How to Start a Career in Cyber Security 2021
- March 19, 2021
- Posted by: Muhammad Afaq Khan, CCIE #9070
- Category: Cybersecurity
Cybersecurity jobs are in demand worldwide. It is estimated that there are going to be 3.5 million jobs globally that will remain unfilled in just 2021 alone. According to The US Bureau of Labor Statistics, cybersecurity jobs are among the fastest-growing career areas nationwide.
Cyber Job Roles and Titles
Now, the jobs that require cybersecurity know-how have a range of titles. The most common individual contributor titles for Cyber Engineering roles are Security Analyst, IT Security Engineer, Security Architect, Systems Administrator, Network Security Engineer or Network Security Architect, and Security Software Developer. Now, the most common titles for the Cyber Tester roles are Penetration Tester, Ethical Hacker, Exploit Developer, Vulnerability Researcher, and Auditor. Forensic Technician, Incident Responder, Forensic Analyst are among the common titles held by the folks in Cyber Responder roles. So, if you are a beginner, you may be wondering, what is the best way to get your feet wet and eventually tap into this massive career opportunity.
Well, in this article, I am going to discuss the top 5 knowledge areas and the skills that you can develop on your own, for free, and put yourself on a path to becoming future cybersecurity professional. I am going to assume zero prior knowledge of cybersecurity for this discussion.
#1. Cybersecurity Jargon (and TLAs)
So, the first order of business is to pick up on some Cybersecurity jargon. At a minimum, learn everything that I have on this list. Antivirus, blacklist, open and closed source software, data loss prevention or DLP, data encryption, exploit, firewall, honeypot, IP address, insider threat, patch, VPNs, Adware, DDoS, Keylogger, Malware, ransomware, spyware, rootkit, trojan, virus, and worm. What’s more? Learn what is an attack vector, attack surface, IOCs, IOAs, APTs, bot, brute force attack, phishing not fishing, and social engineering. Now, you must be thinking, well I already know a lot of these, and I bet you do with all the news that passes our eyeballs about breaches and hacks each day.
#2. Linux (preferably Kali)
So, the Number Two skill that you can start working on is Linux. Linux is an incredibly important part of being a cybersecurity professional. Specialized Linux distributions such as Kali Linux are used by cybersecurity professionals to perform in-depth penetration testing and vulnerability assessments, as well as provide forensic analysis after a security breach. Linux is freely available for download and does not require a lot of resources to run. You can run Linux alongside Windows on your laptop using yet another free software known as the Hypervisor. I bet any laptop sold in the past 5 years can run Linux without even noticing it. So, you can download VirtualBox, the hypervisor from Oracle, and the Kali Linux, which is based on Debian distribution, and should be able to get going in less than half an hour. Just like Windows has a command prompt, Linux has a shell and the shell you need to focus on here is known as Bash. And here is the list of activities that you should focus on while learning Linux. If any of the activities sound unfamiliar, just do a google search. So, here is the list. View system information such as architecture, kernel version, filesystem, installed packages, running processes, and user sessions. View and modify network configurations like IP configuration, open ports and sockets, open files, and the installed services. Learn how the Linux system boots up. Find out the key system and service configuration files. Learn how the events get logged and the location of log files. Understand physical and logical file systems. Try out some communication utilities such as the SSH client. Once you have mastered those, then move onto shell scripting. Shell scripting is used to automate a list of Linux CLI commands, as opposed to entering them one by one. What’s more? You can also go for some of the Linux security modules such as SELinux and AppArmor. There are also a bunch of open-source tools that are used by Cybersecurity professionals to analyze and perform forensic such as Metasploit. You can also tinker with a packet capture tool known as Wireshark. Now, if you learn one thing each day, I bet you would be done with this list within a few weeks.
#3. Computer Networking
Another skill that is worth knowing is computer networking. You can use the OSI model to add some structure to your learning. We build networks to facilitate data communication between users, between machines, and between users and machines. The data communication happens using a bunch of networking devices that are known as routers, switches, wireless access points and protected with firewalls, intrusion prevention systems, and various security solutions. You should have an understanding of the configuration and management of routers, switches and firewalls, and network architectures. Cybersecurity totally intersects with networking and the skillset is known as network security. It can take many different forms, like network-based access control, using firewalls to filter traffic, and using encryption algorithms to protect the actual data communication or even data stored on a drive. Linux has a full-blown networking and network-based security stack. All of the networking devices are available in virtual or in software form-factor today, so what I suggest is that you go ahead and download Cisco Packet Tracer simulation software. It is available for free with plenty of premade topologies to help you get started in a matter of minutes. It can run on Windows, Mac, or Linux and allows you to create network topologies consisting of routers, switches, firewalls, what have you.
