As you probably are not aware, I moved into an actual security job this year, earlier in my career than I expected. I went from sys admin to intrusion analyst. I am honored to have this opportunity and I feel I am learning a bit. But there are some issues.
I don't feel that I am where I should be knowledge wise. Some of the guys I work with are 2 steps away from the GSE, or self taught experts as far as I can see, with a knowledge of programming and who knows what else.
I don't know where I should be focusing my studies. I've met the job requirements as far as certifications, so i'd like to get on the same level of knowledge as my coworkers. As noted, some have the SANS level experience, many came from other companies where they did this type of work before. I've been split all around with feeling that I should do what I can to be an well rounded network defender but unsure how to go about it. I spent all kinds of time and money getting the CCENT so I could pursue the CCNA Security but I don't think that cert will be particularly helpful in teaching me much outside of Cisco, CCP is all point and click.
So I said I would try to learn fundamentals. Right now i'm 25% into Firewall Fundamentals (http://www.amazon.com/Firewall-Fundamen ... 1587052210). So far i'm familiar with whats been covered. I do wonder if mixed with this and something else I could possibly challenge the CPPA (Formerly GCFW)
Next I suppose I should focus on IDS analysis I'm going to have to redo this security onion install, I havent used the PC in months and have forgotten most of the passwords. If you guys haven't tried Security Onion, its great... if you like to use linux. It still takes an act of gods to get things running for the first time, and IDK if I should be using Snorby, ELSA, Sguil, or Squert. I still have no idea why no one has created a usable snort frontend for modern windows. If anyone can point me to one and preferably a walkthrough for installing whatever else will likely have to be installed along with it, feel free. Everything I've found is 10 years old or doesnt use a frontend. #snort on freenode has been useless, a bunch of people autologged into the channel with no activity.
And then of course there's SANS. I could likely take a SANS course and learn a huge deal. Right now i'm leaning towards Sec 501 (GCED) it seems to cover some good stuff.
Edit: I just saw this course: https://www.eventbrite.com/e/security-o ... 0834465177 Cheaper and could definitely help me on my home lab...
Anyway in short, thats where I am today, I'm doin what I can right now, reinstalling SO so I can try to learn some analysis and maybe create and test some snort rules. I suppose i'll try to keep this thread updated if anyone is interested.