12 answers
Maddox
Student
Rock Hill, South Carolina
1
Question
Asked
629 views
Cyber Security?
What is some of the challenges with this field and what do i need to do to get ready for that career?
Login to comment
12 answers
Ravi Kumar
Enterprise Architect
9
Answers
Taunton, Massachusetts
Updated
Ravi’s Answer
The field of cyber security is constantly evolving, and there are several challenges that professionals face. Some of these challenges include:
- Advanced persistent threats (APTs) - these are complex and sophisticated attacks that are difficult to detect and prevent.
- Cloud security - as more organizations adopt cloud technology, there are new security risks that need to be addressed.
- Lack of skilled professionals - there is a shortage of skilled professionals in the field of cyber security, which can make it difficult to adequately protect organizations from cyber threats.
- Staying up to date with the latest threats - as new threats emerge, it is important for professionals to stay informed and updated on the latest techniques used by attackers.
To get ready for a career in cyber security, it's important to:
- Acquire a solid understanding of computer science, network security, and information security.
- Gain hands-on experience by participating in security projects, hackathons, or by working on personal projects.
- Obtain relevant certifications, such as the Certified Information Systems Security Professional (CISSP) or the Certified Ethical Hacker (CEH) certification.
- Stay updated on the latest security trends and technologies by reading industry blogs and attending conferences and events.
- Network with others in the industry, including attending local cyber security meetups and participating in online communities.
- Advanced persistent threats (APTs) - these are complex and sophisticated attacks that are difficult to detect and prevent.
- Cloud security - as more organizations adopt cloud technology, there are new security risks that need to be addressed.
- Lack of skilled professionals - there is a shortage of skilled professionals in the field of cyber security, which can make it difficult to adequately protect organizations from cyber threats.
- Staying up to date with the latest threats - as new threats emerge, it is important for professionals to stay informed and updated on the latest techniques used by attackers.
To get ready for a career in cyber security, it's important to:
- Acquire a solid understanding of computer science, network security, and information security.
- Gain hands-on experience by participating in security projects, hackathons, or by working on personal projects.
- Obtain relevant certifications, such as the Certified Information Systems Security Professional (CISSP) or the Certified Ethical Hacker (CEH) certification.
- Stay updated on the latest security trends and technologies by reading industry blogs and attending conferences and events.
- Network with others in the industry, including attending local cyber security meetups and participating in online communities.
Scott Contini
Security Engineer
5
Answers
Sydney, New South Wales, Australia
Updated
Scott’s Answer
Hi Maddox, I am a Cyber Security professional. My specialisation is application security -- helping developers write secure code. But there's a lot more to Cyber Security than just that.
I suggest that you Google for Cyber Security career paths to get an idea where you want to specialise, because there are many different options. But for most career paths, you need to a computer science or programming background.
I always suggest people going into our area to first learn about the basics of hacking so you understand what you are defending against. There's a lot of great places to learn and get some experience with on the internet: portswigger, pentesterlabs, hackthebox, TryHackMe, etc... There's also some really good YouTube videos. A very good start is to get experience with a web hacking tool known as "Burp Suite". Yes, that is the correct name :-) . There are other tools like Metasploit and all the things packaged into Kali Linux, but I really think starting with Burp is a great. Also, you can practice your learnings on the OWASP Juice Shop (Google it).
In regard to "challenges with this field" -- every company/org is going online and yet there are not enough cyber security professionals to keep up. This is compounded by developers not learning secure developer practices in the University level and a crazy, out-of-control open source supply chain (ask any security professional about log4j or supply chain attacks and you'll get a feeling of all the problems), both of which the Biden administration is trying to address.
It's scary with all of our private data going online and yet hackers going after it all of the time. Some of the breaches are amazingly simple, such as the Equifax hack that could have easily been avoided had they had a competent security team. Honestly, there are lots of really simple attacks where bad people are getting access to our private data. Worse, the hackers have learned that ransoming data sometimes works (see Uber for example), which means being bad can lead to huge profits if they get away with it.
