Folks in cybersec... what's the strongest backgrounds?

[Mercutio]

MANY MANY MANY years a production ops guy for a main tech in a big UK company.
Bored out of my mind with current skillset, have a little prior on networks/security but... struggling a bit to work out what's the "beaten track" for it.

Obviously for sec, you're interested in:
Users, profiles, connections, routes, processes on systems, on top of the general sec minded stuff.... it's quite a big stretch for for the sort of areas "needed to cover it well". It sort of SEEMS to need linux+windows to full admin levels, networks to admin levels, some coding... etc. That seem fair or am I getting a bit overwhelmed?

So... are the folks stepping into it ones with all this expertise or is there a more grounded skillset?

I'm ISC2 CC, Comptia sec/net+ on the boil, had a good bit of messing with a fair few SIEM tools to know the crack with those. My windows enviro stuff is on point, my linux is a little weaker. What's a good focus?

 

[NickK]

Large field -any specific area?

I did the google professional course and got the worthless badge (real reason was to keep brain going). In my past I delivered an AWS landing zone on steroids, spent meetings with security and the CISO plus the head of risk. The sec area is too large for one person so you’ll want to pick and specialise.

AI security is hot (beyond the normal data protection) but so too is the cloud side or things as every opportunity is being targeted by AI attack tools.

 

[slinxy]

I don’t work for security, but anyone with a system admin role or higher at my place basically works in security due to the nature of the company we work for business.

We have multiple security teams and they dwarf the size of any other teams… as a platform engineer I spend most of my time releasing patches, fixing loopholes and security tools, and reporting. Our security team manages their own set of tools, mainly the tooling server and it’s settings but anything else is left to the platform engineers or the components SMEs.

In my world, scripting is king… my education background is software engineering and computer science.. I’m basically setting up automation, if this happens then do this, this and this.. if the read settings are x, then write to log file y, system z will read the log file which team A is monitoring. Meanwhile, Application B is changing this, while system z is telling system C to prevent this. It’s all automated at enterprise level, with over half a million end points the days of a person from IT contacting a user to check or change something isn’t liable, we often know that something has happen before the end user. I mainly use RESTful APIs, bastardised versions of SQL as each SIEM tools seems to have their own versions and quirks for reporting.

If your bored being a sys admin, IMHO; your be even more bored in security… where boring is good and safe. For the last three places I’ve worked at, their main BAU tasks are reporting and arranging meetings with specialists teams to fix issues, no fixing themselves… and reading reports from other teams.

A lot of the SIEM tools have their own certifications and each of them security teams have been pushing me to take them. “Oh we see if can get you access to xyz, there’s this course you can look at to get more familiar with it…”..
Me: “no thanks…”

 

[Mercutio]

Large field -any specific area?

I did the google professional course and got the worthless badge (real reason was to keep brain going). In my past I delivered an AWS landing zone on steroids, spent meetings with security and the CISO plus the head of risk. The sec area is too large for one person so you’ll want to pick and specialise.

AI security is hot (beyond the normal data protection) but so too is the cloud side or things as every opportunity is being targeted by AI attack tools.

I guess then, knowing what sort of roles are out there?

I doubt I'd be looking at the pentest side of stuff, more monitoring + building better monitoring. So... I guess something of a security ops role? What else is there besides "endlessly monitor what the SIEM tool sees" and pen testing?

 

[NickK]

I guess then, knowing what sort of roles are out there?

I doubt I'd be looking at the pentest side of stuff, more monitoring + building better monitoring. So... I guess something of a security ops role? What else is there besides "endlessly monitor what the SIEM tool sees" and pen testing?

There’re proactive defence along with app dev security, monitoring and response, forensics, information security/asset, risk management, governance/compliance..

Pen testing and ethical hacking is interesting and you’ll need to keep abreast of all the hacks etc.

The security intelligence (detecting changes of malicious actor groups and responding) is increasingly interesting as they use AI. However you’re into the very specialist world.

What sort of turns me off of the security world is the filling of incident forms when you’re learning.

 

[Mercutio]

Yeