Ongoing training is crucial for your career, says Infosec Skills author Manuel Leos Rivas
As a 20-year IT and security professional, Infosec Skills author Manuel Leos Rivas knows the importance of ongoing skills development, but finding quality training resources related to web server security was difficult.
“A lot of the information you find online isn’t the best or it’s outdated,” Manuel said. “There are some trainings available — but they’re either very generic or very specific — so I liked the idea of creating something more comprehensive.”
FREE role-guided training plans
Manuel has been focused on web server and web application security since 2012 when his role shifted to include tasks such as configuring web application firewalls and hardening systems.
“Now I’m in a more operational position focused on cloud environments,” Manuel said. “I'm actively looking at attacks on our web servers, defending them and implementing countermeasures to make sure everything is okay.”
He used that job experience when structuring the new courses in his Web Server Protection Learning Path.
“I asked myself, ‘If I were to hire someone, what would I want them to be proficient in and what hands-on tasks would I want them to perform,” Manuel said. “Then I put those in my courses.”
Learning web server security
Manuel’s Web Server Protection Learning Path focuses on foundational web server security concepts and tools that apply to a variety of situations and technologies.
“It provides a quick start into web server and application security,” Manuel said. “It gives you the tools you need to do something usable and an understanding of where to go next. From there it's just about practicing different types of scenarios.”
The path includes a skill assessment, nine courses and a hands-on project covering topics such as:
- Hardening networks, hosts, web servers and applications
- Implementing web server controls
- Using command-line utilities to test web servers and extract logs
- Maintaining an efficient web application firewall configuration
- Deploying active defense mechanisms
“These courses will help anybody that has to manage a web server or a web application,” Manuel said. “Ideally, you should have a basic understanding of security along with some IT experience so you don’t struggle in the beginning.”
“For advanced students, there are additional challenges within the Web Server Protection Project,” Manuel said. “I leave it up to them to see how far they can go — what's the highest percentage of compliance or hardening they can implement without breaking it.”
Keeping cybersecurity skills relevant
Cybersecurity professionals need to refresh their skill sets every two or three years at most, Manuel said. Otherwise, you risk falling behind.
“There's always new technology coming out,” Manuel said. “Attacks are evolving every day. We’re introducing more content into web applications. There are many different frameworks working together. It creates a broader area that has to be protected.”
But that’s part of the fun of being a cybersecurity professional, Manuel said.
“I like it. I like playing with new toys, seeing what they're capable of doing and implementing new ways of keeping everything secure.”
FREE role-guided training plans
Check out Manuel’s new Infosec Skills courses below:
About Manuel Leos Rivas
Manuel earned a bachelor’s degree in Business Administration and Computer Systems Engineering at the Universidad Autonoma de Nuevo Leon in Mexico and a Master of Sciences in Information Security Engineering with focus on Incident Response at the SANS Technology Institute. He holds around 40 cybersecurity-related certifications.
He started working full-time in the information security field in early 2000. Since 2012, Manuel has worked as a security expert, including supporting over a thousand WAFs to protect a variety of web applications. Starting in 2016, Manuel committed part of his personal time to improve the OWASP ModSecurity Core Rule Set, becoming an active rule developer. Since then he has contributed numerous new rules, fixed false positives and false negatives and assisted with many other improvements.
In this Series
- Ongoing training is crucial for your career, says Infosec Skills author Manuel Leos Rivas
- Top-paying cybersecurity jobs and salary trends for 2024
- The importance of IT certifications in boosting your career
- Understanding the role of a network engineer in IT
- The role of the chief information officer (CIO) in cybersecurity
- What is a network engineer and how to become one?
- What does a system administrator do and how to become one?
- Cyber security hiring: Tips and best practices
- Cybersecurity soft skills: Career benefits of public speaking
- CompTIA Data+ certification: Opening doors to new careers
- Surviving cybersecurity burnout: Tips from industry experts
- How to make a mid-career change to cybersecurity
- 7 top security certifications you should have in 2024
- The Changing Role of the Modern SOC
- Discover the top 5 information security management certifications
- CySA+ versus CASP+: Is the CySA+ good enough for a career in cybersecurity?
- The best cybersecurity jobs in 2023: Trends, roles and salaries
- Top 10 penetration testing certifications for security professionals (2023)
- How to land an entry-level cybersecurity job: Essential skills and certifications
- 133 cyber security training courses you can take now — for free
- Breaking down barriers: How to make cybersecurity more inclusive and diverse
- Computer forensics interview questions
- The digital security forensic analyst salary guide
- Applying linguistics to cybersecurity: The journey of Jade Brown, a 2022 Infosec Scholarship winner
- The Path to “Career 4.0”: Amy Bonus leverages humanities, FinTech experience to bring Cybersecurity to the layperson
- Security engineer: Degree vs. certification
- Cybersecurity engineer: CyberSeek
- Infosec Accelerate Scholarship winner highlights essential qualities of a successful cybersecurity professional
- Career skills, imposter syndrome and intelligence-led pentesting | From the Cyber Work desk
- Cloud security engineer interview questions and answers
- Prior preparation results in a big payoff for Jason Mondragon, an Army veteran transitioning into cybersecurity
- Infosec scholarship winner Kandice Kucharczyk salutes her mentors as she sets her sights high
- Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2023]
- How VetsInTech and Infosec Laid the Path to Gaurav Panta’s New IT Career
- Infosec 2022 scholarship winner Anthony Torres: Bringing the Marine Corps ethos to the cyber domain
- Infosec Scholarship winner Chris Chisholm knows the power of service and diversity in cybersecurity
- Betta Lyon Delsordo, Infosec scholarship 2022 winner, is a true life-long learner
- A veteran transitions from military medical logistics to multi-national security analyst
- An Army National Guard member fast tracks his cybersecurity career transition with VetsinTech
- How a career harnessing Navy nuclear energy can power a transition to a Security+ certification
- What is a cloud administrator? Essential roles and skills
- Security control mapping: Connecting MITRE ATT&CK to NIST 800-53
- Should you take the CCSP/SSCP before the CISSP? [updated 2022]
- (ISC)² certifications: The ultimate guide [updated 2022]
- CCSP vs. Cloud+ [updated 2022]
- Data architect: The ultimate career guide
- The ultimate guide to ISACA certifications: Overview & career paths [updated 2022]
- I failed IAPP’s CIPP/C certification. Here’s how I recovered
- How learning to be "Always Flexible" helped a Marine in earning the Security+ certification
- How to learn and pass your next certification exam
- Mission accomplished: How one army veteran turned neurobiologist moved into cybersecurity
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Professional development
Professional development
Professional development
Professional development
The role of the chief information officer (CIO) in cybersecurity