Ben’s Book of the Month Review of: "Build Your Own Cybersecurity Testing Lab: Low-cost Solutions for Testing in Virtual and Cloud-based Environments"


Posted on by Ben Rothke

It was not that long ago that attempting to build your own IT lab to create a test environment would be an expensive endeavor. Besides the hardware, a set of software security tools could set a person back significantly.

 

Now, Kali Linux, for example, has hundreds of open-source penetration-testing programs and is completely free. In the past, this set of software could cost more than $250,000 if purchased separately as commercial tools. 

 

In Build Your Own Cybersecurity Testing Lab: Low-cost Solutions for Testing in Virtual and Cloud-based Environments (McGraw Hill), author Ric Messier has written a practical, hands-on guide on how you can create your own security testing lab without needing to take out a second mortgage on your house. 

 

In the book, Messier does the IT equivalent of the proverb “Give a man a fish, and you feed him for a day. Teach a man to fish, and you feed him for a lifetime.” And here he shows the reader how to build his own security-testing lab. The focus is on affordable technologies—using cloud computing—as not requiring you to buy often expensive hardware.

 

After a detailed introduction to network design and operating systems, the second half of the book details how to create a cloud-based environment. This is particularly valuable given the hypergrowth of cloud computing, combined with the dearth of those with significant cloud and cloud security experience. 

 

Messier has separate chapters for Amazon Web Services, Microsoft Azure, and Google Cloud Engine, which go into the unique configurations for each of them, and how to use their core components. 

 

It is ironic that with a $50 list price, the book may be the most expensive part of your security lab. But the information in the book is certainly worth it, as it shows the reader a way to build an actual lab that can give them valuable experience, which can in turn make them much more sought-after on the job market. 

 

Build Your Own Cybersecurity Testing Lab should be considered an investment in one’s security expertise and growth. And is an excellent investment at that.

Contributors
Ben Rothke

Senior Information Security Manager, Tapad

Security Strategy & Architecture

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community