Introduction
Today, Cyber Security is one of the hottest (if not the hottest) industries. In the last decade, we have seen security incidents on the rise and become more sophisticated in nature. This exponential growth and complexity of the attacks will only continue as we move into the next decade.
The challenge that most organizations have is that they can’t get their arms around what they need to protect their sensitive data and other assets from hackers.
Right now, there is a huge demand for Cyber Security professionals but there are not enough qualified people to fill those roles. In this article, I will discuss the steps to take to become a Cyber Security Professional.
Learn the Fundamentals of Information Technology
This is a critical first step. Having a solid foundation in Information Technology is key to understanding how different IT systems work which in turn helps you better protect them from hackers. If you are a newbie, you should focus here first. For those that are seasoned IT professionals, you might be able to skip this step and go straight into cybersecurity.
You don’t necessarily have to be an expert in Information Technology but you need to have a solid understanding of the following:
Operating Systems: Knowledge of Windows and Linux (especially Linux) are key. Having basic systems administration skills ranging from how to install an OS to configuration of various server roles go a long way.
The reason Linux is so important is that everything nowadays runs Linux under the hood. So having a solid understanding of Linux will help you down the road.
Recommended Training & Certifications:
Virtualization/Cloud: I would also understand virtualization platforms like VMware or Hyper-V and how these work. Virtualization is a fundamental skill because every company has a virtualized infrastructure.
Virtualization is the foundation of public cloud platforms like AWS, Azure, and GCP. With more and more organizations leveraging the public cloud. It’s also important to understand how to use public cloud platforms.
Recommended Training & Certifications:
Networking: You need a solid understanding of networking in order to be a Cybersecurity professional. How does a LAN compare to a WAN? A basic understanding of concepts like Ethernet, IP, TCP/UDP, ARP, and Routing Protocols and how they work will give you a good idea of how computers and applications communicate on a network. Also, understanding network services like DNS, DHCP, NTP, and SNMP.
Recommended Training & Certifications:
Learn the Basics of Programming and Software Development
If you are a software developer then you can skip this part. But for the rest of us, basic programming knowledge is a key component to learn in order to become a cyber security professional.
You don’t have to become a full-blown software developer but a fundamental understanding of how software works will help you be that much more well-rounded.
For a language to learn, I would pick Python. It is fairly easy to read and learn. I think a good goal should be to be able to read and understand some basic programs. If you can write some small programs even better. You should have a solid understanding of conditional statements, loops, functions, and classes which will help you understand how software is architected.
Once you understand the basics of python programming you’ll better understand software bugs and the importance of software testing and how it impacts security.
At some point as you become a more experienced Cyber Security Professional the ability to read source code and write your own security tools can become handy.
Recommended Training & Certifications:
Learn the Fundamentals of Security
From a security standpoint, it’s good to understand the basic terminology of security, like hacker, script kiddie, virus, trojan, worm, DoS attack, Man in the Middle Attack, etc.
Also, understanding the key components of security like firewalls intrusion systems, endpoint security, email, and web security.
Having a basic knowledge of cryptography and encryption is important. How to protect data at rest versus in motion? How Certificates can enhance security on the network.
Learn Ethical Hacking (Offensive)
There are two key elements you need to focus on once you have a solid foundation on security. First, you need to understand Ethical Hacking or Offensive based security which we’ll focus on here but there is also Cybersecurity or Defensive based security as well.
Ethical Hacking teaches you to be a white hat but instead of using that knowledge for a nefarious purpose, you can use that knowledge to help protect businesses and other organizations from the black hats.
In order to better understand how a hacker thinks it’s a good idea, start thinking like one. To do that you need to start immersing yourself in their world. Because what makes security so interesting from general IT is the fact you are dealing with the human element. So understanding human psychology is just as important as technology.
In my opinion, to make you the most well-rounded security professional is important to understand how to be a hacker in order to better protect your organization’s assets. When you understand not only how they think but the tools and techniques they use it will make the next section easier to understand and implement. Plus, you will learn so much about how things work it will make you more of a well-rounded IT professional.
Recommended Training & Certifications:
Learn Cyber Security (Defensive)
When you understand ethical hacking and offensive security you can start moving into cybersecurity and defensive-based security. Topics in Cyber Security range from implementing the products, tools, and solutions but also its deafening policies and processes on how to handle specific incidents.
A company has to define a security policy in order to create the processes that need to be in place if there is a security breach. This is more of a business and risk management area that typically is put in place at a business level.
Once you have a good security policy in place you can start implementing the products and solutions that will be needed to secure your environment based on that policy. Then use various tools to help protect the environment and provide defense in depth strategy.
There is a lot here that can be learned here. This is where all the pieces from a knowledge standpoint start coming together. With each step, you build upon the previous.
Recommended Training & Certifications:
Act The Part
As you continue to immerse yourself in the topics of security you will move from a professional to an expert in very little time. The theory is great but the hands-on experience you will get will make you that more valuable.
Read Blogs, and go to security conferences like Black Hat and security user groups. This will allow you to start building a network in the process and even your brand and authority in this topic if you decide to participate. These things can be huge over time.
Build a lab or use an online lab to test. Play Red and Blue team exercises. Security is a rapidly evolving area and it’s important to keep up to date on the latest trends and threats.
As you continue to immerse yourself you will become an expert in very little time.
Conclusion
This is just a general guideline on how to become a cybersecurity professional and by no means is it an exact science. Everybody’s journey into the cybersecurity field is a bit different but there is one thing in common. Going into the cybersecurity field requires an individual that is dedicated to lifelong learning.
Cybersecurity is a fascinating field and there is a huge opportunity for those that want to go down that path. Cybersecurity roles will continue to grow because of our dependence on technology.