There is also the case of government access to personal data. The Snowden revelations gives us good examples of what the NSA was doing, but it is not just them. Your data lives in the cloud all over the world, and foreign governments could be abusing it. Learn about "data residency".
I'm only scratching the surface of challenges and pain points, but the good news is that there is huge demand for cyber security professionals and the field pays really well. You can earn lots of money in this ever demanding field for more cyber security professionals.
In addition to the resources I have already told you about, I suggest joining the reddit subreddits of /r/NetSecStudents and /r/cybersecurity ... Both of which are good for starting out and figuring out where you want to specialise. Once you get started, you will learn where to go to for more information there.
Good luck!!!
I suggest that you Google for Cyber Security career paths to get an idea where you want to specialise, because there are many different options. But for most career paths, you need to a computer science or programming background.
I always suggest people going into our area to first learn about the basics of hacking so you understand what you are defending against. There's a lot of great places to learn and get some experience with on the internet: portswigger, pentesterlabs, hackthebox, TryHackMe, etc... There's also some really good YouTube videos. A very good start is to get experience with a web hacking tool known as "Burp Suite". Yes, that is the correct name :-) . There are other tools like Metasploit and all the things packaged into Kali Linux, but I really think starting with Burp is a great. Also, you can practice your learnings on the OWASP Juice Shop (Google it).
In regard to "challenges with this field" -- every company/org is going online and yet there are not enough cyber security professionals to keep up. This is compounded by developers not learning secure developer practices in the University level and a crazy, out-of-control open source supply chain (ask any security professional about log4j or supply chain attacks and you'll get a feeling of all the problems), both of which the Biden administration is trying to address.
It's scary with all of our private data going online and yet hackers going after it all of the time. Some of the breaches are amazingly simple, such as the Equifax hack that could have easily been avoided had they had a competent security team. Honestly, there are lots of really simple attacks where bad people are getting access to our private data. Worse, the hackers have learned that ransoming data sometimes works (see Uber for example), which means being bad can lead to huge profits if they get away with it.
There is also the case of government access to personal data. The Snowden revelations gives us good examples of what the NSA was doing, but it is not just them. Your data lives in the cloud all over the world, and foreign governments could be abusing it. Learn about "data residency".
I'm only scratching the surface of challenges and pain points, but the good news is that there is huge demand for cyber security professionals and the field pays really well. You can earn lots of money in this ever demanding field for more cyber security professionals.
In addition to the resources I have already told you about, I suggest joining the reddit subreddits of /r/NetSecStudents and /r/cybersecurity ... Both of which are good for starting out and figuring out where you want to specialise. Once you get started, you will learn where to go to for more information there.
Good luck!!!
Mehul Doshi
Privacy Data Governance & Compliance
3
Answers
New York, New York
Updated
Mehul’s Answer
Its ethics. We should aim to support the community we are serving to remove impediments & secure their privacy, ethically. Bad actors will exploit where opportunities & vulnerabilities exist. My peers have provided very good advice & practical steps you can take in gaining cyber security certifications and knowledge about the current threat landscape. Continue learning about the various emerging APTs and emerging tools for cyber security controls & risk management for protecting end points and securing data at rest or in transit whether on-prem or in the cloud. Hardening policy controls with multi-layer network security & access controls using PLP (Principles of Least Privilege) as well as decreasing the data debt & lineage you need to monitor and govern helps. This is an evolving space and evolution take time. It is up to us to be ethical and be our best as well as help support others to be their best.
Emil Jandourek
Engineering Operations
6
Answers
Reno, Nevada
Updated
Emil’s Answer
I agree with Ravi's answer above. It really is about staying up to date on APTs, the latest threats, and cloud. In the multi-cloud world where companies are dealing with a heterogeneous mix of on-premises private clouds, edge devices, and public cloud there are many different entry points into the systems. Understanding these and how such systems are configured, managed, and monitored is critical.
