>> The more I learn about the networking side the more interested I am in how to secure this, and I'm less interested in writing code.
Be warned, most 'security' jobs are running scripts and programs and filling out checklists. If you were interested in writing code I'd suggest books like Reversing: Secrets of Reverse Engineering or Hacking: The Art of Exploitation
That said, a good way to get into it is to find any kind of local user groups, either in industries or at colleges, and find ones that offer security classes and do capture the flag (CTF) events.
This is a good way to get familiar with the tools you would be using and even better, a good way to meet other people in your area who might know of job openings and such.
It seemed like a decent introduction, I am a beginner programmer/developer (doing Odin project at the moment and only done some small projects before).
Without knowing the book, I think that not that much has changed. There's something new every day, but just as keeping up with that is a regular task, so would be transitioning from the state presented in any book or tutorial to the practical application you are facing today. Everyone does stuff slightly differently, and by and large the attacks haven't really changed.
Memory corruption and cross-site scripting have both been around for decades and are still vulnerabilities you'll find daily in today's work. The only bugs that have actually gotten a lot better is sql-injection and password storage (not guidelines), the former with parameterized queries and the latter with hashing (even if it's frequently still plain sha1). But the principle still applies: just last week the customer put text into a json string ('''<script>data=JSON.parse("<?php echo $data;?>");</script>''') which is basically identical to an sql injection but with a different language (i.e. javascript). If you learned about sqli a decade ago, that knowledge still works today.
As a tester, I don't know what you mean. I make my own tests, like, there's nobody telling me which checklist to work down when testing a particular webpage. Or do you mean the conceptual tests, i.e. finding whole new concepts such as XSS or <insert favorite javascript library> template injection?
Edit: From a comment[1] that happened to be just below yours when I loaded the page (emphasis mine):
> If penetration testing is your job [...] run a bunch of scripts/tools against a list of IP addresses/hostnames and generate a template-based report. That is tedious, mindless work.
> There's "security consulting" too which often involves at lot of actual penetration testing (not just running scripts)
Is that the distinction you're trying to make? I happen to be in the latter category but perhaps I'm branding myself wrong when I say I'm a tester (my business card says consultant, not tester, but I also test things so I felt addressed when you said tester).
Be warned, most 'security' jobs are running scripts and programs and filling out checklists. If you were interested in writing code I'd suggest books like Reversing: Secrets of Reverse Engineering or Hacking: The Art of Exploitation
That said, a good way to get into it is to find any kind of local user groups, either in industries or at colleges, and find ones that offer security classes and do capture the flag (CTF) events.
Here's one in Michigan, for example:
https://www.merit.edu/security/training/
This is a good way to get familiar with the tools you would be using and even better, a good way to meet other people in your area who might know of job openings and such.
Here are some details on CTF events:
https://cybersecurity.att.com/blogs/security-essentials/capt...