What should I learn to provide a strong foundation for my Cyber Security career?
While “Cyber Security” is often considered a specific focus within IT, the connotations underlying this term are very broad and not always technology focused. Information is the key – and securing that information takes strong practices in Confidentiality, Integrity, and Availability.
An individual intending to pursue a career in Cyber Security would do well to understand: 1) Technology Fundamentals; 2) Their own strengths & interests.
Of course, and individual can get into a career without expertise. People fall into roles all the time. A strong understanding of technology basics is integral to a prolonged successful cyber security career, though.
Understanding the basics of concepts like Networking, Operating Systems, and Basic IT Services lets an IT Professional grasp how technologies are “supposed” to behave. An IT professional’s job is typically to ensure that technologies function.
Cyber Security professionals must expand on these foundations, still understanding technologies’ intended behaviors, and ensure that the technologies only do what they were intended to do – nothing more. So, a Cyber Security Professional’s job would be to ensure that technologies function securely. Cyber Security Professionals apply baselines, recognize anomalies, tie technology implementations back to policy requirements, etc…
While the suggestions below are not comprehensive, they represent a good starting point for any Cyber Security Professional.
Understanding network fundamentals is crucial to many aspects of Cyber Security work. A firm foundation in TCP/IP (focus on IPv4 initially, then move to IPv6 later) will be built upon in a Cyber Security career in the areas of secure communications, threat intelligence, network security technologies (Firewall, IDS/IPS), host discovery/enumeration (as part of vulnerability management or penetration testing), and other areas.
Basic IT Services
Basic IT Services include protocols like DNS, DHCP, File Shares, & Printer Services. I would also include services like FTP/SFTP/TFTP, SSH/Telnet, SMTP, Web Services (IIS, Apache), and maybe even services like SQL, RDP, Kerberos, and other higher level/complexity services that make up the majority of the technical landscape.
Each of these services has a job to do, and understanding the intended job of a service or protocol, a Cyber Sec Pro can then lock down access to or capability of a service, enumerate services on hosts in search of vulnerabilities, define baselines for anomaly detection, pair environment activity with threat intelligence in threat hunting exercises, and focus high availability/failover/redundancy efforts on critical services.
A strong background in operating systems is crucial to expanding into a Cyber Sec profession. A Cyber Sec Pro should be able to maneuver the GUI and command line of Windows, Linux/Unix, MacOS, etc… as well as be able to understand file system structure and basic functionality and differences of each OS.
Each of these OS’s is vast in capability, so being familiar with them lets a Cyber Sec Pro be able to harden an operating system, export system logs to log repositories for event correlation, discover & mitigate vulnerabilities, enable/disable services as needed, recognize anomalous behavior, design secure topographies, and analyze the OS as part of an incident response or forensic capability.
Personal Strengths & Interests
Your personal strengths and interests play a huge part in a prolonged, successful Cyber Security profession. Many areas of this profession are tedious, time consuming, and can lead an individual to burnout. So, taking a career path that aligns with your strengths and interests can help minimize frustration and potential burnout.
In past decades, most Cyber Sec Pros start out as IT Professionals – with a keen interest in technologies. The Cyber Sec world has tons of technical opportunities to hold a technologist’s interests.
Network Security Engineers, Threat Hunters, Penetration Testers, SOC Analysts, and Incident Response Teams all spend a significant amount of their daily routines working in technical aspects of the industry. And since technology changes so quickly, those roles must continue technical education to maintain awareness of current technologies and how those technologies affect their roles and businesses.
An often-overlooked area in Cyber Security is process development. Yes, technology makes up a huge percentage of what we do – but the use of technology in a repeatable, dependable, and anticipatory manner requires detailed processes.
Remembering the tedium of many Cyber Security roles, employee attrition should be expected. So, processes should be used to drive day to day activities whenever possible. SOC teams, Vulnerability Management Programs, Configuration/Change Management Programs, Contingency Plans, Incident Response capabilities, and Risk Management Strategies are all areas where an individual strong in Process development can thrive.
The saying goes, “If it isn’t documented, it never happened.” Security teams SHOULD live out of their documentation – tightly interwoven with Configuration/Change Management practices. Day to day activities should often refer directly to documented processes – go “by the book.” Often very tedious, very detailed, and difficult for typical IT professionals to maintain, Security documentation is (somewhat arguably) as important as the deployment of the technologies themselves. Documentation is made even more critical in industries with heavy compliance or regulatory requirements.
Information System Security Managers/Officers typically carry the heaviest burdens regarding the maintenance of Security documentation. However, roles like Security Control Assessors, Auditors, Change Managers, Security Architects, System & Information Owners, and even technical roles like Penetration Testers & Security Engineers share the documentarian responsibility. Individuals that thrive in turning mass chaos into structured order will find themselves at home in these roles.
All individuals in the enterprise hold security responsibilities. However, a security-focused career is not necessarily for everyone. If Cyber Security holds your interest, or you find that you have strengths in some of the areas discussed in this article, this field can be a very fulfilling, lucrative, and a never-ending-journey’s-worth of a career. The field shows no signs of stopping, so taking the time to shore up technological foundations will support a Cyber Security Professional’s prospective roles.