!!!!Advent of Cyber Security Career!!!!

Most of students were graduate or post graduate from reputed colleges and universities every year with cyber security or computer science degrees only to find employers are less than thrilled about their practical part and basic skills. At a latest survey that identified some of the bigger skills and understanding gaps, and some thoughts about how those seeking a career in these fields can better stand out from the crowd.

As my observation ,Virtually every week Indian Cyber Security Solutions receives at least one email from someone seeking advice on how to bring myself into cyber security and questions for career. In most cases, the aspirants ask which certifications they should seek, or what specialization in computer security might hold the brightest future.

A common theme in these C-level executive responses is that many candidates simply having lack hands-on experience with the more practical concerns of operating, maintaining and defending the information systems which drive their businesses.

Most people who have just graduated with a lack practical experience. But happily, a somewhat unique aspect of cyber security is that one can gain a fair degree of mastery of hands-on skills and foundational knowledge through self-directed study and old fashioned trial-and-error.

Without have networking knowledge it would be not possible that how one device communicate with another device and which types of header they are using Trying to get a job in information,cyber or network security without a deep understanding of how data packets work is a bit like trying to become a chemical engineer without first mastering the periodic table of elements.

But please don’t take my word for it. From research I found that The SANS Institute, a Bethesda, Md. based security research and training firm, recently conducted a survey of more than 500 cyber security researcher at 284 different companies in an effort to suss out which skills they find most useful in job seekers, and which are most frequently lacking.

This survey asked respondents to rank various skills from “critical” to “not needed.” Fully 85 percent ranked networking as a critical or “very important” skill, Mastery of the Linux operating system (77 percent), Windows (73 percent), Exploitation techniques (73 percent), computer architectures and virtualization (67 percent) and data and cryptography (58 percent). Perhaps surprisingly, only 39 percent ranked programming as a critical or very important skill (I’ll come back to this in a moment).

How did the cyber security researchers scrutinized grade their pool of potential job candidates on these critical and very important skills? The results may be eye-opening:

“Employers report that student cyber security preparation is largely inadequate and are frustrated that they have to spend months searching before they find qualified entry-level employees if any can be found,” said Alan Paller, director of research at the SANS Institute. “We hypothesized that the beginning of a pathway toward resolving those challenges and helping close the cyber security skills gap would be to isolate the capabilities that employers expected but did not find in cyber security graduates.”

There has also some kind of with out certified people who are got into security because they were passionately and intensely curious about the subject, and that curiosity led them to learn as much as they could — mainly by reading, doing, and making mistakes (lots of them).

I mention this not to dissuade readers from pursuing degrees or certifications in the field (which may be a basic requirement for many corporate HR departments) but to emphasize that these should not be viewed as some kind of golden ticket to a rewarding, stable and relatively high-paying career.

More to the point, without a mastery of one or more of the above-mentioned skills, you simply will not be a terribly appealing or outstanding job candidate when the time comes.

So what should focus on, and what’s the best way to get started? First, understand that while there are a near infinite number of ways to acquire knowledge and virtually no limit to the depths you can explore, getting your hands dirty is the fastest way to learning.

No, I’m not talking about breaking into someone’s network, or hacking some poor website. Please don’t do that without permission. Must target third-party services and sites, stick to those that offer recognition and/or incentives for doing so through bug bounty programs, and then make sure respect the boundaries of those programs.

Besides, almost anything want to learn by doing can be replicated locally. Hoping to master common vulnerability and exploitation techniques? There are innumerable free resources available; purpose-built exploitation toolkits Metasploit,WebGoat, DVWA, XVWA,DVWS,Bwapp,Muttillidae,WebWolf,Juice shop,Portswigger academy,TryHackMe,HackTheBox,Natas and Bandit into overthewire,Vulnhub,rootme.org,hackthissite.org,ctftime.org,picoctf e.t.c and custom Linux distributions like Kali Linux that are well supported by tutorials and videos online. Then there are a number of free reconnaissance and vulnerability discovery tools like Nmap, Nessus, OpenVAS Nikto and so more. This is by no means a complete list.

