HOW TO KICKSTART CAREER IN CYBER SECURITY
To start a career in Cyber Security from scratch is quite difficult; the industry is complex, and so are the requirements. There are always jobs, but the companies hunt for people with the right skillset and attitude. Gone are the days when people started their career with one type of job or industry and would retire from it, and the children follow their legacy. People are now more open to switching companies, trying business and switching careers 180 degrees.
This article is going to be of interest to the ones who want to break into the cybersecurity market, be it a fresher or someone with limited or no experience in the IT industry, as well as for those who are already in the industry, but need to up-skill.
cybersecurity career Cyber Security market has grown multiple folds over the last few years, and so has the demand for skilled professionals in it. Companies decide if they want to create their cybersecurity team or outsource the activity to other companies. It has opened the market for companies that offer cybersecurity as a service. They hire people with all kinds of security-related skills. Companies offer services like security consultation, managed services, full security architecture setup, and security devices/products. Have an idea of what is trending in the market, know your goal. Check out the below link for the top 10 cybersecurity companies to look out for in 2018.
Basic Skills Required In Cyber Security Field
Knowledge of networks
No matter what your experience and the choice of a subdomain, the knowledge of networks is something you cannot do without in cybersecurity. Although there are teams to deal with networks, they focus only on the functionality and not on the security aspect. If you are someone who is looking for a career in security make sure that you have the knowledge of networks, routing, switching, VLAN concepts, sub-netting, etc. You may refer to the CCNA routing and switching study material for getting the basics clear. Once you are done with networks, go for network security concepts– algorithms, security configurations of devices, encryption, etc. It will give you an edge over other cybersecurity professionals in the market
Basic computer knowledge
Most of the job descriptions insist that the candidate must have basic knowledge of computers. For a career in cybersecurity, basic knowledge of how to use a computer for daily tasks like Excel and PowerPoint. A cybersecurity professional should know how the computer works, basics of memory management, garbage collection, folder sharing concepts, permissions, different types of accesses in the system, ports and system firewalls, IP assignment and various interfaces, registry understanding to some extent can be a big plus. This knowledge can help users with memory forensics, system hardening, access management, penetration testing, etc. will also help you in performing the tasks easily by finding alternative ways to accomplish it; e.g., software installation can be governing through directory as well as a registry entry.
At Least one computer language
One thing missing in the cybersecurity domain is enough number of professionals with knowledge of coding. If you dig deep enough, you will observe that almost everything drills down to code. Below are a few reasons why the experience of coding is necessary.
- Antivirus will block standard tools at times. In such cases, you should be able to write your devices to get the tasks done.
- Knowledge of Assembly language is requiring for performing reverse engineering and malware analysis. How the register values are manipulating and what is its effect.
- Tasks can be tedious sometimes, and you need to automate tasks so that you have time for other jobs.
- Most of the tools are open-source and can be customized using scripting languages. It will enhance the power of the machine if you know how to do it. You can create burp suite extensions, Metasploit modules using ruby and python, exploitation scripts, etc. Understand how their native scripts work rather than just executing it like a script youngster.
If you are still stuck with how to get through this, go for only two languages – Python and C., You can do much damage with them. The knowledge of scripting languages is a big plus and can sometimes be a tiebreaker when it comes to selection.
Now you know what is required to get into cybersecurity, what skills you possess and what you do not. Once you get on the floor, you might land up in a team where the roles and responsibilities are limited, or you might have to do all the work. In the first case, you will master a particular skill, and in the latter, you will be the jack of all trades and master of none. Both have their pros and cons, but one thing which remains common in both is the projects. It will help you to decide your area of interest, strengths, and weaknesses. Below are a few project areas you can target.
Those who are not into cybersecurity can also learn the skills and get some free online projects to practice. They can work and contribute to various communities like OWASP, which can then be adding to the resume; this is a plus as it proves your interest in the field. If you cannot find projects go for the related knowledge and that should suffice.
