What software should I be familiar with in order to pursue a Cyber Security/Network Security/Information Security career?
#information-technology #computer-engineering #cyber-security #computer-software
- Burp Suite
Other that that, it's a good idea to start looking into the Kali Linux toolbox, which includes many of the (free) tools commonly used in the industry, including the 3 listed above.
For a career in Cyber Security/Network Security/Information Security, I would recommend any of these languages:
Cybersecurity is a pretty broad field - the good news is, that there is something for everyone. My advice is to wade in with a focus on something that fits your personality and you are passionate about. No matter what aspect you focus on, you will want to not just embrace the security tools, but the underlying discipline too. Want to work on pen testing web apps, WiFi Networks, or mobile devices? Then you want to be someone who has a good foundation in the languages, platforms, and frameworks that govern each. This focus will help you be a much more successful security specialist. Knowing as much as you can about what you are attacking or defending goes a long ways!
Good Blue Teamers or end-system testers often come from a SysAdmin background, so understanding the operating systems, environment architectures, and the common tools that a Windows or Linux SysAdmin leverages is invaluable. Effective system administrators script and automate, so tools that support that, like PowerShell, bash, python, etc. are key. Entry level certs from MS or RedHat might be a huge help in getting your feet wet and determining your next step. From here, the tooling will vary greatly based on what you are after. Most of those tools are written in Python, Ruby, Go, or are scripted in bash, so it can be fairly useful to get your feet wet there.
Network Security folks (again, both Red and Blue) are much more effective when they have some fluency in the protocols and operating systems that they are tasked with securing or testing. In these cases, it is more about understanding the interplay of the vendor OS and the protocol specifics (Cisco, Juniper, Dell, HP OSes vs. protocols like the TCP/IP stack, routing protocols, etc.). Once you have that foundation, there are literally thousands of tools you might encounter, but WireShark is a universal first step for defenders and attackers. As for languages, Python is almost indispensable, as is bash scripting. Then you can pursue the tooling that makes sense. Certs from vendors (like Cisco) or from neutral parties (CompTIA's Network+) can be helpful in building the foundations here.
Cloud Security looks a little like web at first, but with a focus on the environment (AWS, Azure, GCP, etc.) All have their own quirks and toolings, but the concepts are very similar. Language-wise, Python is pretty helpful, as is understanding container-focused tools like Docker and Kubernetes. Both the cloud providers and the container-shops have great free education pathways, with low-cost but highly valued certs if that is your sort of thing.
Similar things can be said for wireless, mobile, Internet of Things, or any other technical security focus - learn about what you are trying to secure or evaluate, start with the basics and pursue it so long as you are passionate. The rest will take care of itself.
While we're here, it is worth mentioning that there are sorely lacking skillsets out there in cybersecurity that need addressing. People skills and communications chops are in high demand. Do you like helping people understand technical stuff? Maybe focusing on policy and education would be a good idea? Do you like performing for the greater good? Take a look at Social Engineering.
Start with an interest, and continue on a path to build your passion. Try out a couple of areas, the cross-training is invaluable too. And don't worry about finding THE path - we all get there a very different way.
Mike recommends the following next steps:
It’s easy to become fixed on security tools, but being a good technologist first will make you more well rounded than someone that fixates on security tools.