If you’re new to the field or looking for a career transition, there’s just so much information out there that it’s hard to even get started. You might hear people talk about having tons of courses and certifications to take, but I’m here to tell you they’re not that important. While there’s some value in going through the process of studying for certification, what is important are your skills and experience, because in this field, what you can do will make you so much more successful than what you know. Solving technical problems is the way to earn the trust and confidence of the people you work with. Here are the top 5 skills you need to learn to become a cybersecurity professional.
Building and Using Virtual Machines
Virtual machines, also called VMs, are operating systems that run on top of your existing or host OS. The virtualized OS is commonly referred to as a guest and is managed by a piece of software called a hypervisor. The hypervisor lets you manage and allocate resources like CPU, memory, and disk based on your guest. Popular hypervisors you may have heard of include Hyper-V by Microsoft, VirtualBox by Oracle, VMware, and KVM. Oftentimes, when you hear the term “cloud,” it usually just means thousands of VMs running on specialized hypervisors on someone else’s server farm in a data center somewhere.
Virtual machines let you become platform-agnostic, meaning you’re no longer limited to any particular operating system and the tools available for it. Many people spend all their time just on one OS and debate which one is better. Let me tell you, it doesn’t matter. As a pro, you should be versed in all of them and be comfortable working with any platform. This maximizes the scope of your skills and makes you effective in any situation. Virtual machines also give you the flexibility to train and research in an isolated environment without affecting your main driver. You can quickly take snapshots of a guest OS and restore it to an earlier state, opening a suspect file you received. Use a VM. Want to practice configuring a server? Use a VM. Slinging exploits at a target? Use a VM.
Learn the Command Line
Don’t run away, but embrace it. The command-line interface commonly referred to as a shell is the simplest and arguably the most efficient way to interact with an operating system. For example, if I’m looking for an entry in the CSV file of over 1GB size, Excel might freeze or crash. Running a lightweight shell command gets me what I need in no time. Why is it called a shell? The important part of an OS that makes it run is called the “kernel” because it functions at the center of the system. The part that’s exposed to a user is called the shell since it wraps around the kernel. It’s just like a car where the steering wheels pedals, and dashboards, giving you control over the engine or transmission all exist in the shell of the car.
The command line gives you the lowest level of access to software functionality that comes with an operating system. Many of the most useful tools don’t have a graphical user interface (GUI) to point and click. Mastering the command line expands your arsenal and lets you get more done with less. It allows you to be able to use scripting and automation to tackle repetitive tasks that would otherwise waste lots of time. Learning to automate your workflow by learning the command line makes you a tremendously valuable asset to the team. I recommend starting with Bash or Born-again Shell since it comes by default with almost every Linux distribution. MacOS used it in its terminal app, which has since changed to Zsh or Z-Shell and has some nicer features. If Bash is like a Toyota, then Zsh is more like a Lexus. Bash is so popular and effective that Microsoft released the Windows subsystem for Linux (WSL) and lets you install several different Linux flavors to use Bash as a native app. This is super convenient since you can access all of your Linux tools without having to switch to a virtual machine. Now understand that Powershell is actually the go-to native shell for Windows. It’s very different from how you would use the Linux command line but gives you a ton of powerful Windows administration abilities. If you work in an environment where Windows is the primary OS, you should definitely learn PowerShell as well.
Master the Art of System Administration
System administration involves the configuration and maintenance of computers, whether personal devices or high-powered servers. System administration is about knowing your platform and various tools inside and out to be able to help others who don’t. Whatever your skill, try to fiddle around and learn by doing. Delete some files and try to recover them. Download/open and monitor old viruses in a virtual machine with tools like Windows Sysinternals to see what they do. Try to extract files and passwords from a computer without knowing the login info. Whatever it is, push the limits of what you already know by reading guides out there and following along. Practice a little more each day and you’ll level up in no time.
This is the heart and soul of it all. It’s the understanding of how devices interact with each other and how data gets from point A to point B. A strong foundation and networking will make you a rockstar trouble-shooter. Whether you’re red teaming, defending, or running day to day, IT Ops.
Two conceptual models govern computer networking: TCP IP and OSI. They group all your different networking and telecommunication protocols into layers. TCP IP is older and uses four layers: network access, Internet transport, and application layers. OSI stands for the open system interconnection, which is developed by the international organization for standardization (ISO). These guys define everything from country codes to time and date formats. OSI is newer and uses seven layers: physical data link, network transport, session presentation, and application layers. All these layers are just a way to describe what’s happening and where.
So, if you’re receiving a package from someone in a different country, it’s going to get passed between envelopes, boxes, vehicles, and planes, each with its addressing method and operating procedures. When the post office tells you there’s an airline issue, you know where it is in the transportation system that’s delaying your delivery. Likewise, the networking layers all have different functions, but a whole work together to let you stream videos from a server in a rack to a device in your hands. Knowing what’s happening at each layer lets you see the matrix and be much more skilled at your craft.
Personal Digital Security
This is an area I’ve been particularly passionate about because it affects our families, friends, and organizations. The cybercrime industry is booming. You don’t have to scroll far to see what the online black market looks like. As technology becomes more and more intertwined with our lives, from internet-connected cars to refrigerators, the vulnerabilities and attack vectors are going to increase more and more. If you want to go deep into cybersecurity, there’s no better place to start than with yourself. From passwords and encryption to secure communications, stay up-to-date with the latest security news and best practices. You might just be the subject matter expert in your office that others go to for advice. And that advice might just protect your company from becoming front-page news. But most importantly, it’s to live it out yourself as well! Most of the time, cyber intrusions originate from the security operations or IT departments simply because people don’t understand or practice basic digital hygiene.