When I was in college, I worked at the helpdesk. I remember sitting in a phone booth cubicle next to some coworkers who were talking about cool classes they were taking and blogs with awesome, real world content that they had found. I remember sitting there bewildered, not knowing anything about where I could find this magical information. It planted a seed which would lead to me eventually becoming obsessed with finding information. This is what I will consider my "Golden List" of resources, and will make an attempt to keep it up to date that I reasonably can. Comments will be added about sources where it seems necessary. Also, I will link stuff that I've heard to be good from trusted sources even if I don't personally have hands on experience with it.

I will also try to keep things relatively structured from more beginner friendly to advanced topics within each category, so note that this will have a range from "How to create a new user in Windows" to "How to exploit a CSRF vulnerability". Also please note that these links are coming from someone who works in Infosec, so I will have blind spots in other areas of IT. So if something seems incomplete or your favorite sub-field isn't included, it's more likely out of ignorance than malice. This article does not contain any affiliate links and is a bit of an organizational mess. My apologies on that, but it’s a bit closer to the way I take notes rather than posting a normal blog. Without this post being 40k words, it was the easiest way to convey information for you. Finally, as mentioned before this is a living page, and therefore will be updated periodically.

Generally Useful Information

Note-Taking

I am here again on my soapbox about taking good notes. If there is one thing I wish I could have done differently in all my experience so far, was learn how to take good notes from the get go. In my opinion, there are 2 gold standards for note taking software. Obsidian.md and Notion.so. There are other options of course like Standard Notes, Evernote, OneNote, SimpleNote, or using something like a Jupyter notebook. However, I personally use Obsidian.md for it's flexibility, speed, and design philosophy. Finally, read this blog post by Graham Helton. First off, he's a brilliant guy and super personable. Secondly, this blog post describes a fantastic way to handle knowledge management.

Keeping Up With The News

Tech news moves quickly. I have a massive list of source articles in an RSS feed that I parse through daily. Here are some of the sources I tend to like the most:

• Bleeping Computer
• Ars Technica
• Tech Crunch
• The Verge
• Wired
• 404 Media
• The Register

Job Hunting Resources

Blogs

• Landing your first tech job with Serena DiPenti/Shenetworks
• Tech Dream Job Blog by Josh Fullmer
• Writing an Infosec Resume by Byte Breach

Videos

Job Hunting like a Hacker

Jason Blanchard has a ton of videos on this series. He also streams live on Tuesdays at 10AM US Eastern Time on Twitch and LinkedIn.

• Job Hunting Like a Hacker Original Video
• Job Hunting Like a Hacker OSINT Edition
• Job Hunting Like a Hacker Playlist

Books on The Cheap

Humble Bundle has tech/business related bundles pretty often. It's worth checking it out from time to time.

Entry-Level IT

What I mean for Entry-Level IT would include roles like Helpdesk support, field technicians, even something like Geek Squad. This type of role is typically servicing relatively basic and routine issues on endpoints, with an emphasis on customer service. Most entry level IT roles are customer focused.

Courses / Certification

CompTIA A+ is the gold standard for entry level certification in my opinion. It strikes a great balance of approachability and practicality. It's a great level up for enthusiasts who already treat computers as a hobby to be able to turn it into the beginnings of a career. The tests are multiple choice, and have a simulated portion as well. The resources I would recommend to learn test content are the Professer Messer's YouTube playlists here, and here. I would also recommend Pocket Prep. Which is listed on the App Store and Google Play as "IT & Cybersecurity Pocket Prep". If you don't like video-based learning, you can also get the CompTIA A+ Study Guide written by Quentin Docter and Jon Buhagiar which is published by Sybex.

Systems and Networks

When you're ready to graduate from the Helpdesk to _Administrator, these resources can hopefully help you make a jump. Note this section does not contain programming or security focused resources and roles as I have those broken out to their own things.

Books

There would be dozens of recommendations I would have to comb through to find everything, so I decided to link categories for some publishers that I know are solid.

• Packt Publishing Systems Administration
• Packt Publishing Networking and Cloud
• No Starch Press Systems Administration

Blogs

nixCraft - Just a guy who loves Linux who has a ton of tutorials available.

Courses / Certification

Networking

I have Opinions on network certifications. Generally, get the CCNA if you possibly can. It covers a lot of the same domain areas as the Network+ but with more practical, hands on, real world content to go alongside it. Network+ isn't bad, but I think CCNA is a better route to go if you can afford it.

