Something I did back when I was starting: Make a Virtual Machine with a bridged network connection (or a 2nd clean Windows install machine) - this gives you 2 machines on the same network. Install Wireshark on your clean machine. Start a packet capture and then try an attack or a network scan against that machine. Then analyze that packet capture. You know exactly what you did - now you can see exactly what it looks like! If you're doing some sort of metasploit-based attack you can even install things like Sysmon to capture specific logs, perform your attack and then look at the logs on your clean machine to see what the defender would see.
Also I should say that Regex (Regular Expressions) are the bane of my existence...but are endlessly useful. If you can wrap your head around them and learn them effectively then do so! If you can learn them well enough to use the free tools online - that's perfectly fine! But 100% expose yourself to them.
With all of the corporate attention on automation, I wonder how long it will take a cybersecurity software developer to make a package that is more appealing than having a team and it's all put on one person. I believe that the only way to have reasonably secure data is to keep what doesn't need to have an internet connection, doesn't get an internet connection and what does only exposes a very secure API.
Thank you. My son is on the verge of graduating from Western Governor’s University’s bachelor’s in cyber security and it’s time to do projects. He needs to be able to demonstrate that he’s familiar and has mastery with the tools that are used everyday in the real world.
Let me give you some unsolicited advice. The longer you parent him, the longer it will take him to mature. Let HIM worry about the work. Stop giving him tasks and homework. Helicopter parenting harms people because it prevents them from learning how to develop the capacity to discover their own insights. THIS is the skill your son needs in the real world, NOT for you to tell him what to do.
@@Lucky9_9 I appreciate the concern but my son isn’t some marshmallow, snowflake helicopter parented kid. He spent his senior year in high school working nearly full time while attending school with nearly all AP classes, where he was without a car and on his own to get to work regardless of the weather. He scored the highest in the state chemistry proficiency exam. But despite being gifted academically he didn’t go straight to college. Instead after graduation he spent a year as a marine construction helper. Working outdoors, full time, while he taught himself welding he attended college full time at night and on weekends. During that year he lived at a distant relative’s house where he had to sleep on a couch and store all his belongings in the trunk of his car. Huntington Ingalls is the exclusive designer and builder of the Navy’s aircraft carriers and nuclear submarines. My son was part of the 12% of applicants accepted by Huntington Ingalls for their trades four-year apprenticeship program. He completed the most rigorous welding program in the world. Rigorous in both the sense of the skill level required as well as the physical challenge of being in a literal steel capsule where the walls, ceiling and floors are made of steel so the compartment reaches temperatures well over a hundred degrees. There are thousand of welders there and HI has been the exclusive builder for the Navy for more than a hundred years. During his apprenticeship he set several company welding records for both production and quality - despite being just an apprentice, and those records encompass literally hundreds of thousand of welders over more than a hundred years of company history. After I showed him Time Value of Money equations and how incredible compounding in investing becomes over the decades he changed his spending habits on the spot. Since then he’s disciplined himself to save and invest nearly $30,000/ year for going on six years. He has no debt, he owns his own house. He was selected by the company to be a linchpin in the biggest data analytics project in company history because in addition to welding he knows advanced math, electronics, and computer programming. Obviously as a dad I’m proud of him but the point of me listing all these details here isn’t to brag, but merely to point out he’s far from a coddled helicopter parented child. He’s a young man who’s capable in multiple fields. If you want to have an in-depth conversation about classical Greek literature or or go blow by blow on the merits and demerits of individual Roman Emperors, or maybe compare and contrast them to Napoleon or others, or ask him to teach you multivarable calculus or differential equations, or the subtleties of growing certain rare plants from islands east of Africa, or play a violin sonata for you he can do it. And he attained all these skills and knowledge without me. I live on the other side of the country from him. We just happen to be best friends in addition to father and son. I’ve advised him about academics, and navigating the internal machinations and politics of a Fortune 500 corporation, but he’s had to do it all on his own. He switched out of a mechanical engineering program to cyber security because he’s rational and not emotional. He knows he will plateau at $100K as a mechanical engineer or welder, and his older brother makes $260K as a cyber security engineer at Amazon (And that’s an entirely different story of a self-made young man that’s even more spectacular than the son I’ve been describing). He looks at it like opportunities when automobiles were in their major growing period in history, or when electricity and electrification of cities was in its infancy, or being a programmer in the ‘90s during the birth years of the internet. Right now is cyber security’s time to shine.
