“Ethical Hacking”, “Cryptography”, “Network Analysis” and “Penetration Testing” are some of those hot words that have been around the digital space for quite some time now. Starting out in a field like this may get as confusing as it is interesting. For starters, “Information Security” and “Cyber Security” are terms that are often interchanged commonly; however, although they are similar, there is a principle difference between them — Cyber Security, the slightly specialized subdomain, is a subset of Information Security, the more generalized domain. Here’s an absolutely artsy piece we created using Microsoft Paint that helps illustrating this simple fact:
Cyber Security: The “What”
From organizations, to small businesses, to an individual digital being on the internet, everyone has their personal data stored on multiple devices or platforms. This data, most of the times, is confidential in nature and hence comes the need of security. This is where cyber security comes in, as the protection of personal data, computer networks, systems, hardware and software in the form of policies, rules, regulations, physical security and breach-prevention software.
Cyber Security: The “Why”
According to the International Information System Security Certification Consortium (ISC)² Cybersecurity workforce study, the total skilled personnel needed to cover the skill gap is estimated to be around 4 million. Also, the field is highly rewarding for the worthy. As per PayScale, the average salary for a Cyber Security Analyst is $76,603 and can go up to $200,000 for experienced professionals working as Senior Cyber Security Engineers.
Cyber Security: The “How”
Cyber security attracts many people from different fields, but knowing how to get started can be challenging. Here are some of our recommendations on how you could get started:
Before securing something, we need to have a basic understanding of what we are going to secure. Some basic concepts of networking such as firewalls, TCP, UDP, routing, IP etc. are a must to understand. Mastery in these subjects can be gained through free educational portals such as Udemy and YouTube. After getting a considerably good hang of the networking basics, you can prepare and appear for the Cisco Certified Network Associate (CCNA) or CompTIA Network+ certification exams to get accredited.
After learning the basics of networking—and optionally, programming—the next step forward is to get your hands dirty. Start by learning Linux through gamified platforms such as OverTheWire. Next up, start doing easy-level “Rooms” on TryHackMe. A A Room is a virtual space within TryHackMe where you can learn relevant skills through CTF’s, challenges, guides or walkthroughs. You can think of these Rooms as mini-security-labs which offer you connection through OpenVPN. Some Rooms on another platform such as HackTheBox can also be complemented with increasing difficulty levels on TryHackMe. Training on these platforms can prove to be extremely beneficial for beginners as well as seasoned professionals due to constant introductions of the latest topics and refreshers of the basics. Although, these trainings are quite sufficient to get someone started, Capture The Flag (CTF) competitions should also not be overlooked. These not only help people expand their learning horizons but also give a competitive spirit and some prizes for the winners as well. To track live CTFs or to sign up for new ones, CTF Time is a portal that might be of great help.
Apart from just the above, cyber security is a huge domain in itself; there are a great many professional profiles working under the domain such as Web Application Security Architect, SOC Analyst, Penetration Tester, Information Security Manager, Chief Information Security Officer, etc..
In the world of cyber security, certifications are considered crucial due to it being one of the only few gauges of the measurement your skills for a potential employer. Getting certified will not only help gain a deeper and potentially more practical understanding of the cyber security clockwork, but also prove your worth to a potential employer. With enough hands-on training and theoretical knowledge, you can attempt certifications such as:
- TCM Security’s Practical Network Penetration Tester (PNPT) – A fantastic course that is purely practical and has no certification expiry; brought to you by one of the most wonderfully delightful and considerate mentors (Heath Adams from TCM Security)
- eLearn Security’s eJPT – Another purely practical, and lately up-and-coming certification for beginners, with free training and no certification expiry!
- EC-Council’s Certified Ethical Hacker (CEH) – A popular, theoretical certification that is considered a standard criteria for many hiring processes, but should eventually be replaced by other, better, more practical certifications. The CEH certification expires after three years of acquiring it
- Offensive Security Certified Professional (OSCP) – Another popular certification, however, this one is fairly respected within the cyber security community as it is a completely practical one, and is created by the very people that brought you the Kali Linux operating system (distribution)! The OSCP certification is considered one of the more difficult ones among this list, and has no certification expiry
There are many such certifications of diverging subdomains within cyber security and various levels of expertise. While, of course, these are some of the currently well-known and sought after certifications, we highly encourage you to conduct your own research to find out what the best path of certifications would be for you.
Cyber security is an intriguing and exciting field that rapidly updates by the hour, and if you are an individual that finds it fascinating enough to pursue as a career — you absolutely should! We hope you found this article informational enough to take your first step in helping secure the universe; one machine at a time.
We wish you all the very best on the exciting white hat journey ahead of you!