What Cybersecurity has to offer you & What skills you need to attain as newbie?

Note: This Post is created by analyzing various Job Descriptions posted on Website like Indeed. And It will be the most dynamic post that will be changing continuously a lot (Modification in The Skills Required).

To every new computer science student, the field of Cybersecurity seems very fascinating and having more power in hands.

So they start exploring by being script kiddies. I won’t say there is drawback in experimenting. But under the General Data Regular Policy, Its critical to understand that what drastic implications your simple actions can bring to other or your life. Those who understand these effects either go for Cybersecurity Training from local institutions or renowned organization that nurture their skills in that fields. But the people who thinks self-learning is the key to success, or those who don’t have access to these resources, And there are person who have already doing job but want to switch career to the cybersecurity industry and wants to start this journey by self learning searching for Learning Path, basic necessities, joining various Bootcamps (for US Native Citizen) for learning. But they get lost in this searching from the right direction.

Let’s begin this journey with us. Where we will be minimizing your headache of research and learning along with us. So let’s begin the journey by analyzing what career opportunity the cybersecurity discipline can bring which in turn leads to analyzing what skills you need to focus on.

The major career Opportunities are:

Specialist

• Cryptographer
• Network Security Engineer
• Application Security Engineer
• Malware Analyst

Mix Disciplines

• Security Generalist
• Security Architecture Engineer
• Network / Forensic Analyst
• Cloud Security Engineer
• IoT Security Engineer
• Blockchain Security Engineer

Pro and Mix Disciplines

• Penetration Tester
• Incident Response Analyst

Less Techy

• Identity and Access Management Engineer
• Security Trainer
• Governance Risk and Compliance Professional

Specialist

1. Cryptographer

Cryptographer is specialization in the field of designing and developing Cryptographic algorithm for ensuring CIA triads for the Information.

Skills:

1. Bit of Mathematical Knowledge along with Some Programming Language experience.
2. Basic Cryptographic Algorithms.
3. Code Efficiency Analyzing.
4. Vulnerability Analyzing in various Cryptographic Algorithm.

2. Network Security Engineer

As the title describe the “Network Security”. These folks have knowledge in the major specifically in Networking Major. How You should Begin With is not that much difficult task in this.

Skills:

1. Basic Networking Theory like TCP/IP protocols, different communications protocols.
2. Hardware Knowledge Basics(like hubs routers etc.)
3. Knowledge about OS, Scripting Language.

After Covering Basics.

1. You must have knowledge how to analyze packet, how to monitor various networking devices.
2. You can plan configuration and security architecture for your networking devices keeping security constraint in mind.
3. Detecting and Infiltrating Malicious network.

3. Application Security Engineer:

App Sec Engineer are the developer who are focus on analyzing the security of the application only, they are not in depth worried about Hardware Networking etc(though little understanding may be required like how processing speed is affected by certain operation which help in analyzing those kind of attack which are based on Performance Metrics).

Skills:

1. Understanding of Programming Languages, Framework.
2. Application Architecture.
3. Code Analysis.
4. Assembly Language Understanding to Reverse Engineer the Packaged App.

4. Malware Analyst:

Malware Analyst is a special kind of Software Analyst that analyze malicious kind of software. He/She is responsible for designing new malicious software, analyzing any malicious threat and detecting solution to hunt down any malicious software. They are more likely to be called as Reverse Engineer

Skills:

1. Understanding of Assembly Language
2. Scripting Language.
3. OS Knowledge.
4. Code Analysis
5. Up to date Knowledge of Malicious Bugs out there

Mix Disciplines

1. Security Generalist

A security generalist is a person or developer who is having experience in variety of discipline of Computer Science. Or You can say him Jack of All. Or if you are from web development field, you can call him Full Stack who posses little knowledge of huge number of fields instead of one. But it is from Security perspective.

Skills:

1. Wide Variety of Knowledge ranging from simple (like configuring Application, configuring Server, app development etc) to complex (like understanding factors which leads to security loopholes, that are not analyzed by a general programmer)
2. Your nature should be adaptive to dynamic nature of changing and evolving field of Computer Science. Learning New Thing Should not be hurdle for you.
3. Along with width if you have in depth knowledge of few than you are the long lasting person in your industry.

2. Security Architecture Engineer:

Security Architecture Engineer are the people who is basically focused on designing good architecture for the hardware and applications keeping security constraint in mind. They are also Full Stack But Security Oriented and much skilled than Security Generalist.

