Change the game, not the name
We took a long hard look at the famous Infosec Color Wheel designed by @aprilwright and @proxyblue and designed our training initiative around these simple ideas:
-
We can create several disparate teams and try to oversee them with a “white team” (see also: herding cats), or
-
We can create cross-functional teams and use the compound colors where the arrows meet as cross-team collaborative activities
What does this look like in practice?
-
The Yellow and White teams are fused into a Gold Team that sets the “gold standard” for platform architecture and governance
-
The Blue Team is comprised of Digital Forensics and Incident Response experts tasked with defending the company assets and infra
-
The Red Team is comprised of Offensive Security experts tasked with adversary emulation and threat modeling initiatives
-
Green Teaming is the collaboration of architects and engineers in activities like code reviews or shift-left initiatives
-
Orange Teaming is the collaboration of architects, engineers, and analysts to create educational material, labs and workshops
-
Purple Teaming is the collaboration of Red and Blue teams to create output drivers for quality assurance or change. These drivers can also be used for attestation or validation of vulnerability management scans or 3rd party pentests. (See Attack IQ Academy)
-
The White Team is refined into a Silver Team of at least one upper-management entity and the leadership within the teams
Enough talk! Onwards to the path!
This pathway was designed by Shane Lilly aka sincera, Security Architect at IBM/Kyndryl, founder of NoShitSecurity, and certified security infrastructure and analytics expert.
This pathway will prepare students for most entry-level infosec jobs, regardless of team alignment.
*This pathway was updated in January 2022 with additional content for the Jurassic Jungle™ Internship Program
1. Wire is the word
If you don’t know where to start, then start where you are. That means OverTheWire.
You saw what we said about navigating the UNIX terminal on the front page
Because we mean that, we start you here
2. When you’re labbing, you’re learning
When you are finished with Bandit from OverTheWire, the next logical choice is PentesterLab followed by the “Novice” challenges in the Web Security Academy built by PortSwigger.
We provide PentesterLab Pro subscriptions and guidance to help with this.
- Unix
- Essentials
- Recon
- HTTP
- PCAP
- Intercept
- White
- Serialize
- Yellow
- Blue
These labs will teach you web app pentesting with Burpsuite, and prepare you for pwnage.
Your goal is the “Novice” challenges.
3. Get in because you fit in
When you’re finished with OTW –> PTL, then you are officially ready to tackle the coveted HackTheBox™ Entry Challenge– without looking up the answers.
Your goal is to finish all three tiers of Starting Point
4. Security from A to Z
Between hacking the boxen and labbing till you cry, we hold CTFs to earn a seat learning Azure Security Engineering free of charge from a world-class architect.
Shane Lilly, NSS Founder, is a certified Microsoft trainer and has designed and built infra that protects several Fortune 500 companies, as well as provided training for security, cloud ops, and engineering teams.
5. Become the guru you do
Once students have completed the NoShitSecurity Azure Bootcamp, they are given access to the one and only A Cloud Guru training platform where they will pursue the Azure Security Pathway and complete a series of projects and milestones to earn industry-recognized cybersecurity certifications.
6. Leading the way to left field
After you’ve mastered the art of architecting on the right foot, we’ll give you the opportunity to learn true DevSecOps engineering from Everable, where you can shift-left into fundamentally future-secure.
7. Find your foothold, earn your wings.
The final chapter for the fish is only the beginning of the hunt for the hacker. Candidates that complete the Jurassic Jungle™ internship are granted access to CrowdStrike University, where they can leverage the Falcon® Enterprise platform to become CrowdStrike certified.