GETTING STARTED IN CYBER SECURITY (PRO'S CAN SKIPP)

GETTING STARTED IN CYBER SECURITY

With the increasing hype of hackers and there incredible cameos in the movies and series, every computer enthusiast would be mad excited to know more and more about hackers and their contribution in the cyber world. Before actually knowing what cyber security is and how to get started, let's have a look at the crazy growing field and job opportunities in cyber security. Not digging that deep, but it’s good to know that the employment rate for the cyber security jobs has marked the rise of 33% with 16,300 openings each year on average which is much faster than the average of other occupations. As we can see the rise is because of the increasing curiosity among the youth, the insanely increasing cyber attacks which is eventually leading to the shortage of skilled professionals in this field.

 Before starting in cyber security I always used to google questions like what tools are needed to get started in cyber security? Is programming a necessary skill to pursue a career in cyber security? What would be the best certifications for beginners in cyber security? Is it really possible to earn money by hacking websites? And many more which clearly states that, I wasn’t having an actual idea about cyber security and its domains, and I guess most of the people go through the same before getting started in cyber security.

So let’s cut to the chase and move to the part where we’ll know the exact activities about what hackers do behind their hoods?

CYBER-SECURITY In simple words can be explained as - Every electronics that you hold i.e Your smartphone to your smart refrigerator everything with a code needs the security so it won't be able to spill out your secrets (i.e passwords, private-information, crucial data etc) that easily.  In more simple terms Cybersecurity means to provide security and protect your digital devices. 

As it includes many career options like - A bug-bounty hunter, working in defensive or offensive cyber security team, Cyber forensic expert, Penetration tester, web-application security expert and many more. 

As for now it would seem really difficult to understand and digest but Don’t worry, at the end you won't be that confused.  Cyber security is one of the immense domains, so when we say I want to pursue a career in cyber security I have to be clear with which domain I am interested in. Let's go through the small mind map to understand the widely spread cyber security and its domains.

Before going deep, Let’s start with the question that matters a lot according to me is - How and Where to start in cyber security ?  The Internet is one of the best ways to start and indulge yourself in self learning and start focusing more on markup languages, coding-basics, basic web application security pentesting knowledge and many more words you find while browsing the internet. But having access to this much information can sometimes be more confusing than helping so now what exactly should be done? 

I’ll be listing some of the free courses at the end of this blog that would exactly help you get started in cyber security and explore the domain you are interested in.

Okay so moving to the part where I can help you get a sneak peak into the working world of cyber security and a roadmap of how to get into it.

TOP DOMAINS IN CYBER SECURITY INCLUDES:

1. SECURITY MANAGEMENT: (aka Security Manager)

• Planning and developing the security strategies of the company.

• Building KPIs. 

(KPIs → Key performance indicators (KPIs) are measurable values demonstrating how effectively an organisation achieves its key business objectives.)

• Hiring the staff for onboard projects

• Building a security budget and tracking down the success of the company each day.

TOP - Certifications to up skill your career as security management

• CERTIFIED INFORMATION SECURITY MANAGER (CISM)

• CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL ARCHITECTURE (CISSP)

• CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL

(CISSP)

• CERTIFIED INFORMATION SYSTEMS AUDITOR (CISA)

2. IDENTITY AND ACCESS MANAGEMENT:

• Identity and access management (IAM) is a collective term that covers products, processes, and policies used to manage user identities and regulate user access within an organisation.

• It is majorly divided into the 4 components which includes:

• Password management tools.

• Provisioning software.

• Security-policy enforcement applications.

• Reporting and monitoring apps and Identity repositories.

3. SECURITY ENGINEERING:

As we all know that NETWORK is considered as the backbone strength of the organisation's security. So the most interesting part of security engineering comes here where the engineers actually work towards securing networks which includes the network designing, secure application development, access controls, security architecture design and many more. 

 There work mostly focuses on :

• Focusing more on the configuration of security controls in network devices of the organisation.

• Identify and defining the system’s security requirements

• Design and develop more and more efficient security architecture and cyber security designs which helps in securing the overall network.

• Documenting the standard operating procedures and protocols.

