Online services like E-Commerce, Online Banking, Food Delivery Apps exist for past many years now, and due to lockdowns in almost every country in the world, their customers and transactions have increased. Apart from buying and selling or transferring money, work from home has seen an increase as well. Like other apps work from home requires a number of apps for sharing the screen, video calls, conferencing etc.
Why Cybersecurity? Why is cybersecurity important?
We have a lot of mobile desktop or web apps, in the market, which provides solutions for the above scenarios, and every day more and more apps are being made for mobile platforms. The way that these things work is by taking details like emails, phone numbers and even payment details like credit card numbers along with their security codes.
Save your time. Learn this in as little as 1 minute.
We’ve got 500+ bite-sized content to help you learn the smarter way.Download the app
Companies behind these apps spend a lot of money on the security of your data and when it comes to financial aspects like payment details, they can't compromise. Despite that, a lot of attacks happen on a daily basis primarily for payment data. Emails, phone numbers may or may not be important to be secured but I am sure that no one will like their payment secrets (card numbers, CVVs) lying around to be picked up by hackers. That’s why cybersecurity is important and cybersecurity experts are in a constant war with hackers out there trying to steal your data.
Cybersecurity Expert? Who is this guy?
Yes, a cybersecurity expert, whom you see in movies working with fancy animated screens, kind of seeing viruses visually and getting red warnings and beeps when a hacking attempt has been made. It's hard to believe, but there is no alarm or fancy animations when hacking takes place, and you have to be vigilant and use tools consistently to detect intrusions. If you want an analogy of a cyber expert's job, it is like a CIA or Mossad or any Intelligence agency agent consistently working behind the scenes to thwart an attack. The saying in the world of intelligence, "You(agencies) need to get successful always but they need it only once" fits exactly to the world of the internet and cybersecurity.
Umm…Alright, Kind of Impressed, how is it different from other IT jobs?
Ok, good. By now, you must have understood the crucial task of a cybersecurity expert in securing an infrastructure on which the whole ecosystem runs. So now the next question is, 'how to become a cybersecurity expert?' and 'how to get into the field of cybersecurity?'
In colleges and institutions, the focus is usually on software development. They rarely have cybersecurity-related courses. Cybersecurity experts are mostly made outside the bounds of colleges as the gap between industry and college education is huge. Mostly career path in cybersecurity is not clear for students.
Moreover, due to breaches after breaches in banks and other institutions for financial and other data, the need for cybersecurity and experts has gone up significantly. The current pandemic has also helped in a number of online transactions, which has opened new doors for hackers and cybersecurity experts alike.
Now that we know what a cybersecurity expert does and how important it is, let us see why cybersecurity as a career path is a good choice.
1- Unlimited Growth:
As mentioned previously, hacking attempts are consistent so preventive measures have to be the same. A cybersecurity expert is limited only to his learning. You have to accept the fact that you will have to keep learning when you chose IT as a career path, and if you are into cybersecurity, this matters most. The more tools you learn, the more valuable you become.
2- Set your own style:
In this field, you are not bound to some programming language semantics. You are the one who will have to figure out how to protect a server or network. What tool you will use is up to you. There are two sides to it. On the one hand, it gives you full autonomy, but on the other hand, you are responsible for a whole infrastructure. Apart from that, there is no do once apply everywhere or everyday rule. In fact, there are no rules, and tactics can change on a daily basis. Remember that CIA thing written above, right?
3- Real and Instant Effect:
You don't have to wait for a market response like in the case of product development. Whatever the IT infrastructure is, you just have to make it secure, and any effects on security have immediate effects on the organization as well as their customers. Here your work is much more real than predicting any market response for a product or service.
4- Variety and Learning:
A new firewall in the market, I should learn it. A new malware detector, I can't wait to check it out. Sounds like you? Welcome to a world where you will never be short of learning opportunities and learning never really stops here, literally. In my current job, although it is not security-focused, I keep learning things about firewalls, their never-ending updates and different internet security suites.
Ok, Fair Enough, you have me in, what should I learn for a cybersecurity career?
I feel that the above reasons are enough to compel you to the cybersecurity career path, let us see what skills do we need for cybersecurity.
Before going into the details of what is exactly needed, I will repeat one thing. The “skill” of updating yourself consistently with new advancement is really the primary skill here. Without that, it doesn't matter how many technologies you master once. If you are not updating yourself, maybe a less qualifies hacker may pose a threat to your security infrastructure.
Cybersecurity is a broad field and the skills needed are really specific to what you are going to secure. For example, you may be hired as a network security expert or a database security expert. In this scenario, if you are a database security expert, you should have a good knowledge of network security, but vice versa is not that strictly required. However, it is always good to have extra knowledge with your core expertise.
Still, there are some very basic things you should start with.
1-Knowledge of Server Operating Systems (Linux, Windows)
2-Knowledge of Networking basics like web filtering, IPS, proxy, firewall, APT detection, next-gen firewall, email filtering
3-Knowledge of hardware devices like switches routers
4-Good knowledge or preferably certification (with practical knowledge) in firewalls
5-Other security tools for endpoint security (Desktops, Laptops, Mobiles)
6-Encryption and Decryption Algorithms
7-Basic programming knowledge or at least the understanding of it.
8-Understanding of testing for intrusions like penetration testing
9-knowledge of database attacks like SQL injection attacks
10-Knowledge of generally known attacks like email phishing and distributed denial of service(DDoS) attacks.
There is no limit to what you put in basics, but these are the things that will provide you with a head start.
Got it, Have my basics clear, Now what? Certifications?
These topics are a base for all the advanced things you do or the terms given here will be used often in advance scenarios. For example:
As it is already told that cybersecurity is a wide field and you can’t do everything on your own. For example, you can’t take care of an organization’s security all alone. You have to start with one area like Server Security or Network Security.
