Want to develop the skills to pursue a cyber security career, but don't know where to start? It's an understandable challenge. With so many career paths and so many things to learn, you don't know what you don't know. That's where we come in.
We've broken down cyber security into five stages. For each stage, we describe the skills you should be learning and the certifications you might choose to go after. With this guide, you won't just learn what skills you need, but in what order you should develop them.
Let's dive in and learn what cyber security skills you need for this exciting career.
Stage 1: Essential IT Knowledge
Like most industries, the best place to start is at the beginning. For those looking at cyber security as a future career, having a solid Information System (IT) skill foundation is incredibly important. This includes hard skills (how you perform with your hands on a keyboard) and soft skills (performing while not looking at a monitor). Let's break these down further.
IT Troubleshooting
It doesn’t matter what stage of an IT or security career you find yourself in; troubleshooting everyday IT problems is an essential skill. This includes the understanding of safety and preventative maintenance of computers.
- Understanding troubleshooting methodology
- Installing and configuring software
- Managing user account permissions
- Connecting to corporate share drives
Troubleshooting an IT problem is the foundation for any successful IT career.
Understanding of PC Components and Firmware
Of course, it is almost impossible to troubleshoot something you do not understand, which leads us to the basics of PC Components and Firmware.
- Internal computer hardware and components
- Connecting peripherals
- Updating drivers
- Updating device firmware
- Connect to networks and the internet
Identifying the different physical components of a modern-day computer and understanding how they work together in the system is an essential trait for any IT professional. This is the difference between plugging in a monitor that actively uses a PCI graphics card and immediately getting to work or incorrectly connecting to the integrated DisplayPort and being greeted by a black screen.
Windows and Linux Operating Systems
A successful IT and cyber security career will revolve around working within Windows or Linux operating systems. Understanding how these operating systems function, store data, interact with software, and how users can manipulate them to achieve workplace goals is imperative. You may not be a master, but you understand what these operating systems are and can interact with them.
- Installing operating systems
- File/Folder structure
- File system and file sharing
- Task management
- Program management and application software
- Data storage
Understanding how these operating system work will support a future understanding of how threat actors attack them and how defenders protect them.
Command Line Experience
Operating systems and their subsequent command line interfaces go hand in hand with life as an IT professional. A great starting place for these tools is knowing how to navigate a system simply. This can include moving from a Downloads folder to the Desktop and back, or from the root drive to a User profile. Knowing how to navigate will make more complex tasks easier to accomplish.
Documentation, Report Writing, and Non-Technical Communication
Being able to document processes, write reports, and communicate with non-technical team members and stakeholders is an essential skill. Documentation allows for standardizing processes and projects to ensure nothing falls through the cracks. Report writing keeps accurate tracking for previous engagements, and communicating project status and needs is crucial.
- Document troubleshooting methodology and findings
- Record changes and work performed for audit trails
- Write non-technical reports and summaries
- Write how-to walkthroughs
- Document company resources
Addressing technical tickets, worried clients, and managerial staff all require different approaches and resources. Having this experience will help propel your career in IT and security forward.
Resources
Now that we’ve discussed essential IT concepts, how does one develop these skills? Two great options are the CompTIA IT Fundamentals and CompTIA A+ certifications. These certifications showcase a candidate's understanding of essential IT domains and certify their competency through official testing procedures.
Stage 2: Networking
Networking is the cornerstone of the IT industry; the primary goal of almost every computer today is to connect to some sort of network to share information. This stage involves understanding how this communication occurs, including the hardware, protocols, software, and setup.
OSI Reference Model
The OSI Reference Model is a conceptualized overview of how network communications move from one device to another. It showcases the different stages network packets move through to get from one application to another. The seven layers of the OSI Reference Model explain how network communications work from a high-level vantage point.
TCP/IP and IPv6
While understanding networking at a high level with OSI is important, understanding the specific communication protocol(s) used between machines is just as important. Identifying if two machines are communicating via IPv4 or IPv6 allows cyber security professionals to work towards breaking down the communication to find artifacts left behind by threat actors. Further, understanding these concepts allows penetration testers to manipulate these protocols to achieve their goals.
Networking Topology
Networking topology comes in two forms: physical topology (the physical layout of switches, hubs, and routers) and logical topology (how the network packets traverse the network channels).
- Topology types
- LAN/WAN/MAN
- Routers vs switches vs hubs
Understanding an organization’s physical and logical topology allows cyber security professionals to identify appropriate defensive measures to take and where to put them.
Routing and Switching
Along with networking topology comes aspects such as routing and switching. Routing and switching set the actual communication paths that network communications are taking for devices to communicate with one another.
- MAC addresses
- Switching tables
- Unicast vs broadcast vs multicast
This is important to understand as it explains an organization's legitimate network traffic flow.
Network Protocols and Ports
Networking protocols like FTP, SSH, POP, and ICMP can be viewed almost like different languages a machine might ‘speak.’ Additionally, networking ports can be conceptualized almost like different dedicated phone lines where a specific protocol is expected in a specific port.
- The most commonly used protocols
- Well-known ports
- TCP vs UDP
As you move deeper into the industry, becoming intensely familiar with networking protocols and their common-most associated port becomes an increasingly important skill.
DNS (Domain Name System)
We now understand how networking devices get across an implemented network medium, how they communicate, and with what protocols. But how do devices accurately find each other within a large-scale network? That is where the Domain Name System (DNS) protocol comes into the world of IT.
- Top-level and second-level domains
- Authoritative Name Servers
- Root servers
DNS is the primary protocol that dictates how network devices connect to the correct device in the correct location.
Virtualization
Virtualization, especially networking virtualization, has added a layer of complexity to organization networks in how devices communicate. Grasping the concepts of virtual network interface cards (vNICs) and how they are managed is essential in understanding virtualization at a networking level.
Resources
Networking can be one of the most daunting aspects of cyber security, but it is also one of the most critical. Luckily, resources exist for those looking to improve their networking skill sets. More certifications enter this realm, including CompTIA’s Network+ and Cisco System’s CCNA certifications.
Stage 3: General Cyber Security
Now that a strong foundation of general IT concepts and knowledge has been achieved, moving into cyber security has finally emerged. Here we look at cyber security with a wide lens, covering domains like risk assessment, security architecture, application security, governance, security operations, encryption, and authentication. You are learning a very broad range of topics and a very shallow level.
Risk Management
While risk management is one of the least technical security areas, understanding risk is core to applying appropriate security measures to an organization. Grasping the concepts of threats, vulnerability, risks, and acceptable risk tolerance allows a security practitioner to impact an organization in the most valuable way - implementing as much security as is appropriate.
- Risk assessments
- Risk tolerance
- Business continuity planning
Not all risks will be viewed the same between organizations, and security staff needs to identify what risks are the highest priority to their specific organization.
Cryptography
Cryptography is a fundamental aspect of the ‘security’ side of ‘cyber security’ and pertains to one of the fundamental branches of the CIA Triad - Confidentiality. Data at rest and in motion can be encrypted in many different ways via several approaches to applying cryptographic concepts.
- Encryption vs decryption
- Symmetric vs asymmetric encryption
- Public Key Infrastructure (PKI)
- Block vs stream ciphers
Identity Access Management
Identity access management (IAM) dictates what users can do and is integral to concepts like least privilege and separation of duties. Understanding how IAM works is crucial to identifying where pitfalls might be in your organization’s security posture on a user level.
Security Tools
Security tools is a broad term that can apply to many tools that a security practitioner might need to be familiar with. Some of the most popular tools today are:
- Wireshark
- Virtual machines
- Tcpdump
- Scripting languages (Python, Perl, Ruby)
- Metasploit
- Honey pots
- VPNs.
This list can also change drastically depending on whether you focus on offensive or defensive security. The more familiar you are with different security tools, the easier it is to accomplish different tasks.
Securing Systems
Applying methodologies to secure a system is the bread and butter of defensive cyber security practices. Defenders apply hardening techniques against password attacks, denial of service attacks, data loss prevention, and defense-in-depth.
- Multi-factor authentication
- Harddrive encryption
- Endpoint detection and response
- Group policy management
Procedures like patch management and corporate application policies must also be considered. Securing a system properly is the perfect test of a security practitioner’s abilities.
Physical Security / Social Engineering
Physical and social security techniques can be taken outside of the technical ways to secure a computer system. Physical security can apply to storing critical hardware and systems in secure rooms and environments with proper emergency response capabilities - such as fire suppressant systems.
Additionally, social engineering - attacks against individuals themselves - is a common tactic that threat actors use today to target organizations. Understanding how threat actors target individuals and being able to combat that is an important skill set in today's age.
Incident Response
Even in the most secure of environments, compromises might still occur. When these occur, being able to respond accordingly is critical. Understanding the incident response lifecycle and identifying the different stages an organization might have to work through during an incident is a great skill set for any security professional if the need arises. At this stage, you are only learning incident response as a concept.
- Incident triage and case management
- Process chain analysis
- Network communication analysis
- Containment and eradication
Resources
Certifications like CompTIA's Security+ and CySA+, EC-Council's CEH ANSI, and GIAC's GSEC are suitable for this stage in your career development.
Stage 4: Specialty Skills
A solid base of IT and security-focused skills have been achieved, but it is now time to get even deeper into the cyber world. Here more specialized and niche skillsets are needed to continue developing a cyber security career.
At stage four, you are entering either the Advanced Generalist route or a Cyber Security Specialization (either on the offensive - red team - side or the defensive - blue team - side). Many of the skills developed at this stage depend on the specific career you are aiming for.
Advanced Generalist Cyber Security
One path that a candidate can pursue is to deepen their security knowledge on a broad scale. Here, you can develop more complex understandings of technical aspects such as network security design and defense-in-depth, as well as nontechnical aspects like risk assessments and regulatory frameworks. In addition, an understanding of privacy laws and potential legal risks can also be pursued.
- Privacy and law (GDPR)
- Standards, frameworks, and regulations (GRC, PCI-DSS)
- Risk management and assessment (DRP)
Advanced generalists often know a bit about everything but not particularly in-depth on any one topic. Usually, advanced generalists pursue certifications such as the CISSP, CIPT, or CISA.
Offensive Cyber Security Specialist
One of the most sought-after career paths in cyber security is the offensive security specialist.
Often called an ethical hacker or penetration tester, an offensive security specialist emulates a threat actor to identify security vulnerabilities or risks before a legitimate threat actor can find and act on them, thus allowing an organization to fix those risks and vulnerabilities before suffering a compromise.
Offensive security specialists often conduct web application hacking, network penetration testing, and social engineering emulation.
- Bug bounty
- Network penetration testing
- Web application hacking
- Cloud hacking
Aspiring professionals have a vast amount of training available to them. CompTIA’s PenTest+ certification and Offensive Security’s OSCP are two of the most recognized certifications in the industry.
Defensive Cyber Security Specialist
On the opposite side of the security house is the defensive-focused security specialist. These professionals can focus on security operations, incident response, digital forensics, and malware analysis.
Defensive security specialists often fill roles such as Threat Hunters, SOC Analysts, and DFIR specialists. These positions require some of the most complex understandings of networking concepts, operating system forensic artifacts, and low-level programming languages such as Assembly and C.
There are many specializations at this stage, and the skills are certifications you pursue will be tailored to your goals. An AWS security engineer will require different skills than a malware analyst.