@@Lucky9_9let me give you some unsolicited advice, as children mature and find new interests as they approach adulthood, parents like to stay connected by learning about their interests so that common ground is available for discussion and bonding. To assume helicopter parenting by the OPs comment is a reach at best, take a step back and try to see more dimensions than the 1 you currently view life through
This was a good video with a good list of resources and I'd like to pump the YT algo with a comment. GOAD (Game of Active Directory) is another good one to add to your list (but it's a bit larger, so maybe it doesn't fit in with the theme of quick to stand up projects). Hm.. you know how we all get together around black friday and have a github repo for CyberSec black friday deals? Someone should do that, but with CyberSec projects. Just one big ole repo of up to date links to projects and what-have-you.... but I digress. This video was very good.
I just started the Cybersecurity program in WGU. I'm learning the basics. But I'm not sure which field I would like to get into. I just want job security and if possible not be on call 24-7.
cisa.gov biden made a branch of cybercops. threat actors in or out of country get a number and if you id the person you can ask the da to charge them. most of what thier doing now is cleaning up all the coding languages so they cant be used to crack your way up the infrastructure layer.
Something I've been doing is doing projects then adding them to my github and calling one of my buddies who is not tech savy and explained the entire thing to him so I get a better understanding of what I've been doing
totally gonna make you explain this stuff to my av theater grad gf now that she got her palo alto network cert. watching her get from hardware to software was so hard for me. explaning what shell actualy do at work is hard. i dont want to leave install and implementation projects behind but she wants the desk noc work.
the root cause of poor training in Cybersecurity = College/university , bunch of theories and memorizing, ComPTIA Security + , bunch of theories, and memorizing nothing really, really practical and both cost lots of money. This is why employers want experience and Not degrees and Certs.
This video came at a great time. I’m struggling to get a job in cybersecurity. I have some certs and help desk experience. Thanks for this. Do you also have mentorship courses like 1 on 1?
Changing careers and using the Vet Tech program to get my journey going. Are there any programs that help vets get a laptop for education and career change. Also if looking for a laptop what specs are adequate for all these programs to run properly? Since I do have my phone on me what applications can I download to help us on our journey to learn IT since it is a whole lot to learn and take in? Hope you are doing well. Have a wonderful year.
Thank you so much for creating this video! So very helpful. Unfortunately, the link for your project list leads to a "Page not Found" error. Is there another way to access it?
Nicole, as a woman, have you ever been treated like an administrative assistant or secretary in a cybersecurity role? I work at a consulting company that begins with A as a "Security Delivery Analyst". But I keep getting projects where I use zero cybersecurity skills and the managers keep giving me secretary tasks such as take notes, schedule Team calls, monitor the managers calendar to find time for the managers next Teams call. I am treated like some sort of personal assistant/administrative assistant. Have you seen this in cybersecurity? I'm not sure what to do. On this current project I repeatedly highlighted my cybersecurity skills but the manager put me down as "Support" and is treating me like her own personal assistant and she is talking to me very disrespectfully.
Nicole, most of the times during interviews they told me "and what about -real- projects in a company? have you done anything?" And i was like... :/ Well, no really... gg
no thanks i dont want to sponsor the cockrocket bald one or the labgrown meat cricket hoarder, i'd rather use realistic consumer hardware because simulations do not represent reality!
i wish blue team people would say soc or blue team in their titles so that youtube stops recomending their stuff to red team people like me just because it says cybersecurity .
@@aarontheone7193 cybersecurity is not a job. It is a sector. You do not need to know how to do every job just to do one. I am a pentester and I know the basics of every job in IT but it doesn't mean I need to be expert in them all to do my job. Blue team protects and red team destroys and when people do videos on cybersecurity it would help everyone's recomended algorithm if creators specified what field they are talking about instead of just saying cybersecurity. It makes it harder for people to find the learning content they are looking for and makes people learn less ultimately
So you did nothing your whole career? Sounds like bs to me. And it doesn’t matter how many indy projects you’ve done, some companies demand those certificates, especially in the govtech space.
