I thought about writing a long post about a myriad of technical and interpersonal skills that would greatly benefit someone looking to enter the field of Cyber Security. However, why reinvent the wheel when a quick Google search shows a plethora of well-written articles covering the same thing? So, I will link to these articles below and cover some of the important callouts from each.
Technical skills & knowledge, the fundamentals:
- Networking – Suggested Certifications: Network+ from CompTIA, CCNA/CCNP from Cisco
- System Administration – Suggested Certifications: Linux+, Server+, or Cloud+ from CompTIA, Azure Fundamentals, GCP Associate Cloud Engineer (MCSE/MCSA certs are discontinued)
- Programming – Examples such as Python, Java, C/C++, Perl, & shell
“Programming skills, system administration skills, and network skills are all required and necessary to have … because security skills are worthless without foundational knowledge to build upon,” quotes Pratt (2020) of Matthew Rogers, CISO of tech company Syntax.
Now, it isn’t necessary to be an outstanding programmer, network administrator, or system administrator. Having solid foundational knowledge in each of thee areas is important, however. Being able to read simple Python, Java, or other code is a great benefit for anyone in the field of Cyber Security. Understanding switched networks, RIP, OSPF, and other networking terminology and concepts is also important.
What are some ways that you can get these skills without having the job experience? Home labs and virtual home labs are becoming more and more an everyday thing. Programs like Packet Tracer or GNS3, as a couple of examples, allow you to set up a full virtual network and play with the settings for every device in it. Routers, switches, wireless, cabling, printers, laptops, and even servers. This type of virtualized environment even lets you set up DNS and DHCP as well as other important networking protocols to help you create and manage a fully functioning, yet virtualized, network. Aside from virtual labs, there are countless resources for programming online, including Codeacademy.
Specific role based skills:
The fine folks over at Cipher.com created a similar post detailing different positions and some of the skills that a successful practitioner would need in each role. You can find that link here. Below, I’ve provided some free training links to some of the top InfoSec careers. However, some of these are paid training courses. If I were to give you any advice, invest in yourself.
- Incident Response – https://www.udemy.com/course/ksc_learn-incident-response/
- SIEM (SOC Analysts/Engineers) – https://blueteamblog.com/learn-siem-for-free
- Audit & Compliance – https://www.infosecinstitute.com/career-profiles/security-auditor/
- Intrusion Detection – https://www.pluralsight.com/courses/firewalls-intrustion-detection-cnd
- Malware analysis – https://www.infosecinstitute.com/courses/reverse-engineering-boot-camp/
- Penetration testing – https://forum.bugcrowd.com/t/researcher-resources-how-to-become-a-bug-bounty-hunter/1102 (Here, I’ve linked to BugCrowds article as it directly relates to penetration testing and has some great advice and resources to get you started learning). I would also advocate for working through CTF challenges on TryHackMe as well as learning BurpSuite with PortSwigger Academy. Both have great challenges and tutorials that will teach you the tools and techniques of the trade.
Interpersonal Skills:
- Communication skills – Ability to convey messaging in a well-received manner. This covers both written and verbal communication and is one of the hardest skills to master.
- Passion – Having a passion for Cyber Security is easily one of the most attractive traits of a potential hire, in my opinion. That spark lets managers know that you’re excited about the field and willing to learn and grow.
- Determination & Persistence – InfoSec is an area where these traits are often tested. How you handle roadblocks, adversity, and stress play a factor in how you will perform as an employee.
- Analytical & Problem Solving – The ability to think analytically, dissect problems, and search for root cause resolution is a highly sought after skill. Being able to utilize resources and tools to find answers, drive resolutions and fix problems is a great skill to have.
- Teamwork & Collaboration – You have the ability to work well with others, draw in expertise from others, collaborate, and drive resolutions is a highly sought after skill.
- Outside the box & Swim upstream – Knowing when to buck the trend and think outside the box or try a different path can be a scary thought. However, it can also bring about great change in any situation. Challenge the status quo, find new and better ways to do things.
While I have tried to provide a wealth of resources in this post, this is not an exhaustive list by any means. I would absolutely welcome any suggestions if you have anything that you would like to add. One side piece of advice that I would highly encourage you to do when applying for positions and talking with managers is to ask them specifically what technical and interpersonal skills that they are looking for. This is a great way to ‘break the ice’ as well as to gain insight into what they are looking for during interviews. Good luck to you on your journey!
References:
Pratt, M. K. (2020, December 15). Top 10 in-demand cybersecurity skills for 2021. CSO Online. https://www.csoonline.com/article/3599095/top-10-in-demand-cybersecurity-skills-for-2021.html.
The Must-Have Skill Sets & Certifications for Cyber Security Careers. Cipher. (2020, May 28). https://cipher.com/blog/the-must-have-skill-sets-certifications-for-cyber-security-careers/.