How to Get Started in Cyber Security

If you have read this article titled Wanted: Millions of cybersecurity pros. Salary: Whatever you want on CNN.com posted on Fri. (05/28/2021), you are probably wondering how you can take advantage of this golden opportunity. Unless you are a seasoned Cyber Security professional, you will find some info in this article that may be useful to you.

First, if you are already in the IT industry, ask yourself if you are a software developer, network engineer, database administrator, or a systems administrator. If you are in any of these roles, you probably have come across concepts like firewall, port, protocol, security group, encryption, code scanning or pen testing. Additionally, if you are a cloud professional, you probably have come across concepts like VPC or WAF. If you haven’t, I will include some definitions that you will find useful at the end of this article. On the other hand, if you are familiar with some of these concepts, I would say you should invest in a book or an online course on Certified Information Security Professional (CISSP). Whether you choose to become certified, I will leave that up to you. However, if you glance through the book, you will understand the overall paradigm that is covered under cyber security. For example, controlling access is only a starter, you also need to enable logging and monitoring to investigate any breach. While access control is covered under Identity and Access Management Domain, logging and monitoring is covered under Security Operations domain of CISSP. The other domains in the CISSP exam are Security and Risk Management, Asset Security, Security Architecture and Engineering, Communication and Network Security, Security Assessment and Testing, and Software Development Security. The CISSSP exam is administered by the International Information System Security Certification Consortium (ISC2).

If you are more inclined toward cloud hosted applications, check out Certified Cloud Security Professional (CCSP) exam which is also administered by the ISC2. The domains covered in the CCSP exam are Architectural Concepts and Design Requirements, Cloud Data Security, Cloud Platform and Infrastructure Security, Cloud Application Security, Operations, and Legal and Compliance. While CCSP is well respected in the cloud security industry, you can also pursue cloud service provider specific exams if you plan to work in one of big three cloud service technologies. For example, in AWS you can take AWS Certified Security specialty, in Azure you can take Microsoft Certified: Azure Security Engineer Associate (AZ-500), or Professional Cloud Security Engineer in Google. The good thing about cloud exams is that there is a fair amount of knowledge that you can transfer from one cloud servicer provider to another. Therefore, do not feel overwhelmed with the number of choices. Start with one and the future will unfold as you grow professionally.

Finally, if you are finishing college, or looking to switch career into cyber security, there is no reason to be discouraged. In fact, if you have any kind of technology experience whether installing a software or trying to connect to Wi-Fi at a coffee shop, you will begin to see those activities in a new light once you start your journey toward becoming a cyber security professional. Some of the exams that I have seen popular amongst entry level cyber security practitioners are Security+ by CompTIA and Systems Security Certified Practitioner (SSCP) ISC2. Determine if you learn better via video or in a text format. There are plenty of books on these two exams, additionally if you search the web, you will find blogs and video tutorials both free and paid to get yourself up to speed. Whether you choose video or books as your learning methods, you must be persistent because if you are new to cyber security, terminologies like Perfect Forward Secrecy may sound like a line from a mystery novel and will take time before the concepts start to make sense.

Before I depart, here are some of the terminologies that I think will give you a head start in your cyber security career journey.

Cyber Security: Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access. Cyber security may also be referred to as information technology security. (Source: digitalguardian.com).

Virus, Malware: The oldest form of malicious code objects that plague cyberspace. Once they are in a system, they attach themselves to legitimate operating system and user files and applications and normally perform some sort of undesirable action, ranging from the somewhat innocuous display of an annoying message on the screen to the more malicious destruction of the entire local filesystem. Over time many varieties of viruses have emerged including companion virus, encrypted virus, file infector virus, macro virus, master boot record (MBR) virus, multipartite virus, polymorphic virus, or stealth virus. It is important to recognize that a virus is a specific type of malware whereas a malware is a catch-all term for any type of malicious software.

Adware, Malware, Ransomware, Spyware: Once a machine has been compromised, you might see an adware, malware, spyware, or a ransomware. An adware displays advertisements on infected machines, malware performs unauthorized or unknown activities, ransomware threatens to publish victim’s data or block access to it unless a ransom is paid, and spyware transmits data to remote systems to use for malicious purposes.

Vulnerability, Vulnerability Scan: A vulnerability is a susceptibility in the IT infrastructure or any other aspect of an organization. It can also be the result of the absence of a safeguard or countermeasure or a weakness in a protection measure. Organizations often utilize vulnerability scanning tools to proactively find weaknesses that may be exploited by an attacker. Some of the other concepts that go hand in hand with vulnerability management are SCAP, CVE, and CVSS where Security Content Automation Protocol (SCAP) provides a common framework for discussion of security vulnerabilities and facilitates the automation of interactions between different security systems. Common Vulnerabilities Exposures (CVE) and Common Vulnerability Scoring System (CVSS) are components of SCAP where CVE provides a naming system for security vulnerabilities and CVSS provides a standardized scoring system of those vulnerabilities.

