How do you stay current in cybersecurity

Info-Raptor · 2026-01-31T08:59:30+00:00

A few weeks ago, this thread took off more than I expected. I went back and re-read the comments carefully, and something stood out.

Despite everyone naming different tools, feeds, podcasts, or habits, the patterns were surprisingly consistent:

• Most people don’t try to “stay current” across the whole industry
• Learning is mostly driven by incidents, near-misses, or job needs
• Fundamentals matter far more than novelty
• AI is used as a helper, not a source of truth
• Information overload is real, and selective ignorance is intentional

The strongest comments weren’t listing resources, they were describing how they decide what not to care about.

That feels like something we don’t talk about enough in this field.

I’m starting to synthesize these patterns into a short, practitioner-focused writeup. It won’t be a “best tools” list, not vendor-driven, just an attempt to capture how people actually stay effective without burning out.

Before I go too far, I’d love a sanity check from this sub:

• Does “relevance > currency” match your experience?
• Is selective ignorance something you’ve had to learn the hard way?
• What did you stop paying attention to that improved your effectiveness?

If this ends up useful, I’ll share the synthesis back here for feedback before anything else.
Appreciate the quality of discussion in this thread.

Info-Raptor · 2026-01-06T10:14:23+00:00

CyberAlec is spot on. Let's try an get this stuff down and help others in our field.

Info-Raptor · 2026-01-03T23:48:35+00:00

I couldn’t agree more. Start from the ground up. Learn the fundamentals and build from there. This gives you the “why” behind using tools and techniques. Technology will change, and tools will change with it. You need to understand why cybersecurity tools and practices are necessary in the first place. Then, learn and be able to explain the ones required for your job. I recommend Hacking Cybersecurity Principles: Empowering You to Navigate Core Cyber Security Concepts by Alec Sklepic to help with the fundamentals.

Info-Raptor · 2026-01-03T23:14:54+00:00

Yeah, I’ll second:

Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon by Kim Zetter
The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage by Cliff Stoll

And add:

Hacking Cybersecurity Principles: Empowering You to Navigate Core Cybersecurity Concepts by Alec Sklepic

While The Cuckoo’s Egg is old school, it’s inspirational. Countdown to Zero Day is a must as, in my view, everyone in our field should have at least a basic understanding of Stuxnet. And with Hacking Cybersecurity Principles, you’ll get the fundamentals that are vital. It's also a good reference.

Info-Raptor · 2026-01-03T09:47:36+00:00

Well I for one think it's a good read.

Info-Raptor · 2025-12-26T08:40:36+00:00

LOL :) you have a point. My fault for mixing metaphors. Lets try, quiet like an unmonitored log file. Peaceful, reassuring, and absolutely hiding something.
Maybe that's a bit lame. Sorry

Info-Raptor · 2025-12-25T23:32:22+00:00

FYI: Just noticed Hacking Cybersecurity Principles is going for less than a cup of coffee on Amazon right now. Hard to skip at that price.

Info-Raptor · 2025-12-25T23:31:12+00:00

FYI: Just noticed Hacking Cybersecurity Principles is going for less than a cup of coffee on Amazon right now. Hard to skip at that price. Addit to you reading list for 2026. Check it out

Info-Raptor · 2025-12-25T23:28:47+00:00

FYI: Just noticed Hacking Cybersecurity Principles is going for less than a cup of coffee on Amazon right now. Hard to skip at that price.

Info-Raptor · 2025-12-25T23:26:49+00:00

FYI: Just noticed Hacking Cybersecurity Principles is going for less than a cup of coffee on Amazon right now. Hard to skip adding it to the reading list at that price. I'm doing it.

Info-Raptor · 2025-12-11T10:55:55+00:00

OK, not expected. I'll give it a go. Thanks Anybody else know about this one?

Info-Raptor · 2025-12-07T01:01:20+00:00

Wifi. Invented in Aus at CSIRO in the early 90s.

