Your Cybersecurity Career: A Training Model to Get Started

The world needs security experts. If you’re interested in that field, now’s the time to get started with a cybersecurity career.

This is a guest post by CyberDefenders. The views and opinions expressed in this blog do not necessarily reflect those of the PolySwarm organization nor is this considered professional advice.

Spreading security awareness, and getting qualified applicants into cybersecurity carers, can be challenging. Yet, the world needs cybersecurity talent more now, than ever before.

Cyberseek.org visualizes Cybersecurity skill demand across US

We at CyberDefenders are working with community college students to nurture their cybersecurity interest with summer internship programs, regular hackathons and co-executing projects with industry partners.

Still, over the last year, we realized that it’s hard for non-professionals to become productive in cybersecurity projects. To combat this challenge, we created an open, 4-hour bootcamp course, made possible by grant from Silicon Valley Career Pathways, to introduce cybersecurity to everyone who’s interested in pursuing it as a career.

In this post, we wanted to highlight our model to introduce cybersecurity careers to novices, which we think can be effective, whether you work with us at CyberDefenders or not.

Our bootcamp focuses on five broad topics:

• Cybersecurity careers
• Penetration testing
• Automation attacks
• Network security
• Cybersecurity research and data analysis.

Consider how this bootcamp format can help you jump-start your cybersecurity career.

Look for Talent Gaps: Cyber Security Careers

Cybersecurity is an evolving field and the threat landscape is ever-changing. For anyone interested in working in the area, we suggest that they start by reading through the annual Verizon data breach investigations report. This report will give a broad overview of the major attacks and evolving techniques used by the criminal masterminds.

Next, we encourage participants to interact with Cyberseek. This helpful tool gives an overview of all cybersecurity positions and career tracks, while noting talent areas where there are gaps. Those just starting their career in cybersecurity can consider exploring those in-need avenues.

Resource: Check out our full introductory lecture here.

Learn How to Test your Software: Penetration Testing

One of the most important parts of application security is the process of penetration testing to find vulnerabilities in the software. A penetration tester works with a company to improve software by finding vulnerabilities. The pen tester plays the role of a hacker within a controlled environment. We encourage every participant to try basic penetration testing using Kali Linux and Metasploit.

There are several commercial and open-source tools to help, as well as industry established terminology that cybersecurity experts need to learn. One way to get familiar with common vulnerabilities and terminology is to read through OWASP’s top Web Security risks report.

Resource: Use our video lab to try pentesting yourself.

Learn About Credential Criminals: Automation Attacks

Yahoo and Entrust breaches exposed billions of usernames and passwords. Most attackers use these compromised credentials to try to overtake user accounts. This form of attack, referred to as account takeover, is one of the most profitable cyber crimes.

Most attackers use automation tools like Selenium with python scripting to try different username and password combinations on your infrastructure. Some criminals also use the same tools to harvest pricing or proprietary data from your service. As we’ve seen recently, these cyber attacks also use a network of computers to perform their automation attacks.

Resource: The lecture on this topic explains what automation attacks and botnets are, and their place in cybersecurity. The associated lab demonstrates how a denial of service attack works by programming a script in python as well.

Learn About the Layers of the Internet: Network Security

The internet is built on complex layers of technology and each layer introduces its own set of attacks and vulnerabilities. It’s important for a beginner to get educated on how the internet protocols work and how information travels from computer to computer. For example, each computer using the Internet has an IP address, some of which are mapped to a readable domain. Many attacked vulnerabilities are targeted on these protocols, using spoofing information to travel from computer to computer or misdirecting a user to a wrong domain.

Resource: Both the lecture and lab on this topic stress the importance of making sure your website is not sending information unencrypted on HTTP but uses HTTPS protocol. When doing security for a business, or your own online presence, this is critical.

Keep Up to Date: Cybersecurity Research & Data Analysis

We learn about new attacks and vulnerabilities every day. It’s hard to keep up with all the Malware or common vulnerabilities and exposures (CVEs). This is especially true if you don’t follow any trade magazines. One way to start learning the lingo while staying up to date with the cybersecurity landscape is the follow experts on social media. Check out PolySwarm’s list of 8 security experts to follow on Twitter.

Resource: The lecture on this topic showcases how to use Google Scholar and the internet to find new research. It’s also lab tailored, showing you how to use data science to discover known malware and use neural networks to screen for new ones.

Want to show off? Take the Quiz!

After going through the crash course our students were able to work on interesting projects. We had one student begin work with Port Knocking, an innovative network trace application.

If you would like to show off what you learnt and get a small badge of completing the Cyber Defenders Introduction to Cyber Security BootCamp we invite you to take our quiz on the above modules.

Find More Resources

If you’re further along in your cybersecurity career, and want to challenge your skills and knowledge, check out some other helpful resources:

• Blockchain Development: Online Courses for Security Experts
• How to Make More Money as a Cyber Security Expert
• 5 Reasons to Hunt Malware With PolySwarm

Don’t forget to sign up for our Weekly Security Experts Newsletter, where we announce all opportunities for experts to participate within the PolySwarm network.