I've been working in the cybersecurity industry for about a decade, using Linux for IDS/hardening and general security. I was wondering what courses/certs folks would recommend most for Linux security to demonstrate knowledge, I could do the Linux+ route but I'd prefer to not have to memorize a bunch of stuff on mounting disks etc if I want to demonstrate security knowledge..Thanks!

I would suggest learning Linux more deeply if you want to posture as a security leader. For example, creating CIS Hardened operating systems for an organization. It can be frustrating as a user to have a security team mandate hardened systems but for them not be able to carry out the hardening (for example in the cloud) skills-wise. Security should be about relationship building and partnerships which is how you get buy-in from teams shifting security left.

In terms of certifications, lately I hear a lot of good things about CISSP. Following OWASP is another valuable knowledge base in addition to knowing CIS benchmarks.

Well said; was wondering how someone could be a cyber security expert and not know basics.

It is quite possible because a lot of the intrusion and scanning tools make easy to consume reports from system and software scans. So a security team can scan, file tickets with teams, and not have a full grasp of what they're asking of others. This can lead to over communication without actionable feedback, cause tensions, and create noise with false positives.

However, OP seems interested in deepening their security posture as an expert and it is unavoidable to get deeper in to the systems aspect if they want to position themselves on the technical side of security work. CISSP also has a management track so I guess it kind of depends on OP's goal here.

1 members found this post helpful.

True but as you said it leads to false positives and without having a real grasp of what they're doing how can you be in true expert? I wouldn't consider someone who looks at a tool and a graph and files a ticket an expert especially after a decade working in the field.

1 members found this post helpful.

I'm fine with doing Linux+ if that's the best route. It looks increasingly like it is, since I am doing more projects with designing secure servers and hard drives.

Linux+ would be good for fundamentals and then building on that would be implementing a CIS benchmark from scratch. I could implement a benchmark for one OS in a few weeks being lazy; a lot faster with focus. That is to say, it is feasible for one experienced person to tackle in a short period of time.

• https://www.cisecurity.org/cis-benchmarks are free to download. If you don’t want to give them your info you could always use google-fu and search with filetype:pdf for benchmarks.
• Here’s a snippet I wrote from implementing benchmarks, that I do on my Linux Desktop as a practice because I liked the idea https://sam.gleske.net/blog/engineer...uring-tmp.html

I called out the second bullet specifically because a lot of cloud operating systems (for example amazon linux) come as non-partitioned drives with the raw storage formatted to a filesystem (typically XFS). Because of that, you need to get fancy with loop devices, bind mounts, etc. I use similar techniques for configuring file-based swap storage in the cloud.

There’s application specific benchmarks as well such as tomcat and docker. From applications it kind of depends on your focus and the enterprise support you provide. I did this tomcat benchmark in my spare time because I support and run a lot of Java apps. https://github.com/samrocketman/docker-tomcat