So you want to do Cybersecurity (Part 2)
As I do more interviews for incoming analyst, I discover more and more that I don't think people realize the literal mountain of resources that are available to them when it comes to Cybersecurity. It's not to put anyone down, in honesty, until I got into the field I would not have known about half of the free stuff out there aimed purely at helping you learn about Cybersecurity. So I want to do what I can to turn over as many of the resources that I know about so that you can get your start in the field.
1.) The Security+
Let me start off by saying, I don't actually like CompTIA all that much and it frustrates me that they are at the epicenter of all things IT; however, in this case the certificate has something more then that. In this case it acts as functionally a language primer. The Security+ by and large includes all the key words that you need to know if you're going to walk into an interview. It isn't perfect and it won't cover everything, but if you want to talk about Cybersecurity the domains it covers are basically the things you need to know how to talk on. Please do not tell me that you program in wireshark, it hurts me.
Great you say, but that sounds really expensive and where am I going to find the time for that? As for finding the time I have no clue, but it's not actually that expensive. My most recommended course is only 10~$ at the moment and if that doesn't suit your fancy then the alternative is free (if a bit dry)
Professor Messer - Free training on Security+, A+, Network+, and some nifty Microsoft Certs. It's free and it's hours of content and he does live sessions every now and then.
Mike Meyers - Udemy - This one is the 10$ one I was talking about (ignore the X amount of time left thing, udemy just does that). But in terms of the "CompTIA" guy, this is my go to. On top of that Mike is more then happy to point out when CompTIA puts something on the test purely to have it on the test.
The actual exam objectives - Again, I do not care if you actually take the exam but this thing acts as functionally a Rosetta stone to the industry. If there is a word on here you don't understand, I would study up on it. You should be able to skim over every objective here and have a rough idea of what they mean.
Cybrary - This used to be free, but like all good things that has come to an end. Either way if you want to take a peak at it, I think they let you see a few videos for free before they start asking for cash.
2.) Blue Team, Red Team, Operations or Governance
Cybersecurity BY AND LARGE can be broken up into 4 distinct areas.
- Blue Team - This is often also called Incident Response or Security Operations Center (SOC). More then likely you'll have conversations about forensics and malware analysis. These are the guys who watch the firewall logs and figure out if what they saw was bad or not. You're going to hear the word "SIEM" a lot if you want to step into this line of work. Think of a SIEM as a giant dashboard where every other security event is fed into.
- Red Team - This is your traditional "Hacker" roll. But unlike hollywood, 90% of your time will actually be spent doing paperwork and getting the "Rule of Engagement" ironed out. You'll hear talk of pentesting, and this is the team that's usually running Shodan.io, Nessus, or Metasploit in the environment. Most of their work is to prove that the business is vulnerable so the business can patch it. This can also be the field with the least technical skills (and some of the most). A lot of pentesting can be purely physical and learning to use pyschology.
- Operations - These are the guys that are actually making sure all the tools actually run. If you like looking at firewall configurations or standing up servers but want to do it with security in mind, the operations side of the house is probably the best place to do that.
- Governance - These are the folks that actually write the procedures and work with the buisness to come up with rules. When your ISO 27001 audit or HIPPA comes in these are the folks making sure that all the i's are dotted and the t's are crossed. Again some of this can end up being very non technical as a lot of the job involves negotiating with the business and convincing them of A or B.
3.) Know your ports and other useless knowledge you'll have trivia about
- Port 20, 21 - FTP
- Port 22 - SSH
- Port 23 - Telnet
- Port 25 - SMTP
- Port 53 - DNS
- Port 67 & 68 - DHCP
- Port 69 - TFTP
- Port 80 - HTTP
- Port 88 - Kerberos
- Port 110 - POP3
- Port 123 - NTP
- Port 137 - 139 - Netbios
- Port 389 - LDAP
- Port 443 - TLS / SSL
- Port 445 - SMB
- Port 3389 - RDP
- Binary and Hex
- If, Then, When, For, string, int, arrays, and other common programming structures
- It never hurts to understand SQL. At the very least know what SELECT * FROM Table_name would do .
4.) Certs that are useful and useless
This I have found depends entirely on what part of Cybersecurity you are getting into. A CySA+ may be nifty on a blue team but worthless to an operations team. So lets get the useless ones out of the way
A+ - Worthless and filled with outdated esoteric knowledge. Great for best buy's geek squad and that's about the limit of it
Most of CompTIA's stuff. Save the Security+ there really isn't much from CompTIA that comes on as "heavy Hitting"
Most Vendor Certificates. I'm talking AWS, Azure, Splunk, whatever else. They are handy but it's never been the deciding factor in a hiring decision I've been a part of.
The Certified Ethical Hacker - If I ever wanted an expert on NMap I might consider this a useful cert, otherwise it can spend time with the CySA+, Pentest+ and other mid range cousin certs.
Now what will get people's attention
- SANS Certificates - Pretty much the defacto standard when it comes to blue team cert
- Remember how I said MOST vendor certs, well I didn't mean all of them. Some are actually incredibly useful
- Red Hat Systems Administrator
- CISSP - The so called "maangement" cert. Note you need 5 years of "cyber experience" but ISC(2) seems to have some super vague ideas on what counts as experience. Technically being a mall cop falls under the physical security domain.
5.) Keeping up with the news
You know what surprises me in interviews? How few people realize how to keep track of news in Cybersecurity.
6.) Your local Bsides
Almost every town has a local bsides. Like mine here is Bsides Chattanooga. Think of these guys like your local group of Cybersecurity folks. If you're looking for folks to talk to that like the same things you do and can give you tips and hints on where to get leads they're awesome to check out.
There's also a ton of conferences that after the conference is over, will post the videos online. Look for dirt cheap IT Conferences around your area, they usually want ~ 100$ as a cover charge and will have a few speakers. You get some lunch, but the bigger opportunity is to talk to people and see who's hiring. Cybersecurity folks usually aren't allowed to go on their own to career fairs, HR gets all upset with us when we go outside. So we show up at conferences to recruit and
Cyberfire is another little conference that's not super expensive that can be a great way to network.
7.) Know the tools
It can be hard to be involved in security if you don't know what the tools are, and boy howdy are there a lot of tools. It's a great deal more then just an "anti virus" software. These days you need
- Firewalls (Palo Alto, Checkpoint, Cisco, Untangle (if you're looking for free)
- IDS (Zeek, Suricata, Snort)
- SIEMs (Splunk, Arcsight, QRadar)
- EDRs (Crowdstrike, Fireeye's HX, Carbon Black)
- Asset Management (Spiceworks, Service Now, Absolute)
- Github, Bitbucket for code
- Password vaults (Lastpass, Keepass, Cyberarc)
- ESS's (the new buzzword for anti virus) - Your ESET, Symantecs, mcAfee's etc.
- Kali Linux for Pentesting
- Security Onion for playing around with blue team tools
- SIFT from SANS for digital forensics
- VMware and Docker.
- F5's and Load Balancers
- Infoblox and DNS Solutions / DHCP Solutions (When in doubt play with Bind)
- Ida Pro of Ghidra for reverse engineering
- Axiom, FTK, Encase - For digital forensics gathering
- The Sysinternals Suite
- Play with a Linux distro at least once in your life
8.) Other Resources
Countless Youtube Channels
Keep an eye for