So you want to do Cybersecurity (Part 2)

 So, 

As I do more interviews for incoming analyst, I discover more and more that I don't think people realize the literal mountain of resources that are available to them when it comes to Cybersecurity. It's not to put anyone down, in honesty, until I got into the field I would not have known about half of the free stuff out there aimed purely at helping you learn about Cybersecurity. So I want to do what I can to turn over as many of the resources that I know about so that you can get your start in the field. 

1.) The Security+ 

Let me start off by saying, I don't actually like CompTIA all that much and it frustrates me that they are at the epicenter of all things IT; however, in this case the certificate has something more then that. In this case it acts as functionally a language primer. The Security+ by and large includes all the key words that you need to know if you're going to walk into an interview. It isn't perfect and it won't cover everything, but if you want to talk about Cybersecurity the domains it covers are basically the things you need to know how to talk on. Please do not tell me that you program in wireshark, it hurts me.

Great you say, but that sounds really expensive and where am I going to find the time for that? As for finding the time I have no clue, but it's not actually that expensive. My most recommended course is only 10~$ at the moment and if that doesn't suit your fancy then the alternative is free (if a bit dry) 

Professor Messer - Free training on Security+, A+, Network+, and some nifty Microsoft Certs. It's free and it's hours of content and he does live sessions every now and then. 

Mike Meyers - Udemy - This one is the 10$ one I was talking about (ignore the X amount of time left thing, udemy just does that). But in terms of the "CompTIA" guy, this is my go to. On top of that Mike is more then happy to point out when CompTIA puts something on the test purely to have it on the test.

The actual exam objectives - Again, I do not care if you actually take the exam but this thing acts as functionally a Rosetta stone to the industry. If there is a word on here you don't understand, I would study up on it. You should be able to skim over every objective here and have a rough idea of what they mean. 

Cybrary - This used to be free, but like all good things that has come to an end. Either way if you want to take a peak at it, I think they let you see a few videos for free before they start asking for cash. 

2.) Blue Team, Red Team, Operations or Governance

Cybersecurity BY AND LARGE can be broken up into 4 distinct areas. 

  • Blue Team - This is often also called Incident Response or Security Operations Center (SOC). More then likely you'll have conversations about forensics and malware analysis. These are the guys  who watch the firewall logs and figure out if what they saw was bad or not. You're going to hear the word "SIEM" a lot if you want to step into this line of work. Think of a SIEM as a giant dashboard where every other security event is fed into. 
  • Red Team - This is your traditional "Hacker" roll. But unlike hollywood, 90% of your time will actually be spent doing paperwork and getting the "Rule of Engagement" ironed out. You'll hear talk of pentesting, and this is the team that's usually running Shodan.io, Nessus, or Metasploit in the environment. Most of their work is to prove that the business is vulnerable so the business can patch it. This can also be the field with the least technical skills (and some of the most). A lot of pentesting can be purely physical and learning to use pyschology. 
  • Operations - These are the guys that are actually making sure all the tools actually run. If you like looking at firewall configurations or standing up servers but want to do it with security in mind, the operations side of the house is probably the best place to do that. 
  • Governance - These are the folks that actually write the procedures and work with the buisness to come up with rules. When your ISO 27001 audit or HIPPA comes in these are the folks making sure that all the i's are dotted and the t's are crossed. Again some of this can end up being very non technical as a lot of the job involves negotiating with the business and convincing them of A or B. 
 Never let anyone tell you that non technical people aren't in Cybersecurity. Most of the people that make cybersecurity run aren't technical, they're the ones making sure the business gives the technical people what they need. It doesn't take a genius to run a nessus scan and know that red is bad, but it can take some serious charisma to convince a business they need to do something about it. 

3.) Know your ports and other useless knowledge you'll have trivia about

  • Port 20, 21 - FTP 
  • Port 22 - SSH 
  • Port 23 - Telnet
  • Port 25 - SMTP 
  • Port 53 - DNS
  • Port 67 & 68 - DHCP 
  • Port 69 - TFTP 
  • Port 80 - HTTP 
  • Port 88 - Kerberos 
  • Port 110 - POP3 
  • Port 123 - NTP 
  • Port 137 - 139 - Netbios
  • Port 389 - LDAP 
  • Port 443 - TLS / SSL 
  • Port 445 - SMB 
  • Port 3389 - RDP
These are just a few of the key ones, I tried to highlight the one's you're likely going to get asked about, but as standard ports go, this is pretty much the run down. Don't worry about DHCP too much even I had to glance over to double check that one. 

You need to understand the "TCP Model" and how it relates to the OSI model. Please note, no one on the planet earth actually uses anything above Layer 4 of the OSI Model, but none the less it comes up in interviews so you know, have an idea what it is. It's the key to understanding why one switch may be layer 3 and one switch is layer 2. 

You should have a functioning understanding of Windows. You should understand that Windows has a registry that acts like a big configuration file. You should probably at least know what "exe" stands for and understand or have heard of something called powershell. You'll want to understand what the process monitor looks like and that there is a logging system within windows. 

You'll want to know what DNS and Active directory are, and boy howdy do I have the videos for you


Trust me when I say those two videos are some of the absolute best videos to explain what those two things are. 

You need to understand "Crytography" and the difference between Encryption and Hashing. I personally would suggest having a handle on the difference between Symmetric and Asymmetric encryption. The Public Key Infrastructure (You know certificates like this one:) 


Are what makes the modern internet go. I'm not going to pretend this is easy to pick up and understand. As things go there are still some more esoteric elements of TLS that throw me for a loop from time to time. But understanding why that thing is there is pretty important to understanding a lot of cybersecurity and encryption. 

