How to get into Cyber Security | Penetration Testing | SOC Analyst | GRC

How to get into Cyber Security | Penetration Testing | SOC Analyst | GRC | Career Training

Рет қаралды 833

Күн бұрын

Want to know how to land your first job in Cyber Security?
After 25 years of working in IT an Infosec, I've found that you need to choose one of these three choices if you are looking for your first entry level job.
3 paths that you need to pick from:
1. Offensive Security
2. Defensive Security
3. Security Auditing
I'm not saying these are the "only" routes that you can take, but I'm narrowing them down into these 3 categories. Let me explain.
For someone getting into Cyber Security, the playing field is very large. Knowing where to start, who to talk to, and which direction to go can be very overwhelming and can tend to scare people away.
Choose a path and develop skills around one of these specific paths and it will set you apart from others who are trying to break into this field.
Let me give you a brief of each path.
1. Offensive Security
Penetration Testers (often called Red Team) are the offensive players in security. They find vulnerabilities, holes in networks, bugs in applications, and basically try to find vulnerabilities before the bad guys do. The risk of vulnerabilities is communicated to the business, as well as advising on mitigation techniques and helping them understand the possible impact.
If you choose Offensive Security, you need to setup labs and learn industry standard tools such as (but of course not limited to) Nmap, Kali (Openvas, Metasploit, other tools within). Learn to use know how to use these tools inside and out. For application penetration testing, learn what OWASP is, learn how to use Burp (by Portswigger) and study the OWASP testing guidelines. These things by themselves do not make you a penetration tester, but if you dive into these tools, learn how they work and the language around them, you will have a great head start as a penetration tester. All of the tools I listed above are free.
2. Defensive Security
Defensive Security (Blue Team) is of course the defensive side of security. Learn how to watch for anomalies, detect intrusions, etc. This type of work typically consists of working with in a SOC (Security Operation Center), where you will be part of a team helping protect digital assets.
If you chose Defensive Security, start diving in by learning network packets. Learn how to "read the wire", meaning using tools such as Wireshark and being able to break down packets and understand them. Learn about different SIEM (Security Information and Event Manager) solutions. I also started years ago by installing tools such as SNORT, OSSIM, OSSEC, and others. Get familiar with what Splunk is. This won't make you a pro, but it will give you the knowledge, language, and some know-how of blue team.
3. Security Auditing
I will be talking about this is my next video
Those aspiring to get into this field, reach out to me for help or advice.
Those already in the field, please chime in.
#cybersecurity #informationsecurity #infosec

Пікірлер: 13

@rebeccavalentine7657 Жыл бұрын

Thanks for this! I started out being interested in the blue team, but then I started to learn the basics of pen testing just to be more knowledgeable. But now I find myself inclined towards the offensive side rather than the defensive side. Lol. Torn between the two!

@mikemillercyber Жыл бұрын

Both of them are good paths. There is no wrong way to go. If you go into defense, it will later help you on offense because you know how defense works. Also, vice verse.

@tubetrollin Жыл бұрын

Love it Mike! I'm working on the transition to cyber and really struggling to figure out where my skillset plugs in best. Looking forward to these videos.

@mikemillercyber Жыл бұрын

Thanks! I can seem tough but it’s worth it. Reach out anytime. What has been your toughest struggle? Picking a path?

@patrickessien6159 Жыл бұрын

@@mikemillercyber Picking a path. Because different people advise differently. For people like us transitioning into cyber security space. We just jump at anything that looks cyber security. Without a definite structured path in mind. That's where we need mentors like you to follow

@tubetrollin Жыл бұрын

@@mikemillercyber Picking a path is probably the biggest thing. It's difficult to look at all of my skills and determine the roles where I'd add the most value that I also might enjoy.

@BlueeBubble 9 ай бұрын

It's extremely hard right now even with the right resume as most 'entry' jobs are level 2/senior or above and no one hires this time of the year.

@mikemillercyber 9 ай бұрын

Understood. Keep getting yourself out there. Networking events, other social platforms, etc. I wish you the best!

@patrickessien6159 Жыл бұрын

Thanks, Mike. I have gone through an internship on the Red teaming path. But, My background is in Electronic security protection ( Cctv, Access control time, and attendance solutions, Íntruder detection systems, Fire Alarm). Sometimes I do fill like the offensive path is not for me in as much as I am very technically inclined. What do you advise I focus on?

@mikemillercyber Жыл бұрын

Let me ask, what is your passion? Do you find that you are more interested in red, blue, or GRC? It really comes down to that. If you are passionate about what you do, learning will come along with it.

@patrickessien6159 Жыл бұрын

@@mikemillercyber I like to keep intruders out and protect my client's in the best possible way. That's what I have done in the last 22yrs of my career.

@mikemillercyber Жыл бұрын

@@patrickessien6159 sounds like blue team to me !!

@patrickessien6159 Жыл бұрын

@@mikemillercyber Thanks Mike, I will just stick to what I know how to do best. I will use the knowledge acquired from the Red teaming internship to enhance my defensive learning and skills. I follow you on LinkedIn and always look forward to your post and videos. Waiting for the next one.