As left in the previous blog, we simply introduced the concept of cybersecurity and its importance. There were a number of unanswered questions which we will be discussing here. We hope to give you the best explanations for those questions.
“Anybody who is imitating somebody else, no matter who it is, is heading in the wrong direction. It is impossible to become like somebody else. Your only hope is to become more fully yourself”.
– Jon Kabat-Zinn
First, have a look at the above proverb. As it seems fascinating that considering being a cyber-expert is awesome or cool. But in reality, it is much more complicated to understand security concepts. In the present situation, most people have electronic devices like mobiles, laptops, and so on. And with unlimited internet supply, they spend a lot of time in it. With good or bad luck whatever you prefer, they stumble on a youtube video titled “how to hack Facebook” or “how to hack any PC or android devices”. Now the fun part starts, even the guy who does not have simple background knowledge of computer finds it amazing, which of course is if done by some experts who really have mastery on such field. This noob guy suddenly becomes an expert and tries out without knowing any consequences. And boom, it backfired, his pc got infected by viruses or worms. Because uneducated expert installed some plugins or third-party applications. Now the bad part is his PC will be controlled by someone else who successfully managed to install backdoors. There is another case, some guy with basic knowledge could manage to bypass some security weakness. Now, he shows off his skills to another friend. His friend got interested and asks him how he did it. The guy who cracks does not have a full idea about the process but to show his importance, he will explain some concepts which will be beyond the understanding of the new guy and now he is lost. as a matter of fact, if the new guy wants to really learn about cybersecurity but due to poor guidance, he finds it much more complicated than he expected.
What we are implying here is do not listen to others if you really do not idea about this field. Listening to others makes you feel you are worthless and they are cool. Do not let this type of thinking to have room in your mind. We are not going to lie, in our initial days, we also used to have the same mentality. Watching others doing cool stuff like hacking, gaining access to someone else devices, etc. made us feel like this field was never meant for us. But with technical education background and studying a lot of books with practice we made it possible. If we did manage it, we believe you can too. If you are from the computer science field, you probably have covered most parts of cybersecurity. But if not, we are here to guide you on what needs to be done.
For Non- Computer Science
There are few academic courses you need to be familiarised with if your background is other than Computer Science or IT. You do not have to memorize all the contents of whatever you are reading. But make sure you understand major core concepts and terms. Without it, you will again be lost and it will be really difficult to grasp the content and enjoy the sap of information. Below are some courses we recommend you study before you start cybersecurity.
1. Operating System
You might be wondering why we need to study operating systems while we are using them daily. Well, there are various operating systems like Windows, Linux, and macOS. Each operating systems have different functioning and their working mechanisms differ from one another. It is required to be familiarized with each of them. For example, in windows to view systems(boot file), we need to go inside system32, while on Linux we have to navigate to /boot/EFI/grub. Always remember to learn from scratch. Furthermore, knowledge about processor and user modes is compulsory. It includes other concepts like deadlock, concurrency, Memory types, and performances, and so on. Studying more about different operating systems helps users be familiar with the application and environment where they are and will be working.
Image credit: Wikipedia
2. Computer Networks
Without a proper understanding of computer networks, it is never best to study cybersecurity. The more you cover computer networks, the more it increases the horizon about cybersecurity. The core keywords like ports and their numbers, filters, flow control, TCP/UDP protocol, DNS protocol, routing, firewalls, web/mail server, and so on play a very important role in comprehending computer networks. Without having an idea about which services require which ports, why and how questions of firewalls, where questions of various protocols used in networks, one cannot understand the tools used and their implications in cybersecurity. Therefore, we strongly recommend you study computer networks.
Image credit: https://online.visual-paradigm.com/diagrams/templates/network-diagram/network-security-diagram-template/
3. Software design and testing
This one of the difficult courses taught in the Computer Science field. Why do we need to study it? Well, you might have heard that before the software is released to the public, it will be tested by software developers to fix bugs and errors. The cyber experts make sure that software will ensure users' data security and most importantly data related to finance are crucial. Those type of data determines the future of the company. If hacked, the company bears heavy loss and will lose trust from the public, and ultimately, software fails to grab the market. Each phase of software development has a specific purpose and responsibilities given to each team are different but it always depends upon one another to make the final prototype. hence, understanding software design and its cycle is very important because the final part of the software development cycle is maintained by security experts. They perform penetration testing under a white box environment. After security experts declare the safety
and bug-free report, the software is ready for launch. Below is shown which phase requires more attention.
Image credit: https://www.ptsecurity.com/ww-en/analytics/knowledge-base/how-to-approach-secure-software-development/
4. Programming languages
Languages like C, C++, python, etc. are very important in cybersecurity. Because everything you work on is developed by using some kind of language. Understanding how they work and their intended purposes help cybersecurity helps to mitigate cyber threats. For example, millions of users visit Facebook per hour. What if the bad guy did DoS attack? The attacker sends unlimited requests causing the server to accept no more requests and the user cannot access Facebook. Thus to prevent such attack it is required to have programming knowledge. Furthermore, you might have to write your own code in order to fasten your work while pentesting. In such a situation languages like c and python comes very handy.