Becoming good at analyzing threats and sifting through incident data to identify the impact of a breach -- specifically what exactly was compromised and what data was taken -- are both critical skills. The former can help software developers build better code and the later can help with incident response. Subspecialties in the field exist around Application Security (AppSec) and Information Security (InfoSec).
Finally, the "lack of skilled professionals" presents an opportunity for those looking to get into the field -- there is high demand, lots of jobs are available, and pay / compensation is very good.
Becoming good at analyzing threats and sifting through incident data to identify the impact of a breach -- specifically what exactly was compromised and what data was taken -- are both critical skills. The former can help software developers build better code and the later can help with incident response. Subspecialties in the field exist around Application Security (AppSec) and Information Security (InfoSec).
Finally, the "lack of skilled professionals" presents an opportunity for those looking to get into the field -- there is high demand, lots of jobs are available, and pay / compensation is very good.
Joshua Dodge
Telecommunications Engineer
3
Answers
Vancouver, Washington
Updated
Joshua’s Answer
Understand the communications protocols and infrastructure cyber security intends to protect.
Understand attack vectors.
Understand hardware and software components that are use in different solutions or applications.
Understand attack vectors.
Understand hardware and software components that are use in different solutions or applications.
Ken Taitingfong
Information Security Engineer
13
Answers
Morrisville, North Carolina
Updated
Ken’s Answer
The cybersecurity fields is actually quite wide. You can go into vulnerability assessment and penetration testing, incident response, engineering, compliance, forensics, and more. Some of the best security professionals I've worked with didn't start off in the cyber security field. They were system administrators, network engineers, or even help desk. This gave them the ability to become very knowledgable in their field and then learn to apply security controls and practices to those systems and environments. Because they knew how to "speak" Windows, Linux, or network, they picked up very quickly how to "do" security on them.
The challenge that I see with this field is with people breaking into the cybersecurity with no practical experience. They understand the concepts very well but when a systems administrator asks, "ok, what do I do to fix this vulnerability," sometimes those people struggle because they never worked on any of those systems. The field is constantly changing too - new threats, new vectors, new technologies, new techniques, new tools, so keeping up with it all can be daunting. A saying that is sometimes repeated in our field is, "An attacker needs to be right only once. A defender needs to be right all of the time." That's a bit exaggerated but some days it feels like that.
I would suggest trying to figure out what you want to do first. If there are cyber security conferences in your area that you can attend or any security focused groups you can join, consider doing that too. Talk to your career counselor at your school and see if they can put you in contact with a resource to help point you in the right direction.
Decide which area or areas of cybersecurity you may be interested in pursuing.
Ask your counselors at your school if there are any resources they can point you to including people, organizations, books, websites, etc.
Research any security focused groups (like on Meetup) or conferences that you may be able to attend.
The challenge that I see with this field is with people breaking into the cybersecurity with no practical experience. They understand the concepts very well but when a systems administrator asks, "ok, what do I do to fix this vulnerability," sometimes those people struggle because they never worked on any of those systems. The field is constantly changing too - new threats, new vectors, new technologies, new techniques, new tools, so keeping up with it all can be daunting. A saying that is sometimes repeated in our field is, "An attacker needs to be right only once. A defender needs to be right all of the time." That's a bit exaggerated but some days it feels like that.
I would suggest trying to figure out what you want to do first. If there are cyber security conferences in your area that you can attend or any security focused groups you can join, consider doing that too. Talk to your career counselor at your school and see if they can put you in contact with a resource to help point you in the right direction.
Ken recommends the following next steps:
david kirk
Retired Computing Manager
472
Answers
Syracuse, New York
Updated
david’s Answer
One way to start would be to take a server administrator course at a community college. Most malware goes through network connections and web servers and those are the core of server admin training. That would give you a solid base to start with in pursuing either more education or getting a job as a server admin to gain some experience.
Paul Talledo
Sales
5
Answers
Aiken, South Carolina
Updated
Paul’s Answer
Hello, My suggestion is to use the internet to research this topic. This will allow you to broaden your scope and see what information is out there.
