Five Skills for New Cyber Security People

Recently, my ambition to work in the field of cyber security has been under a bit of pressure. I’ve been struggling as just how to connect the dots and make it really happen.

Changes at work have developed my role but I’m no closer to any formal cyber security brief. Sometimes it feels like a fortress I just can’t break into.

So, I thought this skills list might be useful.

Firstly, I want to introduce you to the unsavoury reality that I’ve come across when trying to answer the question – how do I get into cyber security?

The Established Path – join an established network team as a small child and get through all your Cisco qualifications around networking. Bugger around with corporate firewalls. Have an in-depth and practical knowledge of the OSI model, packet-switching and ports.

If you know the guy below from the TV series The Office – you ‘ll know what I mean.

sddefault

Job done.

You are now the kinda candidate everyone seems to be looking for. (Women, career-changers and anyone who didn’t follow the networking route need not apply).

Apologies if that all sounds very gloomy but that’s just sometimes how it feels – as I said when I started this blog – they don’t make it easier.

And, talk of new digital apprenticeships won’t mean much to the many career-changers I’ve spoken to. Being super-cynical, I’d say they’re just enough to enable the industry to say ‘we’re doing something’ but not enough to threaten the premier status of many in the industry establishment.

Enough of this gloom – following my career research – here are 5 key skills I’ve come across. If you are looking to get into cyber security, if you don’t where or how, then focusing on these will give you a good start…well, that’s the plan at least. These are presented in no order

  • Application Security – I remember reading somewhere, might have been on CBeebies, that 90% of vulnerabilities are within applications themselves. With that in mind, I suggest a grasp of a least one programming language a good starting point. You need to understand the critical structures in object orientated programming. Add to this the software development cycle and testing. Me, I’m learning Java on my course next year.

 

  • Web Stuff – Scripting languages – we all love them – HTML, CSS and Javascript. Building blocks of the world wide web. Plus, how web services are deployed and provisioned. For me, getting to grips with these areas in 2018-2019 is going to be a key challenge. Like it or not, the web is at the centre of many security challenges.

 

  • Stay Awake in Your Network Classes – you don’t need to be able to work out a subnet mask or an IP address in binary but the bit around the OSI model and that dusty MS networking book you were given are far more powerful and important that you might have realised. They underpin pretty much everything in modern computing. I’ve studied this stuff – I will be revisiting it. Virtual ports and all that jazz – a critical area in my opinion. Remember, you don’t need to be able to program in machine code but you do need to have a good understanding of what goes where in networking.

 

  • Talking Cyber Security in Business – now, I’m not expert but I kinda the feeling that the rule of the network teams is coming to end. The industry is going to need a broad sweep of tech-savvy business folks. Training and education are going to be challenges – us career changers can help there. We know that jungle.

 

  • Cyber Security in Your Pants – well, not literally, I’m just making the point that it is becoming part of so many jobs from access management through to vulnerabilities to new websites. Be curious in your current role. Find areas where you can put your cyber-sec hat on and start investigating. I’ve found vulnerabilities in websites, applications – all sorts of places. It might not be in your job title but make that effort to support yourself and your company by being an extra pair of eyes. Read widely so you know what to look for you. I’ve also found that you don’t need to understand all of the technical details to be able to expose vulnerability. Just think a bit differently, dig in a different area – look to prove that something could be done. For example, if you’re looking at injecting hostile code – it could just be pseudo-code – doesn’t have to be real, just proving that you can get it onto another machine will prove your point.

OK so that’s my take. I’m going to continue working on my dream now. I’m officially half-way through my computing degree, I’m building the kind of experience I need to, I just need a bit a luck to get to where I want to be…..

Cheers

Sean

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s