- Blue team & security operation center (SOC)
- Threat intelligence
- Threat hunting
- Advanced network security
- Advanced cryptography
- DevSecOps
- Digital forensics
Depending on your focus, you may consider certifications like EC-Council’s C|HFI or C|CA, or GIAC GSOC.
Stage 5: Expert In Cyber Security
Experts in cyber security are often continuously learning and practicing their skill sets in their specific areas of security.
As before, there are two main routes to move into. The Expert Generalist Cyber Security Governance path leads to management and leadership positions. Expert Specialists will become incredibly proficient in one or more niche areas of either offensive or defensive security.
Expert Generalist Cyber Security and Governance
The expert generalist often moves into cyber security management. These are often overarching security decision-makers, CISOs, compliance managers, or directors. The combination of wide and deep knowledge allows this security professional to address security problems by understanding all sides.
- Cyber security management
- Project management
An expert generalist may pursue the CISM or CRISC certifications or become a PRINCE2 practitioner. SABSA, GIAC Security Expert, and NCSC CCPLP (Certified Cybersecurity Professional Lead Practitioner) are other possibilities.
Offensive Cyber Security Specialist Expert
Experts in offensive security often become highly specialized in a specific approach to ethical hacking. Experts in web application penetration testing might develop skills in several web-based programming languages like JavaScript and PHP to create custom exploits, or expert network penetration testers might begin creating kernel exploits to bypass EDR solutions.
- Industrial control system (ICS) penetration testing
- Advanced hacking with Python & Bash
- Exploit and malware development
- Mobile and phone hacking
At this level, you may work towards your OSCE3, OSWE, CCSAS (CREST Certified Simulated Attack Specialist), or GXPN.
Defensive Cyber Security Expert
Becoming an expert in defensive cyber security often means moving beyond general defensive security practices into more complex specific defensive techniques against threat actors. These include reverse engineering malware and advanced malware analysis, industrial control system security, and cloud/containerized security practices.
- Reverse engineering & malware analysis
- Container security
- Industrial control system (ICS) security
- Multi-tenant cloud security
As we’ve seen in Stage Four, the skills developed and certifications earned here depend on your focus. You may consider certifications like GIAC Reverse Engineering Malware, IACIS Certified Forensic Computer Examiner (CFCE), or GIAC Network Forensic Analyst (GNFA).
Conclusion
The cyber security industry offers a diverse career path with many different endgame security focuses. With a solid foundation in fundamentals like troubleshooting, PC components, networking, and operating systems, aspiring professionals can build a strong base to enter the cyber security industry.
Further progression into cyber security offers specialized stages, such as advanced general cyber security, governance, and offensive or defensive fields. Individuals can also achieve expert-level positions in areas like exploit development, malware reverse engineering, or information security management.
Frequently Asked Questions
The simplest answer is that knowing code is not required in the early stages of your cyber security career. However, strong coding knowledge can greatly enhance your ability to tackle complex tasks.
Advanced offensive security practitioners often encounter known exploit code that requires modifications to work in your specific situation. Similarly, a defensive security specialist might need to troubleshoot a script that allows for analyzing large data sets and thus needs to understand the original code.
Although coding skills are not as important starting out, especially in the first two stages, they can be incredibly useful later.
The most important thing to learn first is the fundamentals of IT. Establish a solid grasp of computer and networking concepts and topics before diving into the more complex security-focused topics; think CompTIA A+ and Network+. If you are strong in the essentials, then you can move into general security topics like those found in the CompTIA Security+ syllabus.
Some tools include:
• Wireshark
• Virtual machines
• Tcpdump
• Scripting languages (Python, Perl, Ruby)
• Metasploit
• Suricata / Snort
• Nmap
• BloodHound
• Hashcat
There are many ways to practice cyber security. You can also learn independently by building a home lab, often using virtual machines through VirtualBox or VMware. Additionally, there are lots of ‘capture the flag’ hacking practice sites worth checking out.
from StationX https://bit.ly/3R4FU95
via IFTTT
No comments:
Post a Comment