Books I read, courses I took, and hands-on challenges I can recommend since career-pivoting in 2021. Sharing here in case it helps others chart their own learning.

2024

threats book cover security chaos engineering book cover rust in action book cover

  • Threats: What Every Engineer Should Learn from Star Wars. Shostack A. Wiley 2023.
  • Designing Secure Software. Kohnfelder L. No Starch Press, 2021.
  • Security Chaos Engineering: Sustaining Resilience in Software and Systems. Shortridge K, Rinehart A. O’Reilly, 2023.
  • Writing to Learn. Zinsser, W. Harper Collins, 2013 1.
  • Rust in Action. McNamara T. Manning, 2021. 2
  • CryptoHack Challenges: A free, fun platform for learning modern cryptography. 3
  • The Cryptopals Crypto Challenges. Ptacek T, Devlin S, Balducci A, Wielgoszewski M, et al. 4

2023

real-world cryptography book cover hacking apis book cover the staff engineers path book cover

  • Real-World Cryptography. Wong D. Manning, 2021.
  • Hacking APIs. Ball C. No Starch Press, 2022. 5
  • The 7 Habits of Highly Effective People. Covey S. Simon & Schuster, 1989.
  • The Staff Engineer’s Path. Reilly T. O’Reilly, 2022.
  • Number Theory and Cryptography. Levin M, Kulikov A. University of California San Diego, Coursera, https://www.coursera.org/learn/number-theory-cryptography.
  • CryptoHack Challenges: A free, fun platform for learning modern cryptography. 6
  • JWT attacks. Web Security Academy, PortSwigger.

2022

api security in action book cover serious cryptography book cover accelerate book cover

  • API Security in Action. Madden N. Manning, 2020.
  • Serious Crytography: A Practical Introduction to Modern Encryption. Aumasson, JP. No Starch Press, 2018.
  • Accelerate: The Science of Lean Software and DevOps, Building and Scaling High Performing Technology Organizations. Forsgren N, Humble J, Kim G. IT Revolution, 2018.
  • Bunch of whitepapers and reports, notably:
    • “12 Things to Get Right for Successful DevSecOps”. MacDonald N, Gardner D. Gartner Research, Document ID G00450792, Apr 2021.
    • State of the Software Supply Chain. Sonatype, 2021.
    • “Managing Secrets and Privileged Access in an Agile, DevOps Environment”. Robinson L. Gartner Research, G00354933, Dec 2018.
    • “Managing Machine Identities, Secrets, Keys and Certificates”. Wahlstrom, E. Gartner Research, G00723409, Aug 2020.
  • Implementing DevOps with GitHub and Microsoft Azure. Pluralsight, 2021.

2021

agile appsec book cover the phoenix project book cover

  • Agile Application Security: Enabling Security in a Continuous Delivery Pipeline. Bell L, Brunton-Spall M, Smith R, Bird J. O’Reilly, 2017.
  • The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win. Kim G, Behr K, Spafford G. IT Revolution, 2013.
  • Bunch of LinkedIn Learning courses. 7
    • Become an Ethical Hacker. Bock L, Shore M. LinkedIn Learning. 8
    • Web Security: OAuth and OpenID Connect. Casey K. LinkedIn Learning, Oct 2019.
    • Developing Secure Software. Ryoo, J. LinkedIn Learning, Aug 2020.
    • Python: Pen Testing AWS. Shore M. LinkedIn Learning, Apr 2021.
    • DevSecOps: Building a Secure Continuous Delivery Pipeline. Wickett J. LinkedIn Learning, Oct 2018.
    • AWS: Enterprise Security. Nijim S. LinkedIn Learning, Jun 2020.
    • Learning Threat Modeling for Security Professionals. Shostack A. LinkedIn Learning.
  • Offensive Pentesting Learning Path. TryHackMe. 9

Some remarks

2021 was the year I made a mid-career pivot. From academia to the corporate world, as well as from informatics to … something. I was not exactly sure what yet so I tried to survey what was out there. Not just in cybersecurity, I also checked out sustainability engineering and nutrition research.

The pivot seems to have worked out ok, but it was a question mark early on for sure.

– JW

Footnotes

  1. While I had been meaning to write a blog for years, I credit Mr. Zinsser for giving me that final kick in the pants and actually start writing. 

  2. Was going to stop at Ch. 3 (the suggested prerequisite for a Manning Project that piqued my interest) but got curious about systems programming so I kept going. 

  3. Completed Public-Key Cryptography course. Impressed with the polish and instructional value of this progression and the platform more generally. 

  4. Sets 1, 5, and a bit of 6 so far. 

  5. Got too interested in building my own lightsaber, so did not get far. 

  6. Completed Modular Arithmetic course. Despite having just studied some intro number theory, I was out of my depth for the last few challenges. Big difference between me and serious math students for sure. 

  7. Turned out to be a really fast way for me to survey different cybersecurity disciplines and home in on what role I would try to pivot into. Application Security and DevSecOps were a natural fit for the obvious reasons. IAM and cloud security were interesting enough but did not make the first cut. 

  8. Path is 38 hours total across 19 courses. Certificate looks like this

  9. These first TryHackMe rooms really were exciting and innovative. Fond memories of those early years. Almost steered me into offensive security. :-D