How to Start a Career in Cyber Security 2021 - read the full article about Cybersecurity 2021, Cybersecurity and Network security and pen testing from Cybersecurity Leadership on Qualified.One
Cybersecurity jobs are in demand worldwide.
It is estimated that there are going to be 3.5 million jobs globally that will remain unfilled in just 2021 alone.
According to The US Bureau of Labor Statistics, cybersecurity jobs are among the fastest-growing career areas nationwide.
The BLS predicts cybersecurity jobs will grow 31% year over year through 2029, this is over seven times faster than the national average job growth of 4%.
Cyber-attacks are becoming more and more sophisticated and devastating every passing day.
We hear a lot about high-profile incidents like SolarWinds and Microsoft Exchange hack, but truth is that no one with an online presence is safe from these attacks.
Now, the jobs that require cybersecurity know-how have a range of titles.
The most common individual contributor titles for Cyber Engineering roles are Security Analyst, IT Security Engineer, Security Architect, Systems Administrator, Network Security Engineer or Network Security Architect, and Security Software Developer.
Now, the most common titles for the Cyber Tester roles are Penetration Tester, Ethical Hacker, Exploit Developer, Vulnerability Researcher, and Auditor.
Forensic Technician, Incident Responder, Forensic Analyst are among the common titles held by the folks in Cyber Responder roles.
So, if you are a beginner, you may be wondering, what is the best way to get your feet wet and eventually tap into this massive career opportunity.
Well, in this video, I am going to discuss the top 5 knowledge areas and the skills that you can develop on your own, for free, and put yourself on a path to becoming future cybersecurity professional.
I am going to assume zero prior knowledge of cybersecurity for this discussion.
My name is Afaq.
Hope you’re doing well.
Now, before we discuss the skills, I have a quiz.
So, help me answer this.
After a life of cybercrime, how did the hacker get to heaven? Well, he got into heaven because the password hadn’t been changed in 2000 years.
So, the first order of business is to pick up on some Cybersecurity jargon.
At a minimum, learn everything that I have on this list.
Antivirus, blacklist, open and closed source software, data loss prevention or DLP, data encryption, exploit, firewall, honeypot, IP address, insider threat, patch, VPNs, Adware, DDoS, Keylogger, Malware, ransomware, spyware, rootkit, trojan, virus, and worm.
What’s more? Learn what is an attack vector, attack surface, IOCs, IOAs, APTs, bot, brute force attack, phishing not fishing, and social engineering.
Now, you must be thinking, well I already know a lot of these, and I bet you do with all the news that passes our eyeballs about breaches and hacks each day.
So, the Number Two skill that you can start working on is Linux.
Linux is an incredibly important part of being a cybersecurity professional.
Specialized Linux distributions such as Kali Linux are used by cybersecurity professionals to perform in-depth penetration testing and vulnerability assessments, as well as provide forensic analysis after a security breach.
Linux is freely available for download and does not require a lot of resources to run.
You can run Linux alongside Windows on your laptop using yet another free software known as the Hypervisor.
I bet any laptop sold in the past 5 years can run Linux without even noticing it.
So, you can download VirtualBox, the hypervisor from Oracle, and the Kali Linux, which is based on Debian distribution, and should be able to get going in less than half an hour.
Just like Windows has a command prompt, Linux has a shell and the shell you need to focus on here is known as Bash.
And here is the list of activities that you should focus on while learning Linux.
If any of the activities sound unfamiliar, just do a google search.
So, here is the list.
View system information such as architecture, kernel version, filesystem, installed packages, running processes, and user sessions.
View and modify network configurations like IP configuration, open ports and sockets, open files, and the installed services.
Learn how the Linux system boots up.
Find out the key system and service configuration files.
Learn how the events get logged and the location of log files.
Understand physical and logical file systems.
Try out some communication utilities such as the SSH client.
Once you have mastered those, then move onto shell scripting.
Shell scripting is used to automate a list of Linux CLI commands, as opposed to entering them one by one.