Something I did back when I was starting:
Make a Virtual Machine with a bridged network connection (or a 2nd clean Windows install machine) - this gives you 2 machines on the same network. Install Wireshark on your clean machine. Start a packet capture and then try an attack or a network scan against that machine. Then analyze that packet capture. You know exactly what you did - now you can see exactly what it looks like! If you're doing some sort of metasploit-based attack you can even install things like Sysmon to capture specific logs, perform your attack and then look at the logs on your clean machine to see what the defender would see.
Also I should say that Regex (Regular Expressions) are the bane of my existence...but are endlessly useful. If you can wrap your head around them and learn them effectively then do so! If you can learn them well enough to use the free tools online - that's perfectly fine! But 100% expose yourself to them.
Yes!!
This is a great idea I never thought of using Wireshark to replay my work to see it in that form
Smart and you can start 2 machines up in qemu
Vmware
Thank you! I am getting tired of memorizing protocols and not getting my hands dirty. Have a great day.
Thanks Nicole. I just passed the Security + exam the week before Christmas so this is is very much needed to build practical experience. Thank you 🙏
You got this!
Thank you so much!
I don't do well with just reading and memorizing. War rooming is where it's at!
This list is so cool! Certainly a much needed guide to projects for many who are confused on where to start regarding projects
you are a Queen, thank you so much for all this heavy lifting. I appreciate all your efforts on your superb channel. Happy New Year 👍👍👍
You are so welcome
With all of the corporate attention on automation, I wonder how long it will take a cybersecurity software developer to make a package that is more appealing than having a team and it's all put on one person. I believe that the only way to have reasonably secure data is to keep what doesn't need to have an internet connection, doesn't get an internet connection and what does only exposes a very secure API.
I beg you please make a video on what project to become a security engineer and how to add them to your resume
Thank you so much for the video and sharing it with us. This is a huge help. Thanks again
Thank you so much for all the great content!
This list is so cool! Certainly a much needed guide to projects for many who are confused on where to start regarding projects ✅
Glad it was helpful!
@@nicoleenesse you're welcome mam😊
Super great video! Thanks for the resources!
Thank you. My son is on the verge of graduating from Western Governor’s University’s bachelor’s in cyber security and it’s time to do projects. He needs to be able to demonstrate that he’s familiar and has mastery with the tools that are used everyday in the real world.
😂
Are you laughing at WGU?@@beasttowers392
Let me give you some unsolicited advice. The longer you parent him, the longer it will take him to mature. Let HIM worry about the work. Stop giving him tasks and homework. Helicopter parenting harms people because it prevents them from learning how to develop the capacity to discover their own insights. THIS is the skill your son needs in the real world, NOT for you to tell him what to do.
@@Lucky9_9 I appreciate the concern but my son isn’t some marshmallow, snowflake helicopter parented kid. He spent his senior year in high school working nearly full time while attending school with nearly all AP classes, where he was without a car and on his own to get to work regardless of the weather. He scored the highest in the state chemistry proficiency exam. But despite being gifted academically he didn’t go straight to college.
Instead after graduation he spent a year as a marine construction helper. Working outdoors, full time, while he taught himself welding he attended college full time at night and on weekends. During that year he lived at a distant relative’s house where he had to sleep on a couch and store all his belongings in the trunk of his car.
Huntington Ingalls is the exclusive designer and builder of the Navy’s aircraft carriers and nuclear submarines. My son was part of the 12% of applicants accepted by Huntington Ingalls for their trades four-year apprenticeship program. He completed the most rigorous welding program in the world. Rigorous in both the sense of the skill level required as well as the physical challenge of being in a literal steel capsule where the walls, ceiling and floors are made of steel so the compartment reaches temperatures well over a hundred degrees. There are thousand of welders there and HI has been the exclusive builder for the Navy for more than a hundred years. During his apprenticeship he set several company welding records for both production and quality - despite being just an apprentice, and those records encompass literally hundreds of thousand of welders over more than a hundred years of company history.
After I showed him Time Value of Money equations and how incredible compounding in investing becomes over the decades he changed his spending habits on the spot. Since then he’s disciplined himself to save and invest nearly $30,000/ year for going on six years. He has no debt, he owns his own house. He was selected by the company to be a linchpin in the biggest data analytics project in company history because in addition to welding he knows advanced math, electronics, and computer programming.
