Want to know how to land your first job in Cyber Security?
After 25 years of working in IT an Infosec, I've found that you need to choose one of these three choices if you are looking for your first entry level job.
3 paths that you need to pick from:
1. Offensive Security
2. Defensive Security
3. Security Auditing
I'm not saying these are the "only" routes that you can take, but I'm narrowing them down into these 3 categories. Let me explain.
For someone getting into Cyber Security, the playing field is very large. Knowing where to start, who to talk to, and which direction to go can be very overwhelming and can tend to scare people away.
Choose a path and develop skills around one of these specific paths and it will set you apart from others who are trying to break into this field.
Let me give you a brief of each path.
1. Offensive Security
Penetration Testers (often called Red Team) are the offensive players in security. They find vulnerabilities, holes in networks, bugs in applications, and basically try to find vulnerabilities before the bad guys do. The risk of vulnerabilities is communicated to the business, as well as advising on mitigation techniques and helping them understand the possible impact.
If you choose Offensive Security, you need to setup labs and learn industry standard tools such as (but of course not limited to) Nmap, Kali (Openvas, Metasploit, other tools within). Learn to use know how to use these tools inside and out. For application penetration testing, learn what OWASP is, learn how to use Burp (by Portswigger) and study the OWASP testing guidelines. These things by themselves do not make you a penetration tester, but if you dive into these tools, learn how they work and the language around them, you will have a great head start as a penetration tester. All of the tools I listed above are free.
2. Defensive Security
Defensive Security (Blue Team) is of course the defensive side of security. Learn how to watch for anomalies, detect intrusions, etc. This type of work typically consists of working with in a SOC (Security Operation Center), where you will be part of a team helping protect digital assets.
If you chose Defensive Security, start diving in by learning network packets. Learn how to "read the wire", meaning using tools such as Wireshark and being able to break down packets and understand them. Learn about different SIEM (Security Information and Event Manager) solutions. I also started years ago by installing tools such as SNORT, OSSIM, OSSEC, and others. Get familiar with what Splunk is. This won't make you a pro, but it will give you the knowledge, language, and some know-how of blue team.
3. Security Auditing
I will be talking about this is my next video
Those aspiring to get into this field, reach out to me for help or advice.
Those already in the field, please chime in.
#cybersecurity #informationsecurity #infosec
Негізгі бет How to get into Cyber Security | Penetration Testing | SOC Analyst | GRC | Career Training
Пікірлер: 13