The configuration, operation and maintenance of secure systems including the detection of and response to security incidents and the collection and use of threat intelligence.
Training
Complete the AWS Well-Architected security labs
AWS WAF
The AWS Well-Architected Framework describes key concepts, design principles, and architectural best practices for designing and running workloads in the cloud. Security is one element of the Well-Architected Framework. Amazon provide practical labs covering the different pillars within the Well-Architected Framework. These allow you to learn by doing, with code and documentation to help you.
Explore AppSec Map
AppSec Map
enso.security's AppSec Map provides a quick overview of different elements of an AppSec programme and some of the offerings which can help an organisation provide each element of the programme.
Install Flare-VM
FLARE VM is a fully customizable, Windows-based security distribution for malware analysis, incident response, penetration testing, etc.
Listen to the Risky Business podcast
Risky Business
Published weekly, the Risky Business podcast features news and in-depth commentary from security industry luminaries. Hosted by award-winning journalist Patrick Gray, Risky Business has become a must-listen digest for information security professionals.
Pack and unpack an executable
Many different executable packers exist. They may compress, encrypt or obfuscate the underlying binary. Malware authors may use either off-the-shelf packers or custom packers to avoid detection. One example packer is UPX, a free, portable, extendable, high-performance executable packer for several executable formats. If you've got more time, try analysing or debugging the binary.
Read an NCSC guidance document
The UK's National Cyber Security Centre (NCSC) publish guidance and reports across a wide range of topics. Reading one of these guides will give you insight into the challenges faced in the real world.
Handbook
Read the CyBOK Security Operations & Incident Management Knowledge Area introduction
The Cyber Security Body Of Knowledge is a comprehensive Body of Knowledge to inform and underpin education and professional training for the cyber security sector. The CyBOK project aims to bring cyber security into line with the more established sciences by distilling knowledge from major internationally-recognised experts to form a Cyber Security Body of Knowledge that will provide much-needed foundations for this emerging topic. The project, funded by the National Cyber Security Programme, is led by the University of Bristol's Professor Awais Rashid, along with other leading cyber security experts - including Professor Andrew Martin, Professor Steve Schneider, Dr Yulia Cherdantseva, Dr Rod Chapman and Dr Marina Krotofil.
Try using Tetragon
Tetragon
Tetragon is a runtime security enforcement and observability tool. Tetragon applies policy and filtering directly in eBPF in the kernel.
Try using the PiRogue tool suite
PiRogue tool suite (PTS) is an open-source tool suite that provides a comprehensive mobile forensic and network traffic analysis platform targeting mobile devices both Android and iOS, internet of things devices (devices that are connected to the user mobile apps), and in general any device using wi-fi to connect to the Internet.