Cyber Security is thought to be a difficult subject to learn, we will show you that anyone from any background can pick it up, including you! This blog post will help you get started in security, from careers to knowing where to start.
Cyber is the fastest growing industry in most areas of the modern world. Increased awareness from high-profile attacks has led to employers scrambling to hire, often outright creating security departments where previously there had been none. This has created a massive void in information security where near zero unemployment rates have made now one of the best times to join the industry. As a newcomer, you'll find that the InfoSec community is wonderful, especially if you're a self-starter and willing to learn and explore. Throughout this blog post, we'll break down how to get started and where you can go within the field.
Knowing Where to Start
Starting your journey into cyber isn't necessarily difficult, however, it's often a bit overwhelming for many newcomers. Information security is a vast field with many pockets of knowledge therein. Hacking is really a game of exposure, learning small pieces of each discipline it encompasses. One thing to know, this process doesn't involve learning and mastering each field of security, rather, just a summary and the "what can go wrong" bits.
To hack something, you first need to understand how and why it works; understanding the fundamentals is really important.
TryHackMe is a fantastic place to start and can easily accelerate your learning through the learning paths available.
Each learning path uses a guided approach to learning cyber security and includes hands-on exercises and labs, along with video guides. Starting with the complete beginner path, you'll learn the basics of linux, networking, and enumeration all the way up to hacking your first machine.
Continuing on into the offensive or defensive path, you'll explore the skills you'll need to enter a penetration testing role or a SOC Operator/defensive role within industry.
Looking for a sampling of it all while just trying out the site with free content? Check out the amazing free path. You can check out that blog post here! Link
Once you grasp the basics, we recommend you create blog posts about your experiences or a particularly interesting topic you've explored. Blog posts are a great way to solidify your knowledge and refer back to in the future should you need a refresher.
Blog posts can greatly benefit you in an interviewing process, allowing your interviewers to glimpse your expertise that may be otherwise difficult to convey within the scope of the interview itself. Additionally, blog posts can demonstrate reporting and writing skills, a critical part of the InfoSec field as communication skills can mean the difference between vulnerabilities being fixed or ignored.
Last but certainly not least, challenges can be an excellent test to your newly minted cyber chops. Challenges on TryHackMe vary from difficult vulnerable virtual machines to forensic puzzles meant to make you think outside of the box. Similar to blog posts, reporting on these puzzles can show your critical thinking skills at play. However you do it, showing off your skills and contributing back to the community is a great way to grow yourself and gain a leg up in interviews.
Cyber Security Field
Cyber consists of many subset fields, ranging from offensive to defensive and much much more. Let's breakdown a few of the areas you can go into:
Penetration Testing - This is what most people envision and often end up working in when in offensive operations. As you may have guessed, pentesters are often responsible for performing penetration tests on the environments they're set to defend. Unlike red teamers, pentesters aren't typically concerned with getting caught, rather, they're concerned about finding as many issues/paths to elevated access as possible within the time allocated. General requirements include: programming basics (you should be able to read some code), basic pentesting skills (at least for getting started), and critical thinking skills.
Red Teaming - Often confused with penetration testing, red teaming is much more closely associated with defensive work than often perceived. Red teamers often emulate APTs, advanced persistent threats, and operate at the peak of offensive sophistication. Red team, however, often ends up being clue to blue team purely as their role is to train defenders to recognize and act accordingly in the face of APTs. General requirements include: Strong programming skills, malware development, general penetration testing knowledge and so on and so forth. Red teamers have incredibly varied and specialized skillsets to fit the environment they operate in. This can include incredibly exotic devices ranging from mainframes (yeah these are still out in the wild) to medical embedded devices and much much more. Red teamers often start as penetration testers.