In my opinion, the Cisco CCNA is the best way to learn networking. It forces you to learn Cisco device administration, as well as the protocol theory, which means that your studies are directly applicable to the real world. You can learn from Cisco's NetAcad if you are attending an institution which is partnered with them, which will allow you to use their network simulator, Packet Tracer. Which is another excellent tool. If you are not able to enroll in NetAcad for any reason, then use Todd Lammle's Cisco CCNA Study Guide and pick up some used equipment on Ebay.

The other major networking certification available is CompTIA Network +. This of course is also available through Professer Messer. Todd Lammle and Jon Buhagiar also have a study guide.

Systems

• Windows Certifications
• Linux+
• Linux Foundation Certifications

Cloud

• Microsoft Certifications
• AWS Certifications
• GCP Certifications

Non-Certification Training

• Windows Internals by Pavel Yosifovich

Programming

Books

• Automate The Boring Stuff with Python by Al Sweigart
• C++ Crash Course 2nd Edition by Joshua Lospinoso
• Data Structures the Fun Way by Jeremy Kubica
• Learn C the Hard Way by Zed Shaw
• "The Rust Book"

Blogs

• Geeks for Geeks - C
• Geeks for Geeks - Python
• Geeks for Geeks - C#
• Geeks for Geeks - GoLang
• Geeks for Geeks - C++
• W3 Schools SQL

Courses

• Rust for N00bs by Zero Point Security
• C# for N00bs by Zero Point Security
• DevOps for Pentesters by Zero Point Security
• Bash Scripting for Server Administration by Bill Stearns
• Introduction to Python by Joff Thyer
• PowerShell for Infosec with Carrie Roberts
• Regular Expressions: Your New Lifestyle by Joff Thyer
• OpenSecurityTraining 2 - Assembly, RE, exploit dev, vuln research.

Security

This is where I have to caveat that I am an offensive security professional, and therefore the content here I have is skewed towards that sub-field. Again, no disrespect is meant towards the many other subfields of cybersecurity, just that I know this one best. Also, if something comes up in multiple sub-categories here, I will not be duplicating them for the sake of space.

Useful Web Tools/References

• Regex 101
• CyberChef
• HackTricks
• iredteam

Certifications

I will be listing these by company, because dear lord there are so many.

• CompTIA Security+ (Listed this one specifically to complete the "Trifecta")
• ISC2
• OffSec
• Zero Point Security
• Hack The Box Academy
• TCM Security Academy
• HackTricks
• Port Swigger Web Academy
• API Security University

Courses/Training

These are also listed by company, because there are a ton that I am aware of, and it would take ages to get them listed by course.

• TryHackMe
• Antisyphon Training
• SpecterOps Training
• MalDev Academy
• Taggart Institute
• Pwn.college

Books

• Hacking: The Art of Exploitation by John Erickson
• POC||GTFO by Manul Laphroaig
• Practical IoT Hacking by Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou and Beau Woods
• No Starch Press Hacking/Security Books
• Packt Cybersecurity Books

Blogs

These are also listed by root URL of the blog, because there would be far, far too many to post otherwise.

• Black Hills Information Security Blog
• TrustedSec Blog
• SpecterOps Blog
• Red Siege Blog
• Rastamouse's Blog
• Graham Helton's Blog
• Malwarebytes Blog
• EFF Blog
• Ap3x Blog
• Malicious Group
• Chuong Dong Blog
• Nigerald's Blog
• Inbits
• Project Zero
• Zero Day Initiative
• RedOps
• White Knight Labs Blog
• AD Security Blog
• Full Disclosure Mailing List

Communities

Discord Servers

• Infosec Prep
• TCM Security
• Black Hills Information Security
• The Taggart Institute
• Email Security Community
• Unofficial CCDC Discord
• Red Siege
• Shameless Plug - Cyber Defense Competition Training

Conferences

Hacker Summer Camp

I am breaking this section out, because this is the series of conferences and conventions which happen in early August every year in Las Vegas. Definitely the largest Infosec gathering in the world, and a great place to meet people in the industry.

• DEF CON
• BSides Las Vegas
• The Diana Initiative
• Black Hat

Non-Summer Camp Cons (Still worth attending!)

• Wild West Hackin Fest
• Local BSides - Worldwide, find your local BSides here!
• Blue Team Con
• Cyber War Con
• Hack Space Con
• Hack Red Con
• SO-Con
• CactusCon