• Developing more reliable and good technical solutions and discovering the more powerful security tools to help mitigate security vulnerabilities and automate the whole security process.

• Keeping up with the trends so that the organisation never fails to respond as quickly as possible incase of any security incident.

If this interests you and makes you a little curious about how to take your  1st baby step towards developing your career as a security engineer then you should definitely try out the below certifications. 

• CCNA Routing & Switching training.

• CISO (Chief Information Security Officer)

4. SECURITY OPERATIONS: 

This is where all actions are executed, So basically SOC → The security operation centre comes into action when it’s time to  check and monitor each and every action of the event and to take effective steps to prevent any future cyber attacks. SOC’s are generally responsible to handle and take effective measures in preventing and finding the loopholes that can lead to future cyber attacks and damage the infrastructure of an organisation.

So the security operation domain includes literally everything right from how the cyber attacks are caused to its prevention; everything is measured and monitored by security operation centres. It also comes under the cyber forensic studies where they monitor the network device to identify how, when and what caused the cyber attack. Their steps is to carry out the vulnerability assessment where they test the devices or applications to study them and to find out the vulnerabilities and lastly when they are successful in finding one, the vulnerabilities are patched and made sure that the organisation system is safe from the future cyber attacks. 

To put in simple words, if you want to start working as a  Security analyst you would need to focus more on Vulnerabilities assessment and penetration testing where you’ll learn the top attacks and their mitigations, Secondly need to be strong with the incident response and detection-process. 

SOUNDS AMAZING RIGHT, SO NOW WHAT? 

The most amazing certifications to make you a pro in SOC team are:

• Certified SOC ANALYST

• Comp Tia Security+

• CompTIA's CySA+ (Cyber security Analyst)

• Certified Ethical Hacker

• Certified in Risk and Information Systems Control (CRISC)

• Certified Information Systems Auditor (CISA)

 

5. CRYPTOGRAPHY WORLD:

Cryptography is the most exciting thing in the cyber security world. And I guess every security enthusiast struggles a little harder while working on cryptography. So basically before getting into cryptography. 

Let’s understand a small mind map.

Now, Let’s understand it in better way:

This is the most amazing domain according to me, and if you think the same then you should try the below certifications:

• EC-Council Certified Encryption Specialist (ECES)

• If you want to explore more into the world of cryptography. You can check-out this amazing page where they have listed all the courses and certifications information.

6. RISK ASSESSMENT:

Ever heard people talking about the teams and hats in cyber security? Well, These fancy terms include Blue team and red team and the three types of hats (White, Black and Grey). Keeping it short and sweet  we can say good hackers are termed as White hat hackers and nasty ones (yep, the bad ones) are usually referred as the black hat hackers and the one that can manage to have skills for both are known as Grey hat hackers. 

Talking about the teams, Let’s recall the first mind-map:

RED TEAM❤️ = OFFENSIVE SECURITY, which basically includes attacking and exploiting the vulnerabilities but in an ethical manner. They are the BREAKERS of cyber security.

BLUE TEAM💙 = DEFENSIVE TEAM, We can also say that these are the SOC guys who looks after the security of the organisation and defends the red team. They are known as the FIXERS of cyber security.

Making it easy they have the skills divided for both the teams. If you want to be a part of this amazing team. You can consider the below certifications.

• EC-Council’s Network Security Fundamentals 

• Certified Network Defender (CND v2)

FREE COURSES AND TOP CHANNELS AS PROMISED. 😌

1. HACKTIFY - YOUTUBE CHANNEL (Highly recommended as they have covered everything a beginner wants.)

2. Get your basics strong with - Learn basics. 

3. Great learning is giving free certification in Introduction of cyber security to get enrolled - CLICK HERE

4. Coursera is giving free cybersecurity specialisation course - CLICK HERE

5. This article from SIMPLILEARN Best 6 Free Online Cyber Security Courses With Certifications In 2022

This was just a sneak peak into the massive universe of cyber security. There are still a lot of domains in this universe and every domain has its own speciality and opportunities to offer. 

Hope you enjoyed the blog.

Happy Learning!

Happy Growing! and 

Happy Hacking!

- Team Data Science meets Cyber Security ❤️