What’s more? You can also go for some of the Linux security modules such as SELinux and AppArmor.
There are also a bunch of open-source tools that are used by Cybersecurity professionals to analyze and perform forensic such as Metasploit.
You can also tinker with a packet capture tool known as Wireshark.
Now, if you learn one thing each day, I bet you would be done with this list within a few weeks.
Another skill that is worth knowing is computer networking.
You can use the OSI model to add some structure to your learning.
We build networks to facilitate data communication between users, between machines, and between users and machines.
The data communication happens using a bunch of networking devices that are known as routers, switches, wireless access points and protected with firewalls, intrusion prevention systems, and various security solutions.
You should have an understanding of the configuration and management of routers, switches and firewalls, and network architectures.
Cybersecurity totally intersects with networking and the skillset is known as network security.
It can take many different forms, like network-based access control, using firewalls to filter traffic, and using encryption algorithms to protect the actual data communication or even data stored on a drive.
Linux has a full-blown networking and network-based security stack.
All of the networking devices are available in virtual or in software form-factor today, so what I suggest is that you go ahead and download Cisco Packet Tracer simulation software.
It is available for free with plenty of premade topologies to help you get started in a matter of minutes.
It can run on Windows, Mac, or Linux and allows you to create network topologies consisting of routers, switches, firewalls, what have you.
A career in cybersecurity requires you have analytical skills, the ability to critically think and use problem-solving to find a solution to a problem.
Cybersecurity frequently requires the use of analytics or the ability to assimilate meaningful patterns into data.
What you are learning is how to think like a hacker.
There are a lot of people graduating from cybersecurity programs or completing cybersecurity certifications today, but they have no clue about the core skill set of problem-solving.
Last but not least is the coding know-how.
No, you do not need to become a software developer or a programmer.
The majority of entry-level cybersecurity jobs do not require coding skills.
However, being able to write and understand code will be a big plus on your resume.
I don’t need to tell you where and how to get started with some very basic coding skills.
All it takes is to pick a language say Python and open up an account on Repl and get started without even downloading a single executable and installing any software.
If you prefer reading a book, you can get Python Crash Course from Amazon.
It is a fast-paced, no-nonsense guide to programming in Python.
All of the links are in the description.
So, now let me recap the five skills and areas that we discussed.
Learn that Cybersecurity jargon and all those TLAs.
Like, you should know what attack surface and attack vectors are.
Become familiar with Linux OS and the Linux shell and you should be able to perform some system-level activities.
Your goal is not to become a network engineer or a network architect.
You want to learn networking because networks are pathways to deploy exploits and protecting both wired and wireless communication is an absolute must.
Problem-solving and analytical skills.
Back in the days when I used to work at Cisco Security TAC, I remember they sent us to a training known as Kepner-Tregoe or KT.
It was the absolute best training I have ever seen on Root Cause Analysis and problem-solving skills.
Give me a thumbs up if you have taken KT classes.
Last but not least, is Coding.
Again, you are not signing up to become a software developer or some kind of hardcore coder.
Your goal is to build some familiarity and know-how of coding and there is no better way to do that than picking a language and writing some code.
You never know where that takes you.
With so much focus on coding over the past 10 years, there is an enormous number of free resources available online to get you started.
Now, here is my final thought.
As Simon Sinek says, you should start with your WHY.
So, you don’t want to jump into Cybersecurity because it sounds cool, or you heard someone saying that on YouTube.
If technology is your passion and you are someone who’s committed to a lifelong learning, there is no need for you to wait around for another career opportunity.
This maybe it.
As someone said, eighty percent of success is showing up and the world is run by those who showed up.
THANK you for watching the video, I hope you found it helpful.
I’d love to hear your thoughts and I will see you back here on Monday and Friday sometimes on Wednesday.
I will see you soon.
Bye for now.
Cybersecurity Leadership: How to Start a Career in Cyber Security 2021 - Cybersecurity