Agent, NIDS, HIDS: Organizations often resort to agents to defend themselves from malware and to be notified of vulnerabilities. An agent is an intelligent code object that performs actions on behalf of a user. It typically takes initial instructions from the user and then carries on its activity in an unattended manner for a predetermined period, until certain conditions are met, or for an indefinite period. While the term agent can be applied to any code object that takes actions on others’ behalf, Network Intrusion Detection System (NIDS) and Host Intrusion Detection System (HIDS) are popular agents that are used to protect assets from intruders. NIDS are installed to monitor a network whereas HIDS are installed on a single computer to monitor intrusion on that computer.

Penetration Testing and Ethical Hacking: Some organizations don’t just stop after being notified of a vulnerability but rather try to exploit the vulnerability themselves before the intruders can get there to test the strength and effectiveness of deployed security measures. This technique is commonly known as penetration testing. This is one of the many techniques used in ethical hacking whereby ethical hackers attack security systems on behalf of their owners seeking to identify and document vulnerabilities so that they may be remediated before malicious hackers can attack.

Attack: An attack is the exploitation of a vulnerability by a threat actor. Some known attack types are bluebugging, bluesnarfing, botnet, cross-site scripting (XSS), denial of service (DoS), dictionary attack, distributed denial of service (DDoS), fragmentation attack, hijack attack, hyperlink spoofing, session hijacking, smurf attack, sniffer attack, spoofing attack, SQL injection, stream attack, SYN flood attack, teardrop attack, and zero-day exploit. Of these, zero-day exploit requires a focus here as it indicates a vulnerability known to one or more attackers but not to the vendor of the system being attacked. In some cases, the vendor may know about the vulnerability but hasn’t written or released a patch for the vulnerability yet.

Firewall: Firewalls have been the first layer of defense against attacks for many years. A firewall is a network device used to filter traffic typically deployed between a private network and a link to the internet, but it can be deployed between departments within an organization as well. Firewalls filter traffic based on a defined set of rules. Some variations include application-level gateway firewall, circuit-level gateway firewall, dynamic packet-filtering firewall, kernel proxy firewall, next-generation firewall, stateful inspection firewall, static packet-filtering firewall, web application firewall (WAF). Some cyber security professionals argue that WAF is a necessity for any critical internet facing applications for protection against web-based attacks and exploitations.

Port, Protocol: Firewalls often allow or deny traffic based on ports and protocols. In computer networking, a port is a connection address within a protocol. A protocol is set of rules and restrictions that define how data is transmitted over a network medium (for example, twisted-pair cable, wireless transmission, and so on). Protocols make computer-to-computer communications possible. HTTPS is a well-known protocol in online communications.

IAM, Authentication, Authorization, and MFA: Many cyber security incidents occur due to insufficient controls over an organization’s identity and access management system. Identity and access management (IAM) is the discipline that enables the right individuals to access the right resources at the right times for the right reasons (Source: gartner.com). Some integral concepts of IAM include authentication and authorization where the former is the process of verifying or testing that the identity claimed by a subject is valid and the latter is the process that ensures that the requested activity or access is possible given the rights and privileges assigned to the subject. Another key concept is multi-factor authentication where two or more forms of authentication is required to gain access such as a password as well as a pin sent to the subject’s mobile phone.

Encryption, Symmetric, Asymmetric: Encryption is the art and science of hiding the meaning or intent of a communication from recipients who are not intended to receive it. The fundamental difference between symmetric and asymmetric encryption is that symmetric encryption uses one key for both encryption and decryption, and the asymmetric encryption uses a public key for encryption and a private key for decryption. Additionally, a public key is a value that is used to encrypt or decrypt messages and is made public to any user whereas a private key is a secret value that is used to encrypt or decrypt messages and is kept secret and known only to the user.

Cloud, IaaS, PaaS, SaaS: Cloud computing is a concept of computing where processing and storage are performed elsewhere over a network connection rather than locally. Some popular models used in cloud computing are Infrastructure as a service (IaaS), platform as a service (PaaS), and Software as a service (SaaS).

Zombie: A system compromised by a botnet agent that is mindlessly performing actions under the remote control of a remote attacker is known as zombie.

If you would like to see an article on a specific topic, let me know and I will prioritize. Good luck with your new career.