Set up own hacking labs or make your own VM , Free virtualization tools like Virtual Box can make it simple to get friendly with different operating systems without the need of additional hardware.

Or look into paying someone else to set up a virtual server that you can poke at. Amazon’s EC2 services are a good low-cost option here. If it’s web application testing you wish to learn, you can install any number of web services on computers within your own local network, such as older versions of WordPress, Joomla or shopping cart systems like Magento.(This is optional )

Want to learn networking? Start by getting a decent book on TCP/IP and really learning the network stack and how each layer interacts with the other like OSI ref model,TCP model or Hybrid model

And while absorbing this information, learn to use some tools that can help put newfound knowledge into practical application. For example, familiarize with Wireshark ,Tcpdump,Tshark,iptables commands handy tools relied upon by network administrators to troubleshoot network and security problems and to understand how network applications work (or don’t). Begin by inspecting own network traffic, web browsing and everyday computer usage. Try to understand what applications on your computer are doing by looking at what data they are sending and receiving, how, and where.

While being able to program in languages like Go, Java, Perl, Python, C or Ruby may or may not be at the top of the list of skills demanded by employers, having one or more languages in your skill set is not only going to make you a more attractive hire, it will also make it easier to grow your knowledge and venture into deeper levels of mastery.

It is also likely that depending on which specialization of security end up pursuing, at some point will find ability to expand that knowledge is somewhat limited without understanding how to code.

For those intimidated by the idea of learning a programming language, start by getting familiar with basic command line tools on Linux. Just learning to write basic scripts that automate specific manual tasks can be a wonderful stepping stone. What’s more, a mastery of creating shell scripts will pay handsome dividends for the duration of career in almost any technical role involving computers (regardless of whether you learn a specific coding language).

I believed that Much like learning a musical instrument or a new language, gaining cyber security skills takes most people a good deal of time and effort. But don’t get discouraged if a given topic of study seems overwhelming at first; just take time and keep going.

That’s why it helps to have support groups or lots of community. Seriously. In the cyber security industry, the human side of networking takes the form of conferences and local meetups. I cannot stress enough how important it is for both your sanity and career to get involved with like-minded people on a semi-regular basis.

Many of these gatherings are free, including Security BSides events, DEFCON groups, and OWASP chapters. And because the tech industry continues to be disproportionately populated by men, there are also a number cybersecurity meetups and membership groups geared toward women, such as the Women’s Society of Cyberjutsu and so more.

Unless live in the middle of nowhere, chances are there’s a number of security conferences and security meetups in general area. But even do reside in the boonies, the good news is many of these meetups are going virtual to avoid the ongoing epidemic that is the COVID-19 .

In summary, don’t count on a degree or certification to prepare for the kinds of skills employers are going to understandably expect to possess. That may not be fair or as it should be, but it’s likely to develop and nurture the skills that will serve our future employer(s) and employability in this field.

I have little bit experience and still learner and share my experiences here.Actually I’m researching on this topic and I’m certain that readers or viewers here have their own ideas about how beginners, students and those shift there career into cyber security can best focus their time and efforts. Please feel free to sound off in the comments. I may even update this post to include some of the better recommendations.

Penetration Tester@⠎⠓⠁⠗⠍⠊⠞⠁⠝⠍⠁⠽

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

India : an emerging Orwellian state?

Public key infrastructure and crypto agility are key to IoT

ICP wallet and governance software introduction!

Service Account Credentials API: A solution to different issues

Smart Contract and Audit Report


How to Hide system information? — Security method

Secure the Solana Ecosystem (4) — Account Validation

HackTheBox Writeup — Olympus

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Tanmay Bhattacharjee

Tanmay Bhattacharjee

Penetration Tester@⠎⠓⠁⠗⠍⠊⠞⠁⠝⠍⠁⠽

More from Medium

What is Cloud Security Engineer

Code Review Guru Series: What Makes An Application Secure?

Automation in Cybersecurity

How Does 5G Affect Application Security?