Obviously as a dad I’m proud of him but the point of me listing all these details here isn’t to brag, but merely to point out he’s far from a coddled helicopter parented child. He’s a young man who’s capable in multiple fields. If you want to have an in-depth conversation about classical Greek literature or or go blow by blow on the merits and demerits of individual Roman Emperors, or maybe compare and contrast them to Napoleon or others, or ask him to teach you multivarable calculus or differential equations, or the subtleties of growing certain rare plants from islands east of Africa, or play a violin sonata for you he can do it.
And he attained all these skills and knowledge without me. I live on the other side of the country from him. We just happen to be best friends in addition to father and son. I’ve advised him about academics, and navigating the internal machinations and politics of a Fortune 500 corporation, but he’s had to do it all on his own.
He switched out of a mechanical engineering program to cyber security because he’s rational and not emotional. He knows he will plateau at $100K as a mechanical engineer or welder, and his older brother makes $260K as a cyber security engineer at Amazon (And that’s an entirely different story of a self-made young man that’s even more spectacular than the son I’ve been describing). He looks at it like opportunities when automobiles were in their major growing period in history, or when electricity and electrification of cities was in its infancy, or being a programmer in the ‘90s during the birth years of the internet. Right now is cyber security’s time to shine.
@@Lucky9_9let me give you some unsolicited advice, as children mature and find new interests as they approach adulthood, parents like to stay connected by learning about their interests so that common ground is available for discussion and bonding. To assume helicopter parenting by the OPs comment is a reach at best, take a step back and try to see more dimensions than the 1 you currently view life through
What a video thank you, I've been struggling to retain the info. I think this might just help a fair bit
Thank you for providing such great content…I needed this..I’m a hands on guy…the labs are ok but it does little to help info to stick.
This was a good video with a good list of resources and I'd like to pump the YT algo with a comment. GOAD (Game of Active Directory) is another good one to add to your list (but it's a bit larger, so maybe it doesn't fit in with the theme of quick to stand up projects). Hm.. you know how we all get together around black friday and have a github repo for CyberSec black friday deals? Someone should do that, but with CyberSec projects. Just one big ole repo of up to date links to projects and what-have-you.... but I digress. This video was very good.
Thanks!
Great video about cyber security projects. I tell my students the same thing: do independent projects.
Security in IT sadly is way over rated but very important area . Sadly filled up with mostly scam and unskilled CISOs
I just started the Cybersecurity program in WGU. I'm learning the basics. But I'm not sure which field I would like to get into. I just want job security and if possible not be on call 24-7.
cisa.gov
biden made a branch of cybercops.
threat actors in or out of country get a number and if you id the person you can ask the da to charge them.
most of what thier doing now is cleaning up all the coding languages so they cant be used to crack your way up the infrastructure layer.
❤ thanks for making these videos
It was quite insightful, loved it
Something I've been doing is doing projects then adding them to my github and calling one of my buddies who is not tech savy and explained the entire thing to him so I get a better understanding of what I've been doing
You can add wazuh or suricata or other xdr/edr in SOC project and also SOAR as well.
nice video 👍
Yeah! Great stuff 👍
or splunk
Thank you very much you are the best
Thanks Nicole! Great content!!
Glad it was helpful!
totally gonna make you explain this stuff to my av theater grad gf now that she got her palo alto network cert. watching her get from hardware to software was so hard for me. explaning what shell actualy do at work is hard. i dont want to leave install and implementation projects behind but she wants the desk noc work.
Most beneficial imo: play ctfs and after you've got some experience try to make your own ctf challenges
This is really good stuff. What skill/experience level would you recommend to be at before starting these projects?
That's a whole different video hah
thanks nicole
Cyber Security is so hyped up as an on-demand skills, but jobs are elusive in the market.
Don't Believe the Hype.
Do you think its better to learn either Azure or AWS first? Does it matter?
This is an excellent video and learnt quite a lot. Joined as a sub, btw I’m in tech risk management in a financial institution.
