Women - Kickstart your Application Security Career!

Though intimidating, getting started in cybersecurity simply takes learning the fundamentals. First, you have to understand how networks and computers operate; it's similar to knowing the rules before you play the game. In this blog, I’ll share tips, tricks, and additional resources for jumpstarting your career in Application Security.

Free online resources

There are a myriad of free online courses available that make learning accessible.

1. Snyk Learn

Snyk Learn is designed to empower developers of all levels to build secure applications. Developed by seasoned developers and security experts, Snyk Learn offers interactive lessons covering a wide range of vulnerabilities across various programming languages and ecosystems. Learn how to identify and address security holes in the code in a developer-friendly setting. You'll be able to observe the vulnerabilities in action, understand why they arise, and practice preventing them.

2. OWASP

OWASP (Open Web Application Security Project) is a leading non-profit organization dedicated to improving web application security. They offer a wealth of free resources, including comprehensive knowledge bases, tools, and frameworks, that are invaluable for individuals looking to break into cybersecurity. 

3. PortSwigger Web Security Academy

PortSwigger is a free, interactive platform designed to teach practical web application security skills. Created by the developers of the popular Burp Suite tool, the Academy offers hands-on exercises and interactive labs covering a wide range of vulnerabilities, including SQL injection, Cross-Site Scripting (XSS), and more.

4. TryHackMe

Experience is the best teacher. TryHackMe is an online platform that makes learning cybersecurity fun and hands-on. It’s like a virtual playground where you can learn how to hack and defend systems using real-world scenarios. This resource allows you to create a virtual lab where you can practice in a safe environment or check out the labs created by the TryHackMe forum. The platform offers interactive, guided lessons that walk you through different cybersecurity concepts step-by-step, even if you’re a beginner.

5. Hack The Box

Hack The Box is an online platform for learning and practicing hacking skills in a realistic, hands-on way. Similar to TryHackMe, Hack in the Box offers a wide range of virtual labs and challenges that simulate real-world security problems, where you can test your skills in areas like penetration testing, web hacking, and reverse engineering.

Getting involved in the community

Keeping up with the newest trends, participating in online communities, and following cybersecurity experts on social media, allows you to speed up your learning journey and connect with like-minded individuals.

Consider joining some popular communities:

• DevSecCon: As a vibrant community dedicated to DevSecOps, DevSecCon offers a wealth of resources for those looking to bridge the gap between development and security. Attend their conferences, webinars, and online forums to learn from experts, network with peers, and stay updated on the latest trends in DevSecOps.
• Global Information Security Community (ISSA): For a more comprehensive approach to information security, the ISSA provides a platform for professionals and practitioners to connect, collaborate, and grow. Benefit from their educational programs, certification opportunities, and networking events to enhance your skills and advance your career.
• OWASP’s official server: Join the OWASP community to engage in discussions, contribute to projects, and learn from experts on web application security. Participate in forums, share your knowledge, and collaborate with others to improve the security of web applications.
• Null Community: If you're seeking a more grassroots approach to cybersecurity, the Null Community offers a welcoming space for enthusiasts of all levels. Attend their meetups, participate in forums, and leverage their learning resources to expand your knowledge and skills in the field.

Mentorship can significantly accelerate your career growth in cybersecurity by providing invaluable guidance, support, and networking opportunities. A mentor can offer personalized advice, share their experiences and insights, and help you navigate the complexities of the field. They can also introduce you to industry professionals, open doors to new opportunities, and provide valuable feedback on your career goals. 

For Diversity candidates, There are many additional communities to get involved with. All of these organizations do important work to close the gap in cybersecurity:

• WiCyS, or Women in Cybersecurity: WiCyS is an international network that brings together women of varying degrees of experience in the industry for an annual conference, career fairs, scholarships, and mentoring.
• BlackGirlsHack: BlackGirlsHack provides training, coaching, and educational materials to help Black women advance their careers in cybersecurity and penetration testing.
• Women’s Society of Cyberjutsu (WSC): The Women's Society of Cyberjutsu is committed to empowering women in cybersecurity by offering courses, mentorship, networking opportunities, and practical training to assist women develop their technical abilities and enhance their careers.
• Girls Who Hack: Girls Who Hack aims to provide young women with cybersecurity and hacking knowledge. They provide educational materials and practical training to encourage young women to become active in cybersecurity from an early age.
• InfoSec Girls: InfoSec Girls is a community that focuses on bringing more diversity into cybersecurity. InfosecGirls offers mentorship, training, workshops, and networking opportunities to help individuals develop their cybersecurity skills and careers.
• InfoSec Diversity: InfoSec Diversity is focused on promoting and supporting diversity and inclusion within the cybersecurity community. They encourage knowledge sharing, and collaboration, and provide a space where diverse voices in cybersecurity can connect and uplift one another.

Listen to experts talk cybersecurity

Don't just learn alone! Supplement your studies by following cybersecurity experts on YouTube and social media and get inspired by their journeys in the field. Here are some interviews I’ve conducted with leaders in the industry:

• Breaking into Web App Pen-testing - Gabrielle
• Breaking into Web App Hacking - Farah Hawa
• Breaking into DevSecOps with Clint Gibler
• Breaking into Application Security with Rob Cuddy

Conclusion

Ready to dive into the world of Application Security? Start with the basics, and don’t worry – there are tons of free courses and resources to get you started. Roll up your sleeves and get hands-on with labs to solidify your skills. Don’t be afraid to connect with other security enthusiasts. A little mentorship can go a long way in opening doors and making the journey more fun. So, keep your curiosity alive, and let's explore the exciting field of Application Security together!