Introduction to Information Security Course

The Pluralsight company logo.

I completed and published another course with Pluralsight. This time I was asked to create an introductory course for information security. It had to be high level. It had to be accessible to beginners that have little to no background in information security.

It is the lead course in the Survey of Information Security learning path. This path also contains my second penetration testing course, Penetration Testing: The Big Picture.

The objective of this course is to assist learners in understanding the foundational principles and the key concepts in security. I describe most of the program and management approaches from an organizational perspective. I used this method specifically so that learners can apply this knowledge to their current job and their organization.


Penetration Testing: The Big Picture

I have another Pluralsight course published. Still focusing on penetration testing, I was asked to create a high level overview course on the subject. Penetration Testing: The Big Picture was published on October 6, 2017 and looks at a wide variety of topics on penetration testing.

The focus in this course is to present information about pen testing that would be useful to those interested in learning more about it as a career option or training direction. It can also be useful for individuals and organizations interested in hiring pen testers or organizations seeking pen testing services.


Kali Linux Changes for the Introduction to Penetration Testing Using Metasploit Course

I developed the Pluralsight course Introduction to Penetration Testing Using Metasploit using Kali Linux, which is a project from Offensive Security. Kali is a Linux distribution with most of the tools an information security professional would need. It is also a great platform for designing courses around because most, if not all, of the tools needed are installed by default.

The challenge is that Kali changes over time. Most of the times those changes are good and necessary to stay current and relevant. Of course, those changes often negatively impact ancillary products and information resources, including instructional courses. My Metasploit course is no exception. Revising an existing course that is already in use has its own challenges. Instead, I offer this blog post as a “living document” highlighting changes in Kali Linux that impact my Metasploit course. My hope is that if you run into issues with the course due to changes in Kali, you can find the answers here.

security training

Metasploit and Pentest Discussion on Test Talks Podcast

Test TalksJoe Colantonio and I had a conversation about penetration testing and the use of Metasploit on the Test Talks Podcast. That episode is available now.

Joe is a fellow Pluralsight Author and host of the Test Talks Podcast, which is a weekly podcast all about software test automation.

We discussed concepts in penetration testing, Metasploit and its auxiliary modules and OpenVAS for vulnerability scanning, Meterpreter for post-exploitation activities, ethics in the use of tools like Metasploit, and Kali Linux.

Check out this episode and other episodes from Joe Colantonio and the Test Talks Podcast.


Introduction to Penetration Testing Using Metasploit

Pluralsight logoAfter many months of effort, my first Pluralsight course, Introduction to Penetration Testing Using Metasploit is now available. Here is the official course description:

Metasploit is one of the most widely used tools for penetration testing, providing powerful attack simulations, security assessment management, and more. In this course, Introduction to Penetration Testing Using Metasploit, you’ll learn to use Metasploit to enumerate available services, identify potential weaknesses, test vulnerabilities through exploitation, and gather evidence for reporting. First, you’ll see how to install and configure the Metasploit Framework and several supporting tools on Kali Linux. Next, you’ll explore how exploits and payloads work together to gain access to systems. Finally, you’ll look at how Metasploit Framework releases are made available and how to maintain the latest version of the Framework. By the end of this course, you’ll have a better understanding of how to use Metasploit to quickly assess the security posture of systems and networks to reduce risk.

I received terrific support from the Pluralsight team in creating this course. They are very active in communicating, listening, and work with their authors. They have tools and a process for getting courses out the door. I was surprised by this attention to authors and to the details most of all.