I recommend Krebs on Security as a blog worth reviewing. He highlights items, like card skimmers, value of a hacked email, the value of a hacked PC, and many other items on cyber security. I was curious about his blogged advice for cyber security career seekers, and here is my attempt to summarize his post: Thinking of a Cybersecurity Career? Read this.
1. Practical hands-on experience
It is wise to pursue alternative learning platforms, such as Hack The Box, etc. because it can help you stand out. It will also impress future hiring since they can see initiative as well as see you as a self learning enthusiast.
I would also advise continuing with posting quality blog posts because you can a) refer to it when you’ve forgotten something and b) it’ll help you learn how to document things well. After working in a Security Operations Center (SOC), it was very common to post how-tos and the likes, especially SOPs.
2. A deep understanding of networking
This one has many facets to it. Fundamentally, you should understand an overview of the mechanisms in a packet-switched network, and how the OSI/TCP-IP Models interplay with each other. As you’ve looked at packet analysis in the week 4 labs, it’s a good start. But I recommend dissecting more packet captures. Here’s something to learn: encapsulation. An HTTP packet sent over an SSL packet is a segment within a TCP packet, which is a segment of an IP packet that operates over an Ethernet packet. The common MTU (Maximum Transmit units) is 1500 bytes. How big are the Link-Local Addresses? What does a TCP and UDP header occupy? Can ARP poisoning impact a separate network segment/VLAN? What is a VLAN? What is a broadcast domain? What is the difference between a network hub, a network switch, and a network router? What is a proxy? What is the different between a forward and reverse proxy?
The reason why this is so important is because if you have a strong foundation in networks, you can either articulate or determine the attack vector. At my logistics work, my workplace got blackballed because the IP address was getting marked as a GameOver/Zeus target. I literally deep-dived into the companies packets to find the node that was causing our company email to get blocked.
If you want to experience my PowerPoint that I shared with my company, let me know by email and we can setup a Zoom to demonstrate.
3. Platform experience
In this past week’s lab, we learned about User Access Controls in Windows, the importance of groups, and how to configure them and validate that they’re working as expected. It is good to be super familiar with Windows because it is by far the most targeted platform, mainly because its users are seen as money bags compared to Linux users. But no platform is safe. Malware on Linux is on the rise; CrowdStrike said there was a 35% increase in Linux-Targeted Malware in 2021. HelpNet Security claims coinminers, web shells and ransomware made up 56% of malware targeting Linux systems in H1 2021. macOS is little different, and its often targeted because users are naive, and they’re seen as viable targets as well.
Bottom line? Understand security features of each platform, and learn how to work with them. You can VM any Linux or *BSD platform because their licenses are very permissive. macOS platform does require Apple hardware per its EULA, and Windows does permit a 30-day evaluation, which can be a great way to VM the system and learn its security features.
4. Exploit knowledge
As this course continues, I hope you’re exploring articles about how a particular worm, Trojan, etc. was said to work. And get used to this because after working in a SOC, you may as well go through 10 blogs a week and review three different exploits. How does a SOC determine which threat to hunt? They usually take their cues from the news cycle, but sometimes, they will look at something that seems to have cooled in the public eye, but it could be a low effort attack that may be interesting.
5. Programming Experience
Luckily, at Metropolitan State University, it would seem that students can be exposed to a rich set of programming languages. As a Computer Science major, we’re primarily focused on Java; however, I have been in classes that have used C, Assembly, and Scheme as well. Although there is the opportunity, are you investing enough time to explore those other programming languages? Have you created a Linked List in C as well as Java?
Also, don’t neglect Shell scripting. As in my previous post, “living off the land” is a very real attack method, and understanding the (common) commands can help you with determining how to protect assets.
Conclusion
Although these are hits on Krebs blog, I advise you to stay curious and explore whenever free time is available. Your self-paced learning in this field could lead to better hiring outcomes. Oops, I forgot one last thing; don’t forget to network with peers. Honestly, it could mean the difference between getting an interview and not.