What classes will better prepare me for the emerging market of IT Security?
College courses or private course
#college #college-major #college-admissions #student #IT #Security #cyber #databreach #computer-engineering #writing
First I'll give you the more obvious answer. You should start with a survey of computing languages and then operating systems. Without knowledge of a lot of operating systems, I would have been severely hampered in attacking a lot of security problems. Sometimes the bad guys will use lesser-known technologies to circumvent security measures. Since lots of people are familiar with a smaller number of popular technologies, these hacks are solved more quickly. But now, I'd say a very practical approach is to read books on hacking and computer security. The reason for the first step -- learn programming and systems and computer architectures -- is obvious. A second step of simply looking for a class in computer security or reading texts on computer security is to understand existing countermeasures. The downside to this is that many hacks are perpetrated by folks who have studied these same books and outwit the countermeasures. The next step is to read books about hacking. Beginning Computer Hacking by Alan T. Norman is a good start. Then there are other books that go deeper.
Now I'll give you some advice that will be a little less predictable than, say, a book of computer protocols. It may be less often that you'll need this information, but if confronted by such a problem, you'll be congratulated. Read a book on psychology. Get a taste for the motivation of your hacker. Most fall into two categories. First is for gain or control. Second is just for fun. I was once tasked with finding out why a system was going down for two minutes at seemingly random intervals. That was pretty straightforward because I did the standard thing of looking through system logs, nailing the failing module, and looking through actual code for vulnerabilities. But another time I was tasked with finding out why a telecommunications system was falling down every now and then. In that case, there were tons of control interfaces to look at. I decided that the outages didn't seem to gain anyone anything. So I thought of where control interfaces would be exposed to, say, college kids, who would be more prone to do something just to see if they could. Psychology. And looking through some hacking magazines of the time, I stumbled on an exploit that was nothing more than initiating a database update that could be corrupted. If you are confronted with a system that is behaving badly -- outages, slow-downs, etc. -- it may simply be a bug. But if it's someone messing with the system, it might be nice to understand what attracted a hacker to that particular attack.
Cybersecurity is like engineering maintenance. The vast preponderance of work is done to design a system that does what's required. Cybersecurity, like engineering maintenance, is done to address every other possibility in the universe, so it pays to understand the motivation of the perpetrator to at least pare that set of possibilities down a bit.
That are a lot of classes that will help you, specifically for Cyber security its good to have a solid background in software engineering and design, understand software architecture and the common software vulnerabilities. Ethical hacking and penetration courses are also good to take.
if you are interested in risk and IT governance there many classes for security and risk management, The CISSP certification is also a good one to have. you can find a lot of information here
Programming skills such as Python and Powershell along with Perl or Java would be my recommendation that will set you apart to hiring managers. I would also recommending courses in Linux or Unix Administration where you learn vital terminal command-line skills. Any network security appliance if offered such as prep classes for Cisco Certifications will teach you the basics of network security and looks good to decision makers and hiring managers.
The majority of training in your career will be self taught so become familiar with github or gitlab and start downloading and testing open source projects. Download and install different linux flavors such as Redhat, Ubuntu, CentOS etc and use one everyday as your primary OS to use for school or testing often enough so you become familiar how to tune, fix and troubleshoot.
Pick a IT Security Certification and get certified. Certs such as Security +, Certified Ethical Hacker CEH, Systems Security Certified Practitioner SSCP and many others do help early on to stand out among a growing field of Cyber Professionals.
One recommendation I have seen work and given to others is to consider starting with a security vendor as a support engineer. Once your employed with a vendor you have opportunities to network with other cyber professionals while learning and growing in the field. Always be proactive, motivated and not afraid of change and a good self learner.
You asked a great question, fortunately the field of Security has a triangulation conception model. And its from these three areas all avenues of Security fall under and
may assist with class selection.
Administrative, Technical and Physical.
