Building a career in Mobile Security

Interested in starting a career in mobile security and you are not sure where to start?

Introduction

According to an article by RSI Security, Mobile security is a measure one takes to protect against a wide range of threats that seek to violate your privacy and seek to take any other information stored on your phone.

Not only does mobile security affect your everyday, personal life but it can affect the productivity or success of a business.

With the transition of society and businesses to mobile technologies, mobile security is a field in cybersecurity that’s a reliable career choice, an exciting opportunity to help secure them.

Day in the Life.

Within mobile security, some of the paths one can interact with and explore include; Mobile Application Security & Testing, Vulnerability Research & Exploit Development, Reverse Engineering, etc.

Here’s what a typical day for a mobile security researcher looks like.

Day in the Life of a Mobile Security Researcher

Skills and Certifications

In terms of education, a good starting point for you would be to pursue a degree in Computer Science, I.T, Network Systems, or any other IT-related field. This will guide you with a basic understanding of how things work and an introduction to programming languages.

However many have ventured into this field without the ‘formal’ route. Many mobile researchers have found themselves through resources such as courses, blogs, practice platforms, mentors, among others.

Passion and curiosity are key values in this field as it requires constant self-learning of skills and keeping up with emerging trends in mobile security and its advancements.

A. Skills to start and grow in this career include:

1. Ability to read code (writing is a plus). Java/Kotlin for Android, Swift/Objective-C for iOS.
2. Basic understanding of how mobile devices work. Android and iOS internals.
3. Good research skills. these will get better with time through practice and consistency.
4. Technical writings. Going through blogs or research work done by others and understand the structure, language, and techniques used.

B. Courses at offered at eKRAAL. Here are some of the introductory courses one can undertake to jumpstart a career in mobile security. Talk to us!

1. Mobile Forensics Deep Dive Workshop by Ec Council: This course will show you how to conduct such investigations. You will learn mobile phone architecture, how to use phone forensics tools and open-source tools. There will be a strong focus on Android phones, including how to use the Android Debugging Bridge to perform forensics.
2. Computer Secure Certified User by Ec Council: The purpose of the CSCU training program is to provide individuals with the necessary knowledge and skills to protect their information assets.
3. Introduction to Cybersecurity by Cisco: With billions of devices now online, new threats pop up every second, Today’s interconnected world makes everyone more susceptible to cyber-attacks.

C. Other Courses available in Mobile security.

1. Mobile App Security — Cybrary. In this course, you’ll learn how to crawl, walk, then run in mobile app security testing, with the end goal of having all the tools and knowledge necessary to become a mobile app security expert.
2. Mobile Application Security Course — Institute of Information Security. This course is focusing on Security Enthusiasts, IT professionals, and Mobile Application Developers seeking to understand typical mobile application security issues in detail.
3. Mobile Application Security and Penetration Testing — Udemy. Learn the security issues in mobile applications & devices and penetration testing along with their solutions.

D. Additional resources. Here are some helpful blogs to check out:-

1. OWASP Mobile Security Testing Guide — MSTG
2. Android App Reverse Engineering — maddiestone.github.io
3. MOBISEC 2020 — reyammer.io
4. Mobile App Pentest cheat sheet — fuzzsecurity.github
5. Getting started with Android Application Security — cobalt.io
6. Android Application Penetration Testing Mindmap — xmind.net

E. Books on mobile security

1. Android Hackers Handbook
2. Android Security Internals
3. iOS Hacker’s Handbook
4. iOS Application Security
5. Learning iOS penetration testing.
6. Beginner’s guide to Exploitation on ARM: Part 1 and 2

F. Platforms to practice

1. Damn Insecure & Vulnerable App — DIVA Android
2. Damn Vulnerable iOS App — DVIA
3. Hellbound hackers
4. Pentester Lab

G. Finally, communities and people to follow include: Mobile Security, Maddie Stone, RandoriSec, Rodriguez

This article is written by Jelagat Shaleen & Francis Mutisya, both working at eKRAAL Innovation Hub as Mobile Security Researchers and the NCSTP alumnus. They are currently co-leading the Accessible Online Security Cohort II, a program on digital safety and security. Catch up with them every Wednesday!!

Shaleen focuses on matters of mobile security, vulnerability research, reverse engineering, and testing applications. She enjoys watching sitcoms and exploring different food recipes. Follow Shaleen

Francis is a software developer with a keen interest in personal security, vulnerability research, secure software development, and app testing. When not working I spend time learning random cool stuff. Some ideas that are fascinating to me include stoicism, minimalism, and permaculture. My Twitter