Whatever field you choose, getting to the details of that field and preferably get certifications. If you choose network security as your field of choice to move ahead, try taking a CCNA certification This will introduce you to some fairly advance networking concepts and in general, if you don’t know what to secure, well the security will always be questionable.
There are different opinions about certifications, but I think any certification gives you two things. The first is the course content, and the second is the certificate. How seriously you follow a course is up to you. The certificate may or may not be important according to some opinions, but it does provide you with a gate pass for an interview and for sure it gives you an edge over the candidates who don’t have any certification at all.
Remember, I want everything step by step.
Good so let us organize certifications accordingly:
1- CompTIA Network+ and CompTIA Security+
2- Cisco CCNA or CompTIA CySA+
3- CompTIA Linux+ and/or CompTIA PenTest+
1- CompTIA Network+ and CompTIA Security+
I would say that you should start from certification of CompTIA Network+ and/or Security+. In the event that you are new to the online protection field totally, going for the Network+ first would be useful and a decent utilization of time. It would likewise give you a strong establishment for your profession. In case you're self-contemplating and not joined up with a preparation program, I think you certainly should go for the Network+ first to make sure you can construct that fundamental information. Network+ provides you with the basics of networking concepts like switches routers, protocols as well as cyber-attacks. Moreover, if you don't have CCNA certification, Network+ covers all the required topics for the next certification that is Security +. If you decide only to go ahead with Security+, it is already understood that you are well versed with the networking concepts.
2- Cisco CCNA or CompTIA CySA+
If you have your CCNA certification, you can skip this one and move ahead to the next step with having the CompTIA Security+, or if you are confident that you with your knowledge cover all the topics in Security+, you can directly go to step 3.
IF not, or you chose to have a CompTIA certification as well, you can go for CySA(Cybersecurity Analyst). It is placed after Security+ and covers threat management and vulnerability management in the network infrastructure. In the exam, it requires a solid understanding of Security+ and its own topics, be prepared for it accordingly.
3- CompTIA Linux+ and/or CompTIA PenTest+
Linux is one of the most widely used operating systems due to its low maintenance cost and some default security features. Yet attacks happen. So a certification in Linux is always valuable. Linux+ provides certification in Linux and validates your skills in Linux. PenTest+ is another certification that provides knowledge and validation in the area of penetration testing. Although PenTest+ can’t get you a job in the area of penetration testing, its concepts will certainly help you in our next step that is intermediate level certifications.
Good, Any Idea about intermediate or advanced ones?
Yes, what you saw were basic level certifications and knowledge you must have. CompTIA is a well-known organization for its certifications, but you can find your own equivalents. From here you can choose intermediate level and advanced level certifications depending on what you want to do.
For example, you can decide to go in Ethical Hacking way and do the CEH (Certified Ethical Hacker) certification or you may decide to be a penetration tester or be a black hat professional and go into offensive security by earning an OCSP (Offensive Security Certified Professional). OCSP follows an offensive defence strategy, which means you will be identifying threats and attacks pre-emptively and mitigating them, you don’t have to wait and defend only.
Now I am interested in what positions I can hold. Any cybersecurity job description you have?
Definitely! Now that we know a lot about what are the benefits of learning cybersecurity, the question why learn cybersecurity provides a good answer and that is-
A great career aspect where your decision matters, what you say and do has a direct effect on everyone and that too, almost instantly. With all that information it will be interesting to see the career opportunities of cybersecurity because that is the whole point of doing all these certifications, isn't it?
If we see the networking field, there are the following profiles you can target, and I will try providing them in a way that you can see them step by step.
1- CyberSecurity Technician:
This is an entry-level position, and you have to be Jack of All Trades in it. You will work under Security Analyst and be given low-security threat type issues to understand the infrastructure as well as the type of attacks an organization faces. Post name may change organization to organization.
2- Cybersecurity Analyst:
Security analyst, as the name suggests, analyses the most efficient way to protect servers, computers and other devices. He creates a plan for security and uncovers security issues in the department. He makes sure that security solutions being used are up to current industry standards.
3- Cybersecurity Administrator/Manager:
Here you have admin-level rights for most of the hardware and infrastructure, and you are responsible for the maintenance as well as the security of it. Generally, you will be creating firewall rules, seeing any network vulnerabilities and fixing them before they turn into bigger issues. You will be collaborating with cybersecurity analysts in order to identify vulnerabilities and take action accordingly.
I want more options and their description and salary and …..
As I told earlier, cybersecurity is a wide field, and career choices are even wider. It is hard to explain each and everything here in the text so, I have found a very nice map which I will link, embed here. It is interactive with complete details of a category (Network, database and so on), their positions, paths, salaries and responsibilities per position.
Please feel free to interact and get complete formatted details of each path. Thanks to cyberseek.org guys for creating such an interactive map.
Alright, I will go through the map and decide which way to go.
Cybersecurity has the two key strategic focal points for a solid career: Low to no joblessness and strong remuneration. Furthermore, on the off chance that you pick this way, you'll generally have space to develop. You'll ceaselessly be learning new aptitudes and attempting to see new advancements. New difficulties will keep springing up and you'll be presented to a huge number of new individuals, circumstances, and openings.
You'll never be exhausted as new riddles should be addressed, and you can generally be pleased in light of the fact that your work will positively affect the advanced and actual world.
Our blog would have surely answered some of your burning issues regarding choosing the path of cybersecurity. But nothing beats the one-on-one exchange of ideas, queries, guidance and thoughts with a skilled professional. We have streamlined this process with our micro learning app- KoolStories, where skill communities of like-minded people make knowledge transfer fun, interactive and real.