SOC Operator - Similar to the DFIR role (see below), the SOC, Systems Operations Center, Operator is a classical defensive position. SOC Operators man the SIEM and other monitoring systems for the environment. Have you ever watched a thrilling spy movie where one of the supporting characters is watching huge monitors where they can watch everything? SOC work is often compared to that. General requirements include: programming basics (you should be able to read some code), basic knowledge of attack patterns, and some light sleuthing skills.
DFIR - Digital Forensics and Incident Response! Think of this as your chance to be Sherlock Holmes. DFIR work is traditionally done after an attack has occurred, working to deconstruct malware or clean up an business that has been held ransom. Travel is fairly common in this field as you'll often need to visit client sites directly. General requirements include: programming basics (you should be able to read some code), basic threat actor knowledge, and the ability to work under pressure.
Cyber Security Jobs
The cyber security skills gap is growing year on year, and the need for talent has never been greater. Let's break down a few job postings and see how requirements can become goalposts to work towards.
Job Posting 1: Pentester
As we start digging into these job listings, keep in mind most items listed are a sort of wish list. Often times, candidates who would have every item listed are considered overqualified and inappropriate for the position at hand simply as the company wouldn't have the budget for that individual in that space. Let's continue to breaking down the requirements section.
- Security expertise in at least one of the following fields.... - this translates to having had experience and a small sort of specialization in one of the fields listed. Think being comfortable approaching one of these fields listed and performing a pentest on something such as an embedded system.
- Solid understands of systems-level security concepts and best practices - This is an excellent example of a more specialized pentester position wherein the environment at play is more closely associated with embedded systems. In a more general pentesting position, this would typically translate to knowledge of Active Directory.
- Code auditing skills - See my above note in the positions section regarding code literacy. This would be the step above that wherein you're comfortable reading code and recognizing issues therein.
Job Posting 2: Security Intern
Here we can see a much more basic position targeted towards those entering the field and around the high school age group. The requirements are fairly basic and usually your involvement outside of traditional schooling is where you can shine and find your way into an spot like this. Think mostly being able to speak to experience in lab environments such as TryHackMe throughout your interview and having the ability to reference defensive programs or a kill chain you may have performed.
Job Posting 3: SOC Operator
Last but certainly not least we have a excellent example of a defensive posting. This is what would usually be considered a SOC or NOC listing. Let's talk through a few of the more confusing requirements here:
- Configuration management and change control - be comfortable with adjusting security appliance configurations (firewalls, things like that)
- Communicates policies and procedures for support activities - Have solid communication skills with the ability to break down complex topics into actionable items
- Provide 1st/2nd level support by owning and addressing issues, questions, and problems - Troubleshoot and provide support ranging from basic help desk questions to more complicated security issues
- Audit and verify user and file permissions - Have a knowledge of general best practices and the ability to recognize where permissions may not be correctly implemented
Cyber Security Salary
In addition to being an educational rewarding field, cyber security can be incredibly financially rewarding as well. Here's a sampling of average incomes per role. Note, your mileage may vary, however, this is nice overview showing just how well those in the field are compensated.
- Cyber Security Analyst (Think SOC Operator) - $98,987 USD Annually
- Penetration Tester - $118,174 USD Annually
- Security Engineer - $107,993 USD Annually
Cyber Security Certifications
Certifications can be somewhat a complex topic to handle in general as their value can vary a little bit by employer. Generally speaking, certifications represent a accumulation of experience that you've gained. Sort of a proof that you know what you're doing and have the skills to back it up.
While there are many different certifying organizations, two that are recognized by most employers are CompTIA and Offensive Security (OffSec) with some of the most common and valuable certifications being Security+ and Offensive Security Certified Professional (OSCP) respectively. That being said, these vary by employer and you should ask those already in the field near you what companies recognize and seek in their employees. Additionally, you should find certifications that cover what you wish to learn and read reviews accordingly.
Cyber security is an incredibly rewarding field and now is one of the best times to be entering it. Increasing online training such as TryHackMe makes learning fun and easy. Wherever you end up in InfoSec be sure to enjoy the adventure along the way.