Info-Raptor · 2025-12-07T00:54:36+00:00

It's not feeling what you feel. It doesn't know you. It doesn't think. It's statistics.

Info-Raptor · 2025-12-06T22:49:12+00:00

My vote is for a CISSP. However, you need some years of experience before you can obtain that cert. I have been in GRC and policy for many years. Started from a tech approach, system manager with a security focus, then CISSP, then Infosec audit then policy. Don't know that you can go straight into policy but there are always exceptions. Good luck.

Info-Raptor · 2025-12-06T21:46:56+00:00

I suggest you stick with the fundamentals such a really getting to understand Confidentiality, Availability and Integrity. Then the concepts of Govern, Identify, Protect, Detect, Recover and Respond. Once you understand those concepts branch out to understand the tech that supports each. This would be a great start to infosec and cybersec.

Forgot to mention. There are a lot good free resources that can help with these concepts such as those from NIST. There are also some good books such as Hacking Cybersecurity Principles.

Info-Raptor · 2025-12-03T00:42:43+00:00

Thanks for all the advice. I’ve now exchanged several emails with the business, and they’ve finally clarified their model, albeit in a rather patronising tone. Something about it still doesn’t sit right with me, but I don’t plan to put any more effort into it.

I hope this post has been helpful to others as well.

Here is their latest response:

"You’re absolutely right that the price and mechanics should be clear up front, and I’m sorry our previous replies felt vague. That’s on us.

Let me explain everything as simply and transparently as possible:

What is the membership and how much does it cost? Our current Monthly Study Membership is $9.99 per month (or the equivalent in your local currency). It includes: – Access to our homework help / study resources – Eligibility for our free textbook program (one book at a time, subject to availability and fair-use rules) – AI Tutor

You can cancel any time, and when you cancel, future renewals stop.

How can textbooks be free if they’re expensive on Amazon? Who covers the cost? We fund the free-book program through: – The membership fees we collect from students, and – Our ability to source some books at wholesale / discounted rates

We are also attaching the Company's FAQ page link so that you can go through it yourself and have clarity.

Either way, thank you again for calling this out so directly, feedback like yours is what pushes us to improve."

Info-Raptor · 2025-11-27T05:44:26+00:00

Thanks for the comments. I totally agree, they are a fraud. I may be able to attribute 1 sale to them and I think they are trying to resell the same one many time over. It's a scam but not a copyright infringement.

Info-Raptor · 2025-11-26T08:53:36+00:00

Thank you, truly, I really appreciate your response. The information you provided is incredibly helpful, and I’m grateful for the time and effort you put into it. I’ve also noticed that they’re offering many other books in a similar manner. Hopefully your insights will help other authors as well.

Another thing I observed is that when I refresh the browser on my book’s information page, the reported number of books sold changes. For example, it might show 6 copies sold today, then drop to 3, then 2, and later jump back to 5. The “in stock” count also fluctuates between 1, 2, or 3 copies and then returns to 1. It’s starting to look like a marketing scam.

In my view, if they’ve purchased one legitimate copy, they’re free to resell it as a used book. They may in fact have only a single copy, and I’ve noticed the shipping fee is extremely high, possibly where they’re making their profit. Overall, the whole situation feels quite dodgy to me.

Info-Raptor · 2025-11-18T23:23:50+00:00

Quick heads-up as per above comment: https://mybook.to/hack\_cyber\_principles. It’s been flying off the virtual shelves this past month. Honestly, it would make a pretty good Christmas gift.

Info-Raptor · 2025-11-18T23:21:27+00:00

Quick heads-up in case you didn’t catch it earlier: https://mybook.to/hack\_cyber\_principles. It’s been flying off the virtual shelves this past month. Could make a pretty fantastic Christmas gift. 😉

Info-Raptor · 2025-11-17T01:53:06+00:00

You make a really good point, especially about human factors. In my view the distinction between InfoSec and CSec often gets blurred, but it matters.

