Today, we're going to go over the top five talents you'll need to get into cyber security. So, before I get started on the top five skills, there are a few things to keep in mind I go through these various skills, and that is that in this sector, skills and experience are absolute kings.
You can have as many credentials as you want, but if you don't have the abilities to back yourself up when you obtain a job, it'll be a steep learning curve for you to execute the work; anyway, let's get started.
1. building your own lab
there are many different ways to build a lab and the most common is to build a virtual lab, a lot of people use tools like VirtualBox or VMware to build virtual machines to then put together to either attack or defend or just to analyze logs or just her essentially learn different operating systems.
the benefit of using a virtual lab is that you have a system separate to your main system so you're not affecting your daily driver computer as such where you can sort of doing like malware analysis for example inside that virtual machine off or that Labs setup and that's a major benefit in trying to learn these different types of tools.
you can also do what I do which is to use raspberry pi's or old laptops I've got a few old laptops that I run different operating systems on and I like to do it that way because it's a bit more hands-on but a lot of people do who prefer to use different types of virtual machines, especially these days with different cloud offerings you can set up say like a Google Cloud or azure or AWS ec2 instance where you can run up a couple of different machines for a fairly low price and pay for when it's turned on so that's also a massive benefit to using one of those systems compared to having extra hardware lying around but it's mostly Down to personal preference.
2. learning the command line
if this is the command line of a switch or the command line inside Linux those are both very beneficial to learn another great one to learn that I've been trying to push more people towards recently is PowerShell. Powershell is the native Shell on Windows computers and as ill discuss a little bit later you can do a lot of different administrations house in windows with PowerShell there are also things like privilege escalation through PowerShell as well as running a WSL in Windows which is essentially the windows subsystem for Linux inside PowerShell on whatever Windows machine it is that you're using.
picking up tools like learning bash and how the kernel works as well as different programming languages that you can use within various shells is a huge point and a major advantage to working in the industry was doing your systems administration tasks, networking tasks, creating users and things like that within a Linux Shell and all of those different penetration testing tools.
it's also great to learn these different programming languages inside shells for things automation. Automating those really basic tasks that you would otherwise potentially spend a very long time doing is huge and it's a massive benefit towards trying to get a job in the industry because if you can show these skills in an interview and that's going to make you stand out against the other people who are applying to the job maybe don't have the skills yet.
3. systems administration
with systems administration, you can do things like configuring virtual machines, active directory or user management, creating web servers, and managing Mail Exchange servers. I'm not talking about like Windows or Microsoft Exchange servers there are other types of Mail Exchange servers out there and learning how to use them and how to administer them properly is going to make your profile stand out more than say other people who don't have this experience.
it's also just great to learn because apart from that you'll probably become your family and friend's local IT guy to help them with all of their issues that it's almost granted that will happen eventually, it's also just great to learn to be able to use these tools and how to push the boundaries of those tools so that you can potentially break them and learn more about penetration testing down the line.
It's also great to learn how to build these systems properly so they can be hardened properly and this works more towards the security analyst or network security analyst type roles where you are hardening and environment to make it less vulnerable to malicious intent.
4. computer networking
the most common people to get into cyber security are those who have systems admin or networking or both experience with networking it's important to learn things like TCP/IP, DNS, the various layers of networking, and essentially the networking fundamentals and things that you can do the pick up towards pushing yourself as a network security engineer.
the certification that you can get will help out with this like the CCNA and the CompTIA network plus however if certifications aren't your thing you can do self-learning to pick up these different types of skills.
5. your security
what I would like to mention in this section are things like PII or personally identifiable information, OPSEC operations security, and OSINT which is essentially where you would find that information the open source intelligence, and learn how password management works how to manage your passwords.
having a strong security posture for yourself and potentially where you're going to work is vital in cyber security jobs it's not uncommon to see a new breach essentially every single week and having password managers across your various social presence online is quite important it's really good to have that information secure just not so much just for your privacy but just to make it a little bit harder for to get into your systems.
it's not hard to look up a data breach and find a leaked password for someone's account it's very common these days and in most cases, that's how most breaches occur.
in organizations, things like phishing scams are also a major peace and having a strong security posture for your stuff personally and at work as well, of course, it's a huge point and it is vital to have as secure as possible.
for example, you wouldn't want to listen to one's name email address, and phone number on a company website because then that information can be used in an OSINT investigation to identify personal information of that particular person and maybe build out a well-structured phishing scam so if you know more information about someone then it is much easier to social-engineer them into believing what you're saying and giving you more information.
Comments
Post a Comment