Cyber Security: The final frontierâŚ
This is a âstarting pointâ for anyone starting out in Cyber Security; specifically someone looking to get into Security Engineer, Network Security Administrator, or Security Analyst.
If youâre interested in hands-on security testing, check out our comprehensive penetration testing guide for beginners which covers ethical hacking methodologies and essential tools.
The OSI/TCP Model
The OSI Model gives you an idea of how information is transmitted and the process in which it occurs down to the most physical level. Most organizations, however, prefer the TCP Model. Understanding how information is transmitted is crucial for anyone looking to get into security, which is why this is literally the first thing that I have put down.
- The OSI Model: https://www.cloudflare.com/learning/ddos/glossary/open-systems-interconnection-model-osi/
- The TCP Model: https://www.guru99.com/tcp-ip-model.html
Additionally, understanding wireshark (or other packet capture tools), nmap, and network protocols in general is a really good starting point.
Information Security
Information Security, well, starts with the CIA Triad:
- Confidentiality: https://whatis.techtarget.com/definition/confidentiality
- Integrity: https://whatis.techtarget.com/definition/integrity
- Availability: https://whatis.techtarget.com/definition/availability
Information Security Frameworks
You should probably study or at least understand the concepts behind NIST and other InfoSec Frameworks. These frameworks not only provide a standard for organizations to adhere to, but they also provide a foundation for policies, procedures, and other important concepts within Cyber Security.
- NIST: https://www.nist.gov/cyberframework
- CIS: https://www.cisecurity.org/controls/
- CMMC: https://www.acq.osd.mil/cmmc/
Auditing, Compliance, and Governance
Policies and Procedures are the administrative portion of Cyber Security. Policies govern the overall security of an organization while procedures detail the steps of meeting those policies.
- Information Security Policy Design: https://resources.infosecinstitute.com/category/enterprise/governance/information-security-policy/information-security-policy-design-tips-keep-mind/
- Definition of Security Policy: https://searchsecurity.techtarget.com/definition/security-policy
- SANS Policies and Templates: https://www.sans.org/security-resources/policies/
Good rule of thumb: Policies + Procedures = Compliance.
Understanding the Threat Landscape
- Cyber Threat Landscape: https://rapidscale.net/resources/blog/blog-post/cyber-threat-landscape
- What are the Most Common Attacks: https://www.cisco.com/c/en/us/products/security/common-cyberattacks.html#~types-of-cyber-attacks
- MITRE ATT&CK: https://attack.mitre.org/
- Cyber Kill Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
- OWASP Top Ten: https://owasp.org/www-project-top-ten/
In order to know what youâre protecting against⌠Well, it helps to know what youâre protecting against. (Lol.) If you donât- itâs going to be quite difficult to pinpoint. There are many different types of attacks from various vectors and itâs imperative that you know how to detect and define these attacks.
Not only that, look up what phishing is, common malware and ransomware attacks, keep yourself up to date with breaches, and study on âsocial engineeringâ as a concept.
Security Tools and Solution Sets
- Security Gateways (Aka âFirewallsâ)
- Endpoint Protection (Aka âAnti-Virusâ)
- Email Filtering
- Data Encryption
- Mobile Device Management
- Mobile Device Security
- Site to Site VPN
- Remote User Access VPN
- Security Scanning Tools
- Cloud IaaS, SaaS, and PaaS Protections
- IoT Security
- SCADA and ICS Security
- Workload Security (Serverless, Container Security)
- Phish Test Simulations
- User Education Programs
The list could go on and on, but you get the idea. Security is not only a set of solutions, but it is also a mindset. Ideally, you should have solutions or products to fill these gaps, but ultimately, an organization is only as strong as their âweakest user.â A healthy combination of these solution sets and an educational approach is needed.
These items, for some organizations, can also lend to your area of interest within security. Some businesses with larger security teams segment these responsibilities while others expect their team members to âwear many hatsâ and understand ALL of these. There is a high demand for security professionals, but an even higher demand for such professionals that know Cloud, IoT, and other more specific fields.
Knowing Normal and Finding Evil
- Anomaly Detection: https://www.informationsecuritybuzz.com/articles/finding-unknown-threats-anomaly-detection/
- SANS Poster: https://digital-forensics.sans.org/media/SANS_Poster_2018_Hunt_Evil_FINAL.pdf
Now, that you know the basics, you can focus on finding threats. Knowing Normal and Finding Evil requires a basic knowledge of infrastructure and what native programs should be running, although, itâs more dependent on troubleshooting tactics and critical analysis than it is anything else. Another segment of this delves into forensics, though, I wonât harp on that too much as it can be considered more advanced.
More on Forensics: https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework/digital-forensics
Incident Response and SOC
- Incident Response Basics: https://searchsecurity.techtarget.com/definition/incident-response
- Incident Response Planning: https://www.securitymetrics.com/blog/6-phases-incident-response-plan
- What is a SOC: https://en.wikipedia.org/wiki/Security_operations_center
- SOC definition: https://en.wikipedia.org/wiki/Information_security_operations_center
Incident Response is the process of preparing for, detecting, mitigating, and responding to an incident. An incident is defined as a breach or attack of an organizationâs security that affects its integrity or availability and/or the unauthorized or attempted access to a system or systems.
Itâs important that the above information is understood because a large portion of Incident Response revolves around preventative measures, as well as what to do after (or if) an incident occurs. Additionally, the follow-up and post mortem components are key to building for a better tomorrow. A Security Operations Center, or SOC, is a centralized unit that deals with security issues on an organizational and technical level. Not all organizations have a SOC, though some verticals require it.
Also, if you can get comfortable with Linux and Python, thatâs a plus.
(It doesnât have to be Kali, per se.)
- Getting Started with Kali Linux: https://kali.training/lessons/2-getting-started-with-kali/
- Kali Linux Install: https://www.kali.org/docs/installation/
- Getting Started with Python: https://www.python.org/about/gettingstarted/
There is a lot to know and learn, but these are all great places to start.
Tips for applying:
- Always research the company youâre applying for. (Know their history, CEO, mission statement, breach history, etc.)
- Be up front about what you know or donât know. (Donât embellish too heavily.)
- Ask about any mentorship or junior-level programs they may have available.
- Be yourself! (Duh!)
- Familiarize with common security vendors or even try to get insight to what the company uses prior to the interview. (Donât weaponize any breach info, only use it tactfully or âas a matter of factlyâ- if applicable.)
- Acknowledge that youâre willing to learn and that âthereâs always more that you donât know.â
- Set up a testing lab at home, if possible, and use your initiative to your advantage. (Show them any projects or findings youâve been working on, if necessary.)
Other suggestions:
- Find a mentor thatâs willing to teach you
- Join Twitter and connect with Cyber Security Professionals
- Stay active on LinkedIn
- Pursue security certifications, if applicable
- Go to local (or remote) security conferences
- Subscribe to RSS Feeds and security news sites
- Contribute to the community by testing things and sharing results
- Learn and speak on topics
Good luck!