MD5, Sha1, Sha2 [Which is Sha256, Sha512, etc]. Are things you're going to hear in a cyber security career 

ISO 27001, HIPPA, ITIL, PCI, FISMA. These are all massive guides on how to run a secure infrastructure based on the industry you are in. You will at some point in Cybersecurity run into one of these I swear to you. You can not avoid these frameworks, so you should at least hold a passing familiarity with their existence. 

Zero Trust, Assumed Breach, Security Onion - All core concepts in the "new" era of cybersecurity and something you should weigh and consider. 

And for the love of all that is holy you should understand at the very least the fundamentals of 
  • Binary and Hex 
  • If, Then, When, For, string, int, arrays, and other common programming structures
  • It never hurts to understand SQL. At the very least know what SELECT * FROM Table_name would do . 

4.) Certs that are useful and useless

This I have found depends entirely on what part of Cybersecurity you are getting into. A CySA+ may be nifty on a blue team but worthless to an operations team. So lets get the useless ones out of the way 

A+  - Worthless and filled with outdated esoteric knowledge. Great for best buy's geek squad and that's about the limit of it

Most of CompTIA's stuff. Save the Security+ there really isn't much from CompTIA that comes on as "heavy Hitting" 

Most Vendor Certificates. I'm talking AWS, Azure, Splunk, whatever else. They are handy but it's never been the deciding factor in a hiring decision I've been a part of. 

The Certified Ethical Hacker - If I ever wanted an expert on NMap I might consider this a useful cert, otherwise it can spend time with the CySA+, Pentest+ and other mid range cousin certs. 

Now what will get people's attention

Blue Team 

  • SANS Certificates - Pretty much the defacto standard when it comes to blue team cert
Red Team

  • OSCP 
Operations 
  • Remember how I said MOST vendor certs, well I didn't mean all of them. Some are actually incredibly useful 
    • Cisco 
    • Microsoft
    • Red Hat Systems Administrator 
Governance 
  • CISSP - The so called "maangement" cert. Note you need 5 years of "cyber experience" but ISC(2) seems to have some super vague ideas on what counts as experience. Technically being a mall cop falls under the physical security domain. 
  • PMP 
When in doubt of atrocious ways to spend your organizations training budget, consult the Chart. I personally do not believe in certificates. I find them to be money grabs; however, some folks seem to like them, especially HR. If you want to pad a resume, throw these things in there for sure. 

5.) Keeping up with the news 

You know what surprises me in interviews? How few people realize how to keep track of news in Cybersecurity. 

Reddit 

  • /r/netsec
  • /r/blueteamsec
  • /r/malware
  • /r/sysadmin
  • /r/networking
Hacker News, Slashdot, Twitter (I even have a premade list for you). Security Affairs , krebs on security

There's some great podcast like 
Countless Discord Channels
Every major company that works in security usually keeps a blog. It's a great thing to drop in on those every once and a while. 

6.) Your local Bsides 

Almost every town has a local bsides. Like mine here is Bsides Chattanooga. Think of these guys like your local group of Cybersecurity folks. If you're looking for folks to talk to that like the same things you do and can give you tips and hints on where to get leads they're awesome to check out.

There's also a ton of conferences that after the conference is over, will post the videos online. Look for dirt cheap IT Conferences around your area, they usually want ~ 100$ as a cover charge and will have a few speakers. You get some lunch, but the bigger opportunity is to talk to people and see who's hiring. Cybersecurity folks usually aren't allowed to go on their own to career fairs, HR gets all upset with us when we go outside. So we show up at conferences to recruit and get drunk 

Cyberfire is another little conference that's not super expensive that can be a great way to network. 

7.) Know the tools 

It can be hard to be involved in security if you don't know what the tools are, and boy howdy are there a lot of tools. It's a great deal more then just an "anti virus" software. These days you need

  • Firewalls (Palo Alto, Checkpoint, Cisco, Untangle (if you're looking for free) 
  • IDS (Zeek, Suricata, Snort) 
  • SIEMs (Splunk, Arcsight, QRadar) 
  • EDRs (Crowdstrike, Fireeye's HX, Carbon Black)
  • Asset Management (Spiceworks, Service Now, Absolute) 
  • Github, Bitbucket for code 
  • Password vaults (Lastpass, Keepass, Cyberarc) 
  • ESS's (the new buzzword for anti virus) - Your ESET, Symantecs, mcAfee's etc. 
  • Kali Linux for Pentesting
  • Security Onion for playing around with blue team tools
  • SIFT from SANS for digital forensics
  • VMware and Docker. 
  • F5's and Load Balancers
  • Infoblox and DNS Solutions / DHCP Solutions (When in doubt play with Bind)
  • Ida Pro of Ghidra for reverse engineering
  • Axiom, FTK, Encase - For digital forensics gathering 
  • The Sysinternals Suite 
  • Play with a Linux distro at least once in your life

8.) Other Resources

Countless Youtube Channels 

And I promise you guys, this isn't even starting to scratch the surface. There is so much stuff for Cybersecurity but I've learned to even start looking for it, you have to know what you're looking for. If you want a career in Cybersecurity I can't stress enough that at least some of these things on this list you should at some point consider,  even if it's only to listen to a few podcast or check out a few subreddits. 

Play a few Capture the flags like Hack the box or Splunk's Boss of the SOC

Keep an eye for 

Books I recommend
- Windows System Internals - A read so dry it would soothe a fraternity

Good luck, and if I stumble into more resources that I can share I'll definitely send them your way. 

Comments