Getting Into Cyber Security: 5 Skills You Need To Learn

We are going to learn about the top 5 skills that you need to be learning to get into cyber security. If you are new to the field or looking for a career transition, there’s just so much information out there that it’s hard to even get started. You might hear people talk about an alphabet soup of certifications to take, but we are here to tell “they are not that important”. While there are some value going through the process of studying for certificates, what are important are your skills and experience. Because in this field, what you can do will make you so much more successful than what you know. Solving technical problems is the way to earning the trust and confidence from people you work with. Buckle up and let’s dive right in. 

 

Building & using virtual machines: Virtual machines, also called VMs are operating systems that run on top of your existing or “host” OS. The virtual OS is commonly referred to as a “guest”, and is managed by software called a “hypervisor”. The hypervisor lets you manage and allocate resources like CPU, memory and disk space on your guest. Popular hypervisors you may have heard of include Hyper-V by Microsoft, Virtual box by oracle, VMware and KVM. Often times when you hear the term “cloud” it usually means thousand of VMs running on specialized hypervisors on someone else’s server farm in a data center somewhere. Virtual machines let you become platform-agnostic meaning you’re no longer limited to any particular operating system and tools available for it. Many people spend all their time just on one OS and debate which ones are better – actually it doesn’t matter. As you are a pro you should be versed in all of them and comfortable working with any platform. This maximizes the scope of your skills and makes you effective in any situation. Virtual machines also give you the flexibility to train and research in an isolated environment without affecting your main driver. You can quickly take snapshots of a guests OS and restore it to an earlier state. Opening a suspect file you received? Use a VM. Want to practice configuring a server? Use VM. Slinging exploits at a target? Use VM. 

 

 

 

Learn the command line: Don’t run away but embrace it. The command line interface, commonly referred to as a SHELL, is the simplest and arguably the most efficient way to interact with an operating system. Running a large file may crash it but running a light weight shell command gives you what you need in no time. Why’s it called SHELL? The important part of an OS that actually makes it run is called kernel, because it functions at the center of the system. The part that’s exposed to a user is called the shell, since it wraps around the kernel. It’s just like a car, where steering with pedals and dashboards giving you control over the engine or transmission all exists in the “shell” of the car. The command line gives you the lowest level access to software functionality that comes with an operating system. Many of the most useful tools don’t have a graphical interface to point and click. Mastering in the command line expands your arsenal and lets you get more done with less. It lets you be able to use scripting and automation to tackle repetitive tasks that would otherwise waste lots of time. Automating your workflow by learning the command line makes you a tremendously valuable asset to the team. We recommend starting out with “bash” or “the bourne again shell ” since it comes default with almost every Linux distribution. Mac OS used it in its terminal app but has since changed to Z-Shell and has some nicer features. If Bash is like a Toyota then Z-Shell is more like a Lexus. Bash is so popular and effective that Microsoft actually released the windows subsystem for Linux or WSL and lets you install several different flavors to use bash as a native app. This is super convenient since we can access most of the Linux tools without having to switch to a virtual machine. Now understand the Powershell is actually the go to native shell for windows. It’s very different from how you would use the Linux command line but gives you a ton of powerful windows administration abilities. If you work in an environment where windows is primary OS, definitely learn powershell  as well. 

 

System Administration: All of us with a computer of Smartphone from your grandma to IT wizard is a really system administrator at some level. It all depends on what level you are at. System administration involves in the configuring and maintain of computers whether a personal device or hi powered server. System administration is about knowing your platform and various tools inside and out to be able to help others who don’t. Whatever your skill, I challenge you to fiddle around and learn by doing. Delete some files and recover them. Download open and monitor old viruses in virtual machines with tools like windows system internals to see what they do. Try to extract files and passwords off a computer without knowing login info. Whatever it is push the limits of what you already know by reading guides out there and following along. 

 

Computer Networking: This is the heart and soul of it all what I like to call the cyberspatial “laws of physics”. It understands how devices interact with each other and how data gets from point A to point B. A strong foundation in networking will make you rock star troubleshooter, whether you’re a red teaming, defending or running day to day IT ops. There are two conceptual models that govern computer networking: TCP/IP and OSI. They group all your different networking and telecommunications protocols into layers. TCP/IP is older and uses four layers: Network Access, Internet, Transport and Application. OSI stands for the Open System Interconnection which is developed by the international organization for Standardization or ISO. These guys define everything from country codes to time and date formats. OSI is newer and uses seven layers:  physical data link, network, transport, session, presentation and application. All these layers are just a way to describe “what’s happening where”. So if you are receiving a package from someone in a different country then going to pass between envelops boxes vehicles and planes each with their own addressing method and operating procedures. When the post office tells you there’s and airline issue, you know where it is in the transportation system that’s delaying your delivery. Likewise the networking layers all have different functions but as a whole work together to let you stream videos from a server in a rack to a device in your hands. Knowing what’s happening at each layer lets you “see the matrix” and be much more skilled your craft. 

 

 

Personal Digital Security: This is an area I’ve been particularly passionate about because it affects our families, friends and organizations. The cybercrime industry is booming. You don’t have to scroll far to see what the online black market place looks like. As technology becomes more inter-winded with our lives from internet connected cars to refrigerators, the vulnerabilities and attack vectors are going to increase more and more. If you want to go to deep into cybersecurity there is no better place to start than with yourself, from passwords encryptions to secure communications stay up to date with the latest security news and best practices. You might be the subject matter expert in your office that others go to for advice and that advice might just protect your company from becoming front page news. But most importantly is living it out you as well! You wouldn’t believe the number of times I’ve seen cyber intrusions originate from security operations or IT department simply because people didn’t understand or practice basic digital hygiene.