Glad it was helpful!
the root cause of poor training in Cybersecurity = College/university , bunch of theories and memorizing, ComPTIA Security + , bunch of theories, and memorizing nothing really, really practical and both cost lots of money. This is why employers want experience and Not degrees and Certs.
This video came at a great time. I’m struggling to get a job in cybersecurity. I have some certs and help desk experience. Thanks for this. Do you also have mentorship courses like 1 on 1?
Yes, upskilltocyber.com
Changing careers and using the Vet Tech program to get my journey going. Are there any programs that help vets get a laptop for education and career change. Also if looking for a laptop what specs are adequate for all these programs to run properly? Since I do have my phone on me what applications can I download to help us on our journey to learn IT since it is a whole lot to learn and take in? Hope you are doing well. Have a wonderful year.
Look into VR&E within the VA
this video is quite helpful. thank you!
You're welcome!
im getting the not found also -> Page not found
Either this page doesn't exist or you don't have permission to access it.
I am also getting this
It is fixed
Thank you so much for creating this video! So very helpful. Unfortunately, the link for your project list leads to a "Page not Found" error. Is there another way to access it?
Updated nicoleenesse.notion.site/Open-Source-Cybersecurity-Projects-04419423bb6d43b8a93c8d9b9c19d5d4?pvs=4
@@nicoleenesse Thank you so much!!
Nicole, as a woman, have you ever been treated like an administrative assistant or secretary in a cybersecurity role?
I work at a consulting company that begins with A as a "Security Delivery Analyst". But I keep getting projects where I use zero cybersecurity skills and the managers keep giving me secretary tasks such as take notes, schedule Team calls, monitor the managers calendar to find time for the managers next Teams call. I am treated like some sort of personal assistant/administrative assistant.
Have you seen this in cybersecurity? I'm not sure what to do. On this current project I repeatedly highlighted my cybersecurity skills but the manager put me down as "Support" and is treating me like her own personal assistant and she is talking to me very disrespectfully.
Yes I have. Usually only from woman bosses though. Not sure why haha
I would talk to her about it as she may not know you want to do more technical tasks
that lady in waf did not look happy
Nicole, most of the times during interviews they told me "and what about -real- projects in a company? have you done anything?" And i was like... :/ Well, no really... gg
This!!! ☝️☝️☝️☝️☝️☝️
Thank you so much beautiful, all I here from you is facts. Lfg
You are so welcome
Do you think cybersecurity professionals will be replaced by AI?
If you're going to mention 4525 projects, either create time stamps or links to all the projects in the video description. Thanks.
🙏🏻
Notion - Page not found
Either this page doesn't exist or you don't have permission to access it.
Oh thanks. It should be good now nicoleenesse.notion.site/Open-Source-Cybersecurity-Projects-04419423bb6d43b8a93c8d9b9c19d5d4?pvs=4
Thanks so much! your the best! :v
You're welcome!
All you need is countless hours on capture the flag
no thanks i dont want to sponsor the cockrocket bald one or the labgrown meat cricket hoarder, i'd rather use realistic consumer hardware because simulations do not represent reality!
i wish blue team people would say soc or blue team in their titles so that youtube stops recomending their stuff to red team people like me just because it says cybersecurity .
The whole point of cybersecurity is to be the best attacker and defender you can. More versatile and educated employees make for better responses
@@aarontheone7193 cybersecurity is not a job. It is a sector. You do not need to know how to do every job just to do one. I am a pentester and I know the basics of every job in IT but it doesn't mean I need to be expert in them all to do my job. Blue team protects and red team destroys and when people do videos on cybersecurity it would help everyone's recomended algorithm if creators specified what field they are talking about instead of just saying cybersecurity. It makes it harder for people to find the learning content they are looking for and makes people learn less ultimately
@@aarontheone7193 tell that to programmers writing code with more bugs than Australia not to pentesters haha
This comment gives 10 year old with kali vibes
How old are you? Sound immature
So you did nothing your whole career? Sounds like bs to me. And it doesn’t matter how many indy projects you’ve done, some companies demand those certificates, especially in the govtech space.
GOVTech prefers military
That's how you shut down arrogant rude people Nicole...😂@@nicoleenesse
if one is kinda noob, then which of the resources one has to follow for building cybersec. projects ?
kev catalogue made by cisa.gov