Skills:

1. Knowledge of Hardware Devices, Scripting Language, Database & OS.
2. Cryptography Implementation and IAM(Identity Access Management) implementation.
3. Architecture Planing for the Application with imposed security configuration.
4. Analyze The loopholes or weakness in Security Architecture

3. Cloud Security Engineer

Since all the application are nowadays deployed on Cloud Environment due to fast, secure, scalable and Cheap in cost as compared to workstation. This field of Cloud security Engineer is highly in demand. It is similar to securing Your personal System but at large scale because,

Joke Apart, The skills required to be a Cloud Security Engineer are

Skills:

1. Basic understanding of Cloud Environment.
2. Application & Security Architecture Understanding.
3. You must be dealing with imposing network security, IAM security application Security, data protection,cryptography, Distributed Environment Security.

4. Networking and Forensic Analyst:

This field seems similar to networking security engineer but this vary in the sense that former is more oriented toward building the network security analyzing in depth activity of network activity in a system along with using data analysis. And It require more knowledge of different disciplines in the

Skill:

1. Basic Knowledge of networking like how various device communicate with each other.
2. Tracing and Analyzing Packet, and Encrypted Package.
3. Cryptography.
4. Data Handling and Data Analysis Skills.
5. Report Building.

5. IoT Security Engineer:

The other things that is in great in demands is IoT tons of devices are connected with each other using IoT are easily hack able due to insecure configuration. You can find tons of insecure devices on shodan.io. With the connecting world it is necessary that your privacy is secured. So IoT Security Engineer role is to find weakness in security of IoT devices.

Skills:

1. Embedded devices
2. IoT basics, like devices used, configuration protocol used to communicate over the internet.
3. Networking and Hardware Understanding, cryptography.
4. Web Security Knowledge
5. IAM implementation.

6. Blockchain Security Engineer

Distributed Apps or DApps and Cryptocurrency are changing the old Scenario of centralized system which are by default considered to be secure. But Recent breaches have shown that it is not that much secure upto that extent it was considered. Though demands are not that much popular but it is the interesting field if you love the multi-discipline then you can go with this one.

1. Blockchain Basic (Ledger, Smart Contracts), DApps Knowledge.
2. Cryptography.
3. Networking Basics.

Pro and Mix Disciplines

1. Penetration Tester:

Here come the most fascinated job profile for every newbie. These folks are also known as Ethical Hacker. While other Job Profile discussed so far is more toward protecting system. Its role is to gain access to that protected system without leaving any trace. If seen in a positive way(if he/she is your employer), he/she is the one who is more toward saving you from breaches by finding the possible path to get access to your system.

Skills:

1. Scripting Language, OS Knowledge is must.
2. Learn How to gather information through various sources.
3. Being up to date about various breaches, vulnerabilities in system.

2. Incident Response Analyst:

These folks specifically works on counteracting the penetration Tester. You can consider them COP when Penetration Tester is not From your organization. But that doesn’t implies that penetration Tester are bad guys.

Skills:

1. Scripting Language , OS knowledge is must.
2. Automation Tools.
3. Up to Date knowledge of Current Vulnerabilities in the System.
4. How to infiltrate or respond to breach.

Less Techy

1. Identity and Access Management Engineer

These folks prefer non technical stuff more, rather than technical. Although to implement the protection , and identifying the threat against someone identity little knowledge of technical stuff is required to implement proper access control.

Skill:

1. Very Basic knowledge about OS, Cryptography,, and certain Scripting Language.
2. Know how to operate on IAM Tools, and implement proper Access Controls.
3. Documenting , generating Policies, dealing with technical and non technical Person.
4. Certain Automation Tool Knowledge will be another Plus Point.

2. Security Trainer:

If Your passion was teaching, but you by change entered in the world of engineering. Then you still can pursue your passion by being a Security Trainer. These Folks provide knowledge around multiple discipline with sprinkling some technical detail, By giving details about tools used, how to operate on those tools. You can called them “Gurus”

Skills:

1. Knowledge in various fields in Cyber Security along with the tool being used there.
2. Knowledge of Simulation Tools that can provide their students a surface to practice over cybersecurity skills.
3. Good Communication Skills.

3. Governance Risk and Compliance Professional:

These folks deals with the rules and regulation issue, caused in operation of any cybersecurity operations. You can called them a “Lawyer”.

Skills:

1. Knowledge of Law & Policies of The Information Act.
2. Tactics to deal with Stressful situation.
3. Good Communication Skills

Conclusion

There is an opportunity for every person in the field of cybersecurity, no matter whether you are having computer science origin or not. But Some Technical Stuff like good command over some Scripting Language (generally people uses Swiss Knife of programming world Python). Some Knowledge of Operating System is must for every beginner. Along with that two non Technical Skills “Patience” and Dealing With Stressful Situation with Calm Mind. After that You can decide Your Career Path According To the Job Profile You want to go for. Although there are dozen of more jobs that can be listed. But they are somehow related to these jobs. So these Profile will help you to analyze how to begin with.

If you like the Post Share Your Views and Knowledge with Other Folks, Who are looking a great mentor around the world.