Security device deployment and Network security
If you have an interest in firewalls, proxies, and other security devices and how they fit in the network, this is your piece. If you get a chance to work with the deployment team, grab it with both hands. After deployment, the next steps are optimization, configuration management, auditing and governance, and up-gradation. If you know the ground level basics, the other parts become much more exciting and efficient.
If you have the attitude to break into networks and applications, you should hunt for pen-testing projects. It sounds cheesy, but it takes a lot of time to become an expert at it. You can set up a lab in your laptop using Virtual Box for practicing pen-testing. You can find vulnerable machines online to download- learn and test your skills on.
This is something very few people are into, for a couple of reasons:-
- Lack of skills to understand the code
- It is a time taking the process to do the analysis manually.
- Malware is becoming advanced day by day.
So if you have related experience, or have done some research; the chances of you getting a boost in your career are high. With all the technology in place, this is something that will still require manual intervention and human interpretation. It is not recommending to start malware analysis on your own, as the chances of you getting infected or spreading the infection unknowing are relatively high. Even the knowledge of this subdomain is worth gold. It took some time for the experts to figure out the kill for the malware; all this is a part of malware dissection and analysis.
How to get qualified to become a Cyber Security professional – Top 5 steps
One of the problems faced by professionals in the initial years of cybersecurity career is that they are not able to gain an overall knowledge of cybersecurity as a domain. Work will give you experience, but that will not be able to cover all the aspects of the area. To get an overall knowledge, go for certifications as it will enhance your knowledge base, and can also be a deciding factor in your hiring. There are multiple certifications, each having its pros and cons.
Below are a few certifications which are worth the buck. Start with CEH if you are a newbie to security or want to enter the domain. Be sure to check the eligibility criteria before you are a price.
- EC-Council – CEH, CHFI, LPT
- Offensive security – OSCP, OSWP
- ISC2 – CISSP
- ISACA – CISA
- Networking with people
Get connected with people who are working in cybersecurity. Try to get joining with WhatsApp groups, Telegram groups, LinkedIn groups, conferences, YouTube subscriptions, blogs, security websites, etc. Getting connected can help you gain insight into the market. They can even help you with technical knowledge and assist in understanding the secrets of the cybersecurity domain, which otherwise will take some time for you to experience yourself.
Know the security map
Security is an ocean in itself; you can start from anywhere and once you have your foot in the door, explore and navigate the domain. There are various subdomains that you can choose to master– pen-testing, malware analysis, security auditing, security operations center, Incident handling, reverse engineering, etc. You are not expected to learn all of it, but some knowledge of the domains will always be helpful to connect the dots afterward. It is a time taking process, and I would suggest you do not hurry. Choosing a subdomain and working towards it is complicated, take time to understand and work your way towards it.
Don’t be choosy!
For starters, try to be a “YES MAN” when it comes to working. Gain experience in whatever comes your way. Being very selective in the first place will not pay off very well later. Try to gain enough expertise– even it is operations. Some projects and tasks might seem cheesy but to reach there, you need to prove your worth. New-comers are often placing into security operations, which might become monotonous after some time, but it takes a lot of time to master that as well. A manager who has worked his/her way to the top will be more aware of the lower level complexities.
Cyber Security is like a race and to be in that race you need to keep up the momentum; else you will be outrun soon. Ensure that you read enough and be updated on what is happening in the industry. There is always something new which you need to deal with on a day-to-day basis. Subscribe to various websites that can help you with the news feeds. Keep your eyes and ears open.
Career opportunities in cyber-security are readily available and up for grabs, but do you have what it takes to get through and sustain? The article has covered various aspects of what to do, what to learn; but in the end, it all boils down to how you apply the skills. Knowing a tool or a language is just the beginning, use it to excel. Most importantly, understand what you are doing and what results you are expecting- document it and report it. Management should have a clear idea of what is the risk if a particular action is not taking. So, get more profound insights into issues and solutions and come up with high points– this will give you visibility and a much-needed kick-start.
A BEGINNERS GUIDE TO CYBERSECURITY TRAINING, CERTIFICATION AND JOBS