Learning Cybersecurity
Cybersecurity is a huge topic ~ where do you start?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.
🔒 Related Stories: Cybersecurity | AWS Security | Appsec | Secure Code
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This is a compilation of some of my post that might help someone who is trying to learn cybersecurity. Cybersecurity is a huge topic with many different paths to explore.
In my case, I started learning when I ran an e-commerce business, experienced a data breach, and started trying to learn cybersecurity any way I could.
First, I started reading books. I’ve reviewed some books on this page, but I also wrote my own book which a primer on cybersecurity at a high and fairly non-technical level. Cybersecurity is really about risk management. I like to say, “How many chances are you giving the attacker?” You’ll never plug all the holes but you want to plug as many as you can, and be able to effectively monitor what you need to leave open.
It’s also a good idea to understand how threat actors operate around the world and locally. The books I’ve reviewed include a lot of different aspects of cybersecurity and my own book sums it up at a high level. Although it the title is “Cybersecurity for Executives in the Age of Cloud” it could have been “An Executive Summary of Cybersecurity in the Age of Cloud.” I’ve had experienced security professionals and developers read it and give positive feedback, so it’s not only for executives.
Back when I started out, there were few training options, but I ran across SANS Institute and ultimately started following and reading their newsletters. Then I went on to take some classes there and get some certifications. I have some of the certifications I got listed on this page, which also includes information on getting a job in cybersecurity or recruiting cybersecurity professionals. There’s no paywalls on those stories, by the way. They are all free for anyone to read.
When you’re learning cybersecurity part of it is how to think about cybersecurity. It’s not about hacking into systems or changing firewall rules. It’s about designing systems that meet business needs to get business done while protecting business assets. In addition, cybersecurity is not about buying a product, setting it up, and you’re done. It’s a matter of constantly revisiting your configurations, monitoring what the attackers are doing, and adjusting accordingly.
When you design your systems you need to think about how you can design them in a way that they are manageable. Sometimes there are a myriad of things to configure and how will you make sure things are configured the way they are supposed to be? If you are working at a company with tens of thousands of developers, how will you ensure they are all abiding by the corporate standards and compliance rules? How will you make sure the security team can see all the logs and the logs have what they need in them if a breach occurs?
Here are some posts along those lines:
If you want to be on the technical side of defending and attacking networks, you will want to learn cybersecurity fundamentals. I’ve written some posts that dive into some of the fundamentals of cybersecurity that might interest you.
If you want to start learning networking and how to look at logs from a security perspective and design effective firewall rules, I would recommend setting up a home network. I have some posts on doing that with pfSense and a UDM Pro. I’ve tried other products and these are the ones that fit my budget and work effectively at the moment for a home network. Every network device is constantly under attack so watch for vulnerabilities and keep your software and firmware up to date. If you cannot afford these devices you can use an open source version of pfSense on your own hardware.
If you want to learn Cloud Security and AWS Security, I’m working through a whole series on AWS Security here. I’ve had a few fits and starts as I worked through the issues of setting up a security cloud environment. I also have a free open-source code repo associated with these posts. You will learn not only how to write the code but how I troubleshoot problems and think about how an attacker might get into my cloud environment. Ultimately I want to get to the point where I’m automating cybersecurity metrics in this environment but there’s a lot of ground to cover.
If you want to set up a website on AWS and secure your GitHub repositories I have posts on that too. Everything is always a work in progress so you may be reading this before it’s done.
If you want to be a penetration tester then check out these posts. Penetration testing and security assessments are something I do for a living, but I recommend starting on the builder or securing side of cybersecurity before moving into penetration testing to be a better pentester. Understanding how things are built and managed will provide you better information to perform useful attacks. Also, I’ve simply written much more about security things than attacking things to date, but I have more posts on penetration testing coming after I work through my AWS account and web site setup. How many stories you see depends on where I’m at by the time you read this.
I hope those resources are helpful to anyone trying to learn and get a job in cybersecurity. Even if you aren’t working directly on the cybersecurity team, these stories will provide a better understanding of how cybersecurity works and what your security team is worrying about when they won’t let you do that risky thing you are trying to do. If you have a home network, you will be more secure at home and better protect your bank accounts and other people’s systems that may be attacked by your firewall. Understanding cybersecurity may help you better protect your business and if you are allowed to vote for elected officials in your country, you will be able to make more informed decisions when cybersecurity topics make their way into politics. If you plan to work for a large corporation or the government, you will be able to help stop insider threats and espionage that can harm your organization.
If you need more help, I have some services listed on LinkedIn at https://linkedin.com/in/teriradichel and on the home page of this blog: https://medium.com/cloud-security.
Happy reading and learning!
Follow for updates.
Teri Radichel | © 2nd Sight Lab 2023
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight LabNeed Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for PresentationFollow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
