Cybersecurity

A developer “MAKES” Software, but a cyber security engineer tries for ways to “BREAK” it. A company needs both of them.

Developers è to write good s/w and Cyber security engineers è to test for bugs in the s/w

However, most companies nowadays go for COTS (Component Off the Shelf). This eliminates the need of developers somewhat. However, cyber security is a booming field and demand for certified professionals is very high to maintain critical infrastructure.

PROs OF Cyber securityè 1) Very high salary 2) Very wide scope for application i.e. Corporate world/Academics/Consultancy/Business   3) High Demand for qualified professionals 4) Broad entry point as one can enter into this field from many avenues.

CONs of Cyber securityè 1) Constant knowledge upgradation needed

Aspiring entrants into this segment, are encouraged to:

1)   First train in the basics of computer science. However, DONOT restrict yourself to the course syllabus. Take an active interest and read up on related matters in Computer Science. As far as possible, try to implement what you have already learned.

2)   Secondly, focus your interests as it is impossible to master every single topic under the sun.

3)   Lastly, gain practical experience.

By the very nature of their job, people in this niche area, are expected to understand code. However, they are not expected to write code. This precludes the learning of any particular language in detail.

Things to learn:

·         Bash – Absolutely necessary

·         PHP - Most of the internet’s webpages make use it.

·         Windows OS, *nix OS. Familiarity with Command Line Interface is required.

·         Theory [OS, databases, virtualization, protocols etc.]   ß Optional

Things to be familiar with:

·         Python - It is a good, simple yet powerful language. ß Optional

·         Go – A good language to add to your kitty ß Optional

Absorb as much as you can. It is essential to understand logic before finding flaws in it. The aspiring entrant might be a seasoned developer or might have any job in the cyber arena. Cybersecurity is a multidisciplinary field.

IT jobs that can lead to cyber security are:

·   Computer Programmer   ·  Computer Software Engineer   ·   Computer Support Specialist

·    Computer Systems Analyst  ·         Database Administrator  ·         IT Technician

·   IT Technical Support  ·  IT Customer Service  · Network Administrator  

· Network Engineer  ·         Network Systems & Data Analyst  ·         System Administrator

·         Web Administrator

However, it is to be noted that one has always to update their domain knowledge, to keep themselves relevant in this field. Typical cyber security job titles and descriptions include:

1)   Security analyst è Entry level

2        2)   Security engineer      3)   Security architect    4)   Security administrator

5)   Chief Information Security Officer  6)   Chief Security Officer (CSO)   

7)   Security Consultant   8)   Security Specialist  9)   Security Intelligence

Cyber security experts are a desired lot in banks, energy sector, hotels, airlines, healthcare, telecom companies, infrastructure, transportation, law enforcement, defense, emergency response systems and ITES companies, among others. Most of the cyber security jobs within government fall in the category of:

i.        Computer Specialist                             ii.        Information Technology Officer 

iii.        Information Technology Specialist        iv.        Assistant Chief Security Officer etc. 

These jobs are available with various government agencies and departments. This means that cyber security careers will be available in: -

·          Law enforcement   ·         Defense sector   ·         Utility companies   ·         Healthcare sector

Cybersecurity careers will also be available in the corporate world with almost any kind of business you can think of. Some of these positions will only require a minimal amount of training such as a certification or an Associate Degree. Others will require a Bachelors, Masters or Doctorate in Cyber Security. There will probably be a shortage of these types of workers for several years to come. That means qualified and trained people should be able to pick and choose the jobs with the best pay and the best working conditions. If you think this may be the career for you, start looking at colleges and exploring the various specializations of study this field has to offer.

Within businesses, the cybersecurity positions available are: -

i.        Cybersecurity Analyst

ii.        Research Scientist

iii.        Cybersecurity engineer

iv.        Information Security specialist

Most of these jobs are available with Government contractors, scientific research laboratories, security consulting firms and IT and security vendor companies. This is especially so, as they are security minded.

Qualifications:

A novice entrant can be a graduate in any discipline. However, software engineers would have preference. A good knowledge of networks and an understanding of how hackers’ think is essential. You have to think like a thief to catch one or thwart the attempts of one. It is recommended that one does a course in Cyber Security. It does not help joining a course for a few days, but it is recommended that one joins a reputed certificate program and long-term programs.

Certification:

This is an upcoming field in which certifications play an essential part. Certifications like the below would help a person to start a career in Cybersecurity.

1) Certified Ethical Hacker v10

2) CompTIA Security+  

3) CompTIA Advanced Security Practitioner (CASP)

4) Certified Information Systems Security Professional (CISSP) 

5) Certified Cloud Security Professional

6) Certified Secure Software Lifecycle Professional (CSSLP)  

7) Certified Information Systems Auditor [CISA]

8) Certified in Risk and Information Systems Control [CRISC]  

9) Certified Information Security Manager [CISM]

10) Cisco Certified Network Associate (CCNA) Security 

11) Cisco Certified Network Professional [CCNP] Security

Other vendor specific certifications like CCSP (Cisco Certified Security Professional) and MCSE (Microsoft Certified Systems Engineer) also help.

IMPORTANT: They do not have much market value and the content is geared around their product/s. Vendor specific certificates in general, have low appeal. 

Required certifications: They can be divided into Entry level and Advanced. 

Entry level:  CompTIA Security+, GIAC Security Essentials

Advanced level:

·         OSCP      ·         CISA      ·         CISM      ·         CISSP

Graduates with a degree in computer science or engineering can opt for various full-time and short-term courses in information security, like MTech and MSc in Information Security, degree and diplomas in information security and network administration. You need to be trained and certified from a reputed organization. International certifications like Certified Ethical Hacker (EC-Council) and GPEN can do wonders to one’s career as a cyber security expert. Salaries in this field range from `3 to 5 lakh per annum. With experience and desired expertise, the package may go up to 10-12 lakh per annum.

Organizations that provide cybersecurity certifications:

·         CERT

·         Certified Wireless Network Professional

·         CISCO

·         ComPTIA

·         DRI International

·         EC-Council

·         Global Information Assurance Certification

·         Offensive Security

·         Security University 

Branches of Cyber security:

1)   N/w security  2)   Application Security  3)   Web Security

4)   Mobile Security  5)   Malware Analysis  6)   Risk Audit/Management

Penetration Testing commonly comprises of the first four and by far, is the most popular. Mobile Security is a very niche area, has a great demand which is growing exponentially. After learning the basics, one can opt for any particular branch. The choice of language etc. (tools of the trade) will depend on that.

Job Profile:

The job of a cybersecurity professional includes: 

·         Ethical Hacking to find out security loopholes to fix

·         Creating security policy for an organization

·         24×7 remote management of security products like firewall

·         Security auditing

·         Cyber Forensics, that is, clinical investigation of computer crimes/frauds

·         Training

Where are the Jobs?

If you are a trained professional in cyber security, you can find placement as any one of the under mentioned -

·         N/w security systems manager

·         N/w security administrator

·         N/w security engineer

·         Web security administrator

·         Web security auditor

·         Application security tester

·         Ethical hacker

·         Information security analyst

·         Database and s/w developer

·         Data security specialist

·         Chief information security officer (CISO)

·         Own Business/Consultancy

If you are an expert in any of the domains like penetration testing, malware analysis, reverse engineering, forensics, cryptography, block chain technology, IoT security, cloud security, SDN, DevSecOps, etc., Then you could really make a fortune!!

Learn cybersecurity for free.

Cybrary - Online Cyber Security Training. This site has free resources for learning

Free MOOCS:

https://www.class-central.com/subject/cybersecurity