Cybersecurity is one of the fastest growing industries globally, growing at a rate of 36.5% through 2022 according to Forbes. The reason for the high demand is quite simple, it has been extremely expensive for a company to get hacked. The average cost of a data breach in 2016 was $4 million, and that number is only going to increase as companies continue to gather more information on their customers through the Internet of Things. With data breaches becoming increasingly common, millions of people are looking to break into this very lucrative industry. However, due to the importance of the assets you are protecting the requirements for even entry level jobs can be difficult, particularly for someone coming straight out of university with little or no work experience. Here I have compiled a list of 6 skills that will help you stand out to the hiring manager and break into the field.
Understand Networking and Network Technologies
Networking is the practice of transporting data between different devices. Cybersecurity focuses solely on the cyber related risk to a company’s information assets. Primarily hackers will be trying to find ways to get access to the computers on a company’s network and extract information from those computers to use for their benefit. In order to understand what hackers are trying to do and your best course for preventing them from hacking your network you need to understand how computer networks work, how computers are connected to one another and common network and security technologies. Some of the concepts you will want to understand are local area network (LAN), wide area network (WAN), routers, switches, firewalls, encryption, security groups and administrator privileges.
Programming
Having a good understanding of programming concepts is very useful for security and IT work in general. Rather than doing a lot of the work manually, a large amount of the work is done by creating computer scripts (small programs written in computer code) that will do the task automatically without the need for human intervention. Scripts are faster and more consistent than manually completing a process. Being able to write scripts is a very valuable skillset for anyone in tech. Additionally, if you want to work doing security tests, trying to hack into companies to see how secure they are and make improvements, you will probably get to the point where you need to create your own exploits (computer programs written to hack into an application or device). To be proficient in automation or writing computer exploits you will need to be able to write code in at least 1 programming language. Also, you will want to be familiar with the common programming concepts like loops, objects and if else statements so that you can read and edit code written by other people, even if it’s not in a language that you are familiar with. Some of the most popular languages used in security are Python, PHP, C/C++ and Javascript. Some good places to begin learning programming are codewars, udemy or codeacademy.com
How to respond to a cybersecurity Incident
Every security incident is different and will require different steps to resolve but there is a common methodology that can be used to guide you along the process. Personally, I like the NIST framework for incident response because it covers all the main steps. There are 4 main steps you want to be familiar with: Analysis, Containment, Eradication and Recovery. You want to understand the goal of each step as well as the common activities that are performed at each step.
NIST Incident Response Lifecycle
Analysis: For this phase you want to understand the scope of the data breach so you know what you’re responding to. This includes things like how many computers are affected, what services within the company are affected, what type of malware is it and what indicators of compromise (IOCs) are available.
Containment: Once you understand the scope of the incident, next you want to contain the situation. For a cybersecurity incident this usually means isolating all affected machines, by disconnecting them from the internet and disconnecting them from the company’s network (all other company machines). For example if your company has 100 machines and 10 machines get affected. You want to disconnect all 10 machines from the internet so that the hacker can’t connect to them. Next, you disconnect all 10 machines from the other machines on the network so the malware can’t spread to any other devices and you can safely say that the incident is contained. It’s important in this step that you don’t power off the 10 machines because you will lose valuable evidence that you will need in the later steps. For example computer memory is erased when a machine loses power. Malware often leaves evidence in the computer’s memory that can be found using computer forensics. Therefore, you don’t want to shut off any machines, simply remove internet access, disconnect them from the company’s network and all other corporate devices.
Eradication: In this step you want to remove any trace of infection from the affected systems and fix the vulnerability on those machines that allowed for the infection. This is important so that the affected machines can be reinserted back into daily operations. This includes removing any malware that was installed on the machine, resetting any passwords that were compromised, adding 2 factor authentication, patching vulnerable software etc. The goal is to have clean and secure systems that the business can start using again. The best way to do this is to reimage the machine using a trusted image. This simply means wiping the computer of all data and software and then reinstalling the software back onto the machine.
Recovery: This is when you restore the services and accounts that were lost because of the data breach. In this phase you reconnect any services, desktops, applications etc back to the company network or the internet for regular use. Also, if any accounts were disabled, once their login information has been reset and improved you can re-enable them for use.
Understand Compliance Laws and Regulations
In the last 10 years several regulators and governments have passed data protection laws and regulations. These rules mandate that companies have certain levels of security measures in place to protect consumer information. Some cybersecurity professionals are paid just to make sure their company’s are compliant with these regulations so that the companies can avoid fines and penalties from the regulators. Some of the big regulations you want to be familiar with are CCPA, PIPEDA, SOX, GDPR and PCI-DSS.
Be comfortable with the command line
A large amount of the work a security professional will do involves using the command line. The command line is opened by going to your start menu and looking up “terminal”. It’s a black window that you will probably see if you ever watch a movie revolved around a computer hacker. Many times you will work with servers that have no graphical user interface (GUI) so the only way to access that server will be through the command line and being able to navigate it will be essential. Additionally, many popular security tools such as nmap and Metasploit are primarily used through the command line and you will need to be comfortable with the command line so you can use those tools in everyday work. Lastly, many operating systems have built in command lines tools that are very helpful in malware analysis, forensics and other areas of security. There are several reasons to become familiar with the command line, especially for the linux operating system, less so for windows. There are several online places to learn about the command line but one practical way to learn is platforms like tryhackme.com, they have a linux challenge room where you can do capture the flag(CTF) challenges that teach you the linux command line. Some free online resources are overthewire and rootme.
This is what a terminal looks like on a linux or mac operating system
Understand how computer hacks happen
Lastly, you want to be able to read and understand how computer hacks happen. Computer hacks occur almost everyday and one of the best ways to learn how they happen is to read some news articles. Most big data breaches have several write ups that anyone can google and begin to understand how these hacks happen. As you read more and more of these articles you will start to understand the common reasons why companies get hacked. For example weak passwords, unpatched software, social engineering, third party vendors getting hacked, improper configurations and so on. Once you understand what the common themes are, you will be able to make recommendations based on what has happened to other companies.
Final Thoughts
Cybersecurity has many different elements and it’s impossible to highlight them all in one article. However, developing a solid understanding of the points that I have highlighted will give you a good idea of the field as a whole. You will have the foundation you need to step into almost any area of cybersecurity, be competent and understand how what you’re doing will affect the overall picture. Once you are at that basic level of proficiency you can pick a niche and specialize even further into an area of your choosing.