Administrative- think about classes in Risk Management, Biz Continuity, Disaster Planning, Legality
Technical- think about Network Security, how data travels from point A to point B. Cryptanalysis, how the data gram is protected as it travels. Application Development and Security Engineering what is machine language and how is machine language received by the endpoint to where humans are able to understand.
Physical Security- The facility itself, CCTV, badge readers, turnstiles, Mantraps.
Hope this information is useful and good look to your future endeavors.
Classes I suggest:
1. Data analytics - companies need people with data science and data analytic skills to train the algorithms to run the networks better. For job seekers in the security field, consider getting certified or pursuing on-the-job training in data analytics. Knowing how to interact and manipulate big data sets is going to be far more valuable to your employer than having 10 years of knowledge on how to provision firewalls.
2. Machine learning (ML) skills, including programming artificial intelligence (AI), offer a fast track to the security jobs of the future
3. Cybersecurity tools and techniques (including penetration testing, vulnerability management, etc.)
4. Business Communication/Public Speaking / Leadership Presence/Soft skills - it is important to communicate concepts clearly and be able to earn and maintain the trust of others to do your job well since - learn more here: https://enterprisersproject.com/article/2020/8/how-land-it-security-job-now
Certifications you may also want to pursue either just before graduating or even during an internship or alongside working in the field include:
CISSP: https://www.isc2.org/Certifications/CISSP-Concentrations - This is especially relevant if you plan you work in analysis, auditing, systems engineering, or anything in between.
Certified Cloud Security Professional (CCSP): https://www.isc2.org/Certifications/CCSP
If looking for specializing in Azure cloud security and being a Security Engineer, then these are relevant: https://docs.microsoft.com/en-us/learn/certifications/browse/?roles=security-engineer
Certified Information Security Manager (CISM) - https://www.isaca.org/credentialing/cism - This is for those with technical expertise and experience in IS/IT security and control and wants to make the move from team player to manager. CISM can add credibility and confidence to your interactions with internal and external stakeholders, peers and regulators.
Courses in IT security tend to examine the foundations of networks and information systems, study their vulnerabilities and assess how to protect them from attacks. Many courses lead up to some sort of certification, or they may be a part of a larger degree program. Course topics may include an introduction to information security, operating systems, code development, digital forensics and more.
As people become more dependent on technology, there is likely to be a growing need for IT security. Graduates who earn a certificate or degree in this field may qualify for such positions as computer crime investigator, network security engineer, technical director, forensic analyst, security architect and a variety of other careers. Where there is a computer network and a business, there is often a need for an individual qualified in IT security.
Below are the courses you can try:
If you want to have a broader aspect of IT security and have experience in this domain you can also go for CISSP certification.
Below is my experience for this journey, hope you find it helpful.
Seek courses in fundamental concept areas such as networking, OS, software engineering, and search for professors that can help you look for courses that are more tailored for your potential job interests. Focus on building relationships with those teachers who have industry knowledge from their experience in IT Security. The more well versed you are in commanding multiple Operating Systems, Apps, Products will expose you to optimal success in emerging industries.
I would specifically recommend you study courses that discuss data breaches or cyber incident response, forensics, and crisis management methodologies. Please feel free to reach out if you wish to chat more. All the best.
Bill recommends the following next steps:
Information Security, ever is an evolving domain with fast variance or options, broader view, shall be classified into Network Security / Application Security. For being a Network Security professional, need knowledge on perimeter guarding products like, firewall, VPN, DMZ, IDS, IPS, etc.. Similar way, for Application security demands knowledge on application attacks, application firewall, database security, security patching, etc..
Irrespective of Network security or Application security, fundamental knowledge on PC hardware, as most network appliances are build with similar design, good knowledge on various operating systems like windows, Apple Macintosh, Linux & Unix is a must as most end devices operate on these platforms.
In my personal experience, i would suggest basic networking fundamentals & data routing & switching knowledge would be more helpful in regards to Network security as one has to understand the base technology of network as Security is service rendered over the base computer networking.
Hope my insights helps, wishing you all success for your dream career.