which unfortunately conflicts with RainSec, but that doesn't > typically happen. We post our event notices a variety of places, but > Calagator is where all the info typically resides: > http://calagator.org/events/1250471438 I thought about this before, but as I'm not a programmer I figured much of it would be over my head. Thank you all for the good and useful feedback. I look forward to more conversations and learnings on this topic. Feel free to email me directly about events, podcasts, articles, etc. that you think might be of interest. Cheers, Mike _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