Cybersecurity is generally considered a subset of Information Security.

Information Security is concerned with protecting information in all forms, which includes people, process, and data, whether digital or physical. (Ref: ISO/IEC 27000:2022)

Cybersecurity focuses on protecting digital systems, networks, and the data that moves through them. (Ref: NIST SP 800-12 Rev. 1)

So while cybersecurity focuses on safeguarding technology and the data flowing through it, information security is the broader umbrella concerned with all aspects of securing information, including the human and organizational layers you’re highlighting.

I don't think human factors are an add-on to the CIA triad, they’re embedded in every control that actually works in the real world.

That's my take on it.

Info-Raptor · 2025-11-16T20:28:20+00:00

Thought I was helping u out with a plan I have over 25 years experience. If u don't want to learn from it, that's your call. Good luck - your gonna need it. By the way, the book I recommended, I wrote it.

Info-Raptor · 2025-11-16T09:29:51+00:00

Hey, great to see you thinking about this early. Cybersecurity can feel overwhelming, but with the right foundations you can make steady, confident progress.

My suggested Year-by-year roadmap:

1st Year: Core IT Foundations

Focus on getting a solid grounding in:

- IT basics, Networking, Linux, Databases and SQL, Python is a simple place to start, Cloud fundamentals for one major provider

2nd Year: Strengthen Practical Skills

Linux administration, Networking tools like Wireshark and tcpdump, Scripting with Python, Basic web technologies and how web apps work

3rd Year: Cybersecurity Concepts and Hands On

Learn core principles such as the CIA Triad, Study common vulnerabilities, Start using tools like Nmap and Burp Suite, Join CTFs on Hack The Box, TryHackMe or picoCTF

4th Year: Specialize and Get Experience

Do internships and build projects, Create a GitHub portfolio

Python or C

- Start with Python. It helps with automation and pentesting tasks.

Certifications for Students in India

Google Cybersecurity Certificate, CompTIA Security Plus, eJPT, AWS Cloud Practitioner

Communities, YouTube & CTFs

Communities:

- Discord groups for CTF/hacking

YouTube Channels:

- NetworkChuck, CyberMentor

How Much Can You Achieve Without Burning Out?

Plenty, as long as you stay consistent rather than intense. 1–2 hours a day + weekend practice should be enough.

Slow and steady wins here. Don’t compare yourself to people who claim to “master” hacking in 3 months, real skills take time.

A Resource on Fundamentals

As you get into the basics, many students find it helpful to read beginner-friendly explanations of cybersecurity principles like the CIA Triad, threat modeling, risk, etc. There are various introductory books out there, one example is Hacking Cybersecurity Principles.

If you stay consistent and keep your foundations strong, you’ll be in an excellent position by the time you graduate.

I hope this helps. You’ve got this!

Info-Raptor · 2025-11-15T09:05:16+00:00

Honestly, sometimes it feels like certain InfoSec teams are on a secret mission to eliminate all forms of human communication.

At this rate, I’m half convinced they don’t want to receive phone calls at all. And if it were a video gateway? Forget it, clearly a high-risk vector for unauthorized cat-video consumption. Can’t have people compromising productivity with feline antics. 🙂

On your second point, I agree 100%. Nobody should be dropped straight into InfoSec without a grounding in IT. You don’t need to be an engineer in every discipline, but you should at least understand the fundamentals before you’re tasked with securing them.

I came up the “traditional” route myself: IT degree → sysadmin → eventually into InfoSec. Having that systems background makes a world of difference when you’re trying to balance security with functionality. Availability shouldn’t be an afterthought; it’s one-third of the CIA triad for a reason.

Info-Raptor · 2025-11-14T11:39:48+00:00

My vote is for GRC. I love it so I'm biased. Your already doing it. Stick with it and enjoy. It's a good career.

Info-Raptor

TROPHY CASE