Security/Privacy resources
I frequently get asked for any resources in security/privacy for newcomers. So I’m going to put my cultivated list here, which may change over time as I see fit.
Security is a pretty vast topic and so the information can be overwhelming. With that said, there are some resources I know of that might be interesting to you.
Disclaimer: some of these may be more opinions than fact, and as with anything on the internet, you should take things with a grain of salt. Second disclaimer: you don’t actually need to know very much in this list to ask questions on what we do at Square. Security in Silicon Valley is done differently from company to company, and the resources on the internet may not be reflective of that. I’ll try my best to explain what we do and why we do it here, and why wouldn’t we do some other thing like elsewhere does.
Resources:
- Wobsites:
- /r/netsec wiki
- PoC GTFO has a small collection of newsletters that do explain pretty well how to make and break things
- Smashing The Stack For Fun And Profit Classic buffer overflow howto.
- CTFs:
- cryptopals.org - Cryptography CTF, you don’t need a math background
- microcorruption.com - Embedded Security CTF
- squarectf.com - our yearly small CTF competition
- Privacy/Academia:
- Conferences (don’t attend, just look for the talks on youtube):
- People:
- Two people I follow on and off in the news and have really good writeups:
- Twitter has a lot of security professionals on it
- I rather like James Mickens’ and his humorous takes on the state of security, when he writes about it:
- Speaking of USENIX, I really enjoyed Alex Stamos’ keynote in 2019:
I probably have other resources available that I’m just not remembering. I haven’t read all of these, and by no means should you feel obligated to do the same (but you could). It’s definitely one of those topics that will likely lead to going down several deep rabbit holes to learn about how everything works.