If you are in high school, you may be able to leverager your councilor resources to see if they can help you further with your interest. Can you put you in touch with someone in this field where you can ask them questions or potentially "job shadow". Ravi's answer above is well thought out and very helpful.
Research cybersecurity on the internet.. Research educational and job opportunities.
Meet with your school counciler to discuss your interest
If you are in high school, you may be able to leverager your councilor resources to see if they can help you further with your interest. Can you put you in touch with someone in this field where you can ask them questions or potentially "job shadow". Ravi's answer above is well thought out and very helpful.
Paul recommends the following next steps:
Hi Paul! Do you have any keywords that you would suggest this user look up in order to do more research?
Gurpreet Lally, Admin
Jaime Villela
Cybersecurity Engineer
5
Answers
Dallas, Texas
Updated
Jaime’s Answer
A lot of cybersecurity is built upon network technology so get familiar with network infrastructure and terminology. I think the Security+ certification covers a lot of this. You don't necessarily have to get the cert but if you can find a free course that covers the material it will be helpful.
Bina N
3
Answers
San Jose, California
Updated
Bina’s Answer
I agree with Scott's answer. In addition to Googling and learning about the potential career paths, do participate in hackathons to see if it's something you enjoy.
You can also check to see what courses are available to get formal training and take one course to start out with. Additionally if you plan to make a career out of it, you can look into colleges that offer Cybersecurity as a major and check out what the program covers. Also post questions on forums like LinkedIn to see if you can gain an understanding of what a typical day for a Cybersecurity professional is like.
You can also check to see what courses are available to get formal training and take one course to start out with. Additionally if you plan to make a career out of it, you can look into colleges that offer Cybersecurity as a major and check out what the program covers. Also post questions on forums like LinkedIn to see if you can gain an understanding of what a typical day for a Cybersecurity professional is like.
Roberto Fernandez
Servant Leader Apprentice
44
Answers
Miami, Florida
Updated
Roberto’s Answer
That is a great question ! and by the way Information Security is one of the fastest growing disciplines in the Information Technology fields.
There are many different things Information Security analysts can do. The most frequent activities may include:
1- Designing, reviewing and/or firewall policy changes
2- Using specialized tools and experience to assess proper levels of hardening on applications and systems
3- Using specialized tools and experience to conduct scans and penetration tests (very exciting LOL)
4- Watching for events and alerts then poring over information in order to spot patterns of malicious activity
5- Pouring over massive amounts of collected data in order to perform forensic analysis after incidents (I call this the Infosec CSI and it is very fun)
6- Advising teams on what is acceptable or not regarding certain changes (telling people what then cannot do because is not secure)
This is just a very small list of tasks that are easy to understand for the "uninitiated" but the truth is that the depth in this field is tremendous and it just continues to get better. Overtime you would have made all of those things and more and depending on what your role is and your experience there could be really busy days when you have to do all of the above (and more) during a single day. You will never get bored !
Good Luck !!!
There are many different things Information Security analysts can do. The most frequent activities may include:
1- Designing, reviewing and/or firewall policy changes
2- Using specialized tools and experience to assess proper levels of hardening on applications and systems
3- Using specialized tools and experience to conduct scans and penetration tests (very exciting LOL)
4- Watching for events and alerts then poring over information in order to spot patterns of malicious activity
5- Pouring over massive amounts of collected data in order to perform forensic analysis after incidents (I call this the Infosec CSI and it is very fun)
6- Advising teams on what is acceptable or not regarding certain changes (telling people what then cannot do because is not secure)
This is just a very small list of tasks that are easy to understand for the "uninitiated" but the truth is that the depth in this field is tremendous and it just continues to get better. Overtime you would have made all of those things and more and depending on what your role is and your experience there could be really busy days when you have to do all of the above (and more) during a single day. You will never get bored !
Good Luck !!!
Brett Angel
Sales
2
Answers
Cary, North Carolina
Updated
Brett’s Answer
Cyber Security is always changing. One of the biggest challenges is staying current with new technology. Constantly reading and learning and keeping up with new security algorithms/processes/policies.