#4. Problem Solving (and Kepner-Tregoe)
Number four. Problem-solving skills. A career in cybersecurity requires you have analytical skills, the ability to critically think and use problem-solving to find a solution to a problem. Cybersecurity frequently requires the use of analytics or the ability to assimilate meaningful patterns into data. What you are learning is how to think like a hacker. There are a lot of people graduating from cybersecurity programs or completing cybersecurity certifications today, but they have no clue about the core skill set of problem-solving.
Last but not least is the coding know-how. No, you do not need to become a software developer or a programmer. The majority of entry-level cybersecurity jobs do not require coding skills. However, being able to write and understand code will be a big plus on your resume. I don’t need to tell you where and how to get started with some very basic coding skills. All it takes is to pick a language say Python and open up an account on Repl and get started without even downloading a single executable and installing any software. If you prefer reading a book, you can get Python Crash Course from Amazon. It is a fast-paced, no-nonsense guide to programming in Python.
So, now let me recap the five skills and areas that we discussed. Number one. Learn that Cybersecurity jargon and all those TLAs. Like, you should know what attack surface and attack vectors are. Number two. Become familiar with Linux OS and the Linux shell and you should be able to perform some system-level activities. Number three. Computer networking. Your goal is not to become a network engineer or a network architect. You want to learn networking because networks are pathways to deploy exploits and protecting both wired and wireless communication is an absolute must. Number four. Problem-solving and analytical skills. Back in the days when I used to work at Cisco Security TAC, I remember they sent us to a training known as Kepner-Tregoe or KT. It was the absolute best training I have ever seen on Root Cause Analysis and problem-solving skills. Give me a thumbs up if you have taken KT classes. Last but not least, is Coding. Again, you are not signing up to become a software developer or some kind of hardcore coder. Your goal is to build some familiarity and know-how of coding and there is no better way to do that than picking a language and writing some code. You never know where that takes you. With so much focus on coding over the past 10 years, there is an enormous number of free resources available online to get you started.
Now, here is my final thought. As Simon Sinek says, you should start with your WHY. So, you don’t want to jump into Cybersecurity because it sounds cool, or you heard someone saying that on YouTube. If technology is your passion and you are someone who’s committed to a lifelong learning, there is no need for you to wait around for another career opportunity. This maybe it. As someone said, eighty percent of success is showing up and the world is run by those who showed up. THANK you for reading the article, I hope you found it helpful. I’d love to hear your thoughts in the comments.
Download Cyber Career Roles Summary
Enter your email to receive your Cyber PDF report.
Your PDF cyber summary report has been sent to your email address.
Author:Muhammad Afaq Khan, CCIE #9070
5 (1) The United States is home to the world’s most iconic cybersecurity companies such as Palo Alto Networks, Fortinet, FireEye, CrowdStrike, McAfee, Tanium and I can go on and on but here is the point. Despite being at the cutting edge of cybersecurity technologies, US enterprises and the government get successfully targeted and hacked […]
5 (1) If you need more reasons to dive into a Cybersecurity career, here are a few pieces of information to consider. Gartner says that the cybersecurity spending is expected to reach $123 billion and continue to grow at about 10% each year for another 8 years. Just for context. At 10,000 feet, the cybersecurity […]
5 (1) The global Cybersecurity market is worth $202B today and is expected to reach a whopping $433B by 2030. The cyber security market consists of five major segments and those are network security and endpoint, threat detection and intelligence, identity access management or IAM, data and cloud security, encryption, and cryptography, and a few […]
5 (1) If you didn’t know, the SolarWinds hack was not one of, but the most sophisticated software supply chain attack to ever occur. SolarWinds hackers enjoyed unfettered access to thousands of SolarWinds customers worldwide for 9 months. They could have continued it for even longer if not for the unforced error on their part […]
5 (1) Another week, and another hack. If the SolarWinds and Microsoft Exchange hacks were not enough, F5 to the rescue. With a high-severity vulnerability, a patch-ASAP-grade, you can bet attackers reacted like sharks that smell blood in the water. Just for some historical context, a similarly critical remote code execution or RCE vulnerability in […]