DOS ATTACK
5. Cryptography
Studying cryptography is crucial for every security expert. The concept of coding and hiding messages from third parties is drawn from cryptology. It ensures secure communication between sender and receiver. In the digital world, there are many bad dudes trying to decode and listen to others' personal messages, texts, conversations, and so on. To protect from this, cryptography encrypts the data and sends it to the receiver and only he/she can decode the messages.
The concept of public key and the private key is required to understand the foundation of cryptography. Mathematics is also required. To address all about cryptography here will be complicated so, we will explain it in upcoming blogs.
6. Software and hardware Security
Software security is a kind of computer security that focuses on the secure design and implementation of software while hardware security focuses on securing computer components like hard drive, processors, mouse and keyboard, and others. Software defects are the root cause of security problems and software security aims to address these defects directly. The problems caused by software hampers hardware. Firewalls and anti-viruses software are major focus points that attackers seek to bypass. Because the defense is broken, it will be easier to crack or hack other applications. This in turn leads to malfunctioning of hardware. Crash dump is an example of software and hardware weakness. Thus, it is best to learn more about hardware and software security.
These are necessary requirements for a non-computer science learner before you jump right into cybersecurity. If you want recommended books, please leave us a message below. We will provide necessary items and resources to ensure that you will be able to learn more.
For Both: Computer Science and Non-Computer Science.
Below are the certifications that help you to land cybersecurity jobs. You can complete any one of them by giving your own competitive exams. With each certification, you will land in different cyber roles. Therefore before you choose any of them, we strongly recommend the “think and act” concept. Depending upon your passions choose the certifications wisely. And remember to appear in exams, you must have 2-5 years' experience in the respective field. If you complete a Master’s or higher education in Computer Science or the respective education field, you may get a lesser waiting time to appear in exams.
1. CompTIA N+/Security Plus
CompTIA N+ and Security+ are an entry-level certifications. N+ focuses on core concepts of network, their working, protocols, and monitoring their activities while Security+ focuses on the security of the organization, IoT(Internet of Things), policies, and secure cloud. After completion of this certification, you can get roles of the system administrator, Security and cloud engineer, IT auditor, and system administrator. The exam cost $370.
2. CEH( certified ethical Hacking)
Popularly known as white hat hacking or penetration testing, it focuses on security flaws and vulnerabilities before hackers do in a more legal way. Before doing any tasks as a white hacker, it is required to have permission from the authenticated personal like the CEO of the company, where you are performing your jobs. The concepts like cyber laws, malware detections, and threat mitigations, and so on are major practical knowledge you will gain. Completion of this certification conducted by the EC council(official) qualifies for job roles like penetration tester, threat intelligence analyst, Cybersecurity Engineer, and cloud security architect. The exam costs $800-$1200 depending upon locations. Please visit eccouncil.org to book the exam.
3. CISSP(Certified Information Systems Security Professional)
It is a high-level entry exam that requires at least 5 years of experience in the related field. This course focuses on high-level cybersecurity domains including access control, cryptography, advanced networking. This certification ensures high paycheck and roles like CISO (Chief Information Security Officer), Security administrator, senior security consultant, and IT security engineer. You must have work experience in at least two domains (Security and Risk Management, Asset Security, Security Architecture and Engineering, Communication and Network Security, Identity and Access Management, Security Assessment and Testing, Security Operations, and Software Development Security). The exam costs around $750.
4. Cisco Certified Network Associate (CCNA) Security
It is the intermediate entry-level exam that focuses on skills to protect Cisco Networks. This helps to demonstrate abilities to recognize threats in the CISCO network, mitigate them and ensure future protection by utilizing effective security infrastructure. The concepts you learn in CompTIA N+ are included here, so if you wish higher job role, you can directly start this course. One can land decent job roles like application security engineer, network analyst, network analyst, and senior network architect. Exam costs from $300-$400 depending upon exam levels.
5. Certified Information Security Manager (CISM)
This is also a high entry-level exam that requires at least 5 years of experience in the related field. It focuses on security management, incident management, business continuity planning, risk assessment, and compliance. This exam is very challenging and requires lots of effort to crack. The knowledge provided by this course is very vast and requires rigorous training. But ensures a very high salary. Job roles like IT manager, information systems security officer, risk consultant, and data governance manager are included by these certifications. Exam cost around $550-$780 depending upon membership.
Choosing the Best Cybersecurity Certification for You
As earlier stated it depends upon your passion and determination. Be careful while selecting the courses and certification. We have further simplified the requirements.
1. For entry-level, certifications like CompTIA A+, CCNA, CompTIA Security+, Microsoft technology associate (MTA) are really helpful.
2. For intermediate level, certifications like CompTIA Cybersecurity Analyst (CySA+), CompTIA PenTest+, EC-Council Computer Hacking Forensic Investigator Certification (CHFI), CEH( certified ethical Hacking), Cisco Certified Network Associate (CCNA) Security are considered.
3. For advanced level, certifications like Certified Information Systems Security Professional (CISSP), ISACA Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), CISSP(Certified Information Systems Security professional) are required.
Comments