A year ago, I wrote an article entitled Starting Your Career In Information Technology. As your career goes on, you may find yourself traveling down different routes than you originally planned. This article is a follow-up, designed to give an idea of what cyber security has become for me after I transitioned to it from networking.To begin, I was self-taught. I started out as a system administrator and IT manager. Later, I went to college to learn about Cisco and network architecture. Eventually, I found myself looking more and more at the following question: “Well, now that I’ve deployed that network, what happens next?”Differences between IT & ISThere’s a huge difference in the skill sets required for the technology field, information technology (IT), and information security (IS or cyber security).Below, I’ve generalized three typical departments you may find in an office:Cyber Security Consultants: Their job is to remain on top of the latest technology advances, be aware of the world news in both technology and general subjects, and constantly ask “what’s next?” Often research and development also fall here.Internal Cyber Security: Internal cyber security is required to keep on top of news/world events just as consultants do, but additionally, they help to maintain the IT infrastructure and strengthen the human firewall.Technical Support: These are people who provide support to users for when technology malfunctions, standard builds and more.The importance of separate departmentsCyber security is a vast subject, covering many different types of tasks and skills; you may know a bit of each topic, but you cannot master everything. We all have different skills and learn in different ways; we are motivated separately and enjoy different aspects of technology. This factor is what enriches cyber security.“If you do what you love, you’ll never work a day in your life.” –Marc AnthonyI’m sure you’ve heard this quotation before. This, to me, applies greatly to cyber security and even information technology. As techs, we often are found playing around with gadgets and get excited over the next best thing. We also enjoy attending or speaking at conferences because our hobby tends to be what we do.The reality is that cyber security is a lot of hard work; it can be long hours at the office and require many spur-of-the-moment decisions. To balance these demands, you must have foundational knowledge along with an ability to adapt to each situation quickly. The best techs I know do what they do because they enjoy it.We all come into cyber security from different backgrounds. I came through network architecture while many others came from application development or web development. But what’s the best way to enter Cyber Security?
do your ccna or network+ everything you do going forward will be based on that foundation.— Joseph S (@MiddleSiggy) February 27, 2017I agree with building foundations. You need to understand the basics to be able to create complex solutions. Please be aware that networking isn’t the only way to get into cyber security.#CyberSecurity is a massive bucket that means different things to different companies. A lot of Security is done in IT.— equus ex machina ♘ (@lnxdork) February 27, 2017Just like in software development, you need to consider cyber security regarding how it applies to every aspect of the business, from architecture to deployment, from sustaining the infrastructure to deciding on the standard build of users experience.At my work, cyber consultants, internal cyber, IT ops, risk and compliance, and partners all work together closely when making decisions on what direction to go in. The internal cyber awareness program is designed with users in mind, focusing on their motivators and teaching skills that they can apply directly to their jobs.Your job is not to look after your users. It is to help your users to look after themselves.— ʎɐʍuoɔ ʍǝɹpuɐ (@AndrewConway) February 27, 2017I love this quote. Truly, it covers what I want you to take away from every training experience; every interaction with me and my team, every part of my job. Our users are the cyber defense team. They’re our human firewall, a role which our techs share.Working together, we can all make our jobs and lives better by understanding what the threats are and knowing that each of us is responsible for making our environment secure. Our job as cyber security is to be supportive to users, so they can feel safe asking questions and thereby feel motivated to learn.I wanted to learn more about snmp and monitoring, so I wrote an app to monitor various statistics from my systems and graph them— Mike Saunders (@hardwaterhacker) February 27, 2017Learning all kinds of different systems was a significant factor in my transition to a security role.— Mike Saunders (@hardwaterhacker) February 27, 2017Learning for me is hands on; when I wanted to learn Python, I built a lab Network Configuration Management system that reads in SysLog to track all config changes on my lab environment.
When I run training at my work, I use hands-on learning to teach users hacking skills on attacks that commonly are brought against them so they can better recognize when they’re being targeted.
don’t go for the hard stuff right away. Build up slowly. Maybe start with one shot of rum per day, then work your way up.
— Jerry Bell (@Maliciouslink) February 27, 2017
As Jerry notes, you need to start out small. Going back to the map of cyber security domains above, you can very easily be overwhelmed with the number of things you may be expected to master starting out. The thing is it’s okay to say you don’t know.
Learning is ongoing and fluid; you learn one part then focus on another. Later, go back and realize you had it all wrong.
don’t test a suspected ransomware fill on your computer
— Bill Carter (@ccie5022) February 27, 2017
Although you might laugh a bit on this, Bill makes an important point: using the right tools for the job is vital. When we learn and explore, we want to make sure we aren’t creating vulnerabilities in our environments. One reason we separate development and production environments is to push changes out to the development environment and see if it breaks anything. Our laptops are the same.
When learning how to recognize phishing emails or malware analysis, make sure you’re keeping your system safe along the way. Follow guides and tutorials online, malware analysis labs, or capture the flag (CTF) exercises in virtual environments that will not affect your system.
develop a security mindset. Look at the bigger picture of how security and other systems operate and integrate (360 degree view)
— ownage (@ownageinc) February 27, 2017
@mininatechsec make sure you are working hands on with things. Don’t just study books, build some things. Scripts, tools,etc.
— StarLordess (@pjarmstrongaz) February 27, 2017
At the end of the day, there are many different aspects of cyber security; it is impossible for anyone to be an expert in all the different parts. And honestly, we wouldn’t want anyone to be! Cyber security is the process of layering on different technical controls and awareness training to build a strong human firewall.
We need a variety of viewpoints. We need a variety of skills to build our layers of security. And we need a variety of people. Pursue your passions whatever they may be, as that will allow you to progress further. Continuously motivate yourself to learn more, and allow for more secure environments.
Finally, certifications. Certifications tend to be a big debate on value vs cost when it comes to what you’re learning and how much that helps you with actually getting the job. From my experience, certifications look great on a CV (resume), but so do different experiences and lab environments at home. There’s a critical balance to gaining certifications vs gaining experience.
If you’re in a position where the cost of a certification isn’t daunting, I would say definitely go for it. But if you’re like many who can’t afford to give out hundreds or thousands of dollars to gain a certification, then focus on what you can do on your own and gain experience that way through things, such as labs or projects.
Interested in learning more? Below are some excellent references both free and paid.
About the Author: Zoë Rose is a Cisco Champion and Splunk architect. She helps clients secure their network infrastructure from data loss and cyber-attack. In addition to specializing in network security, Zoë also supports ethical hacking, incident response engagements, advice on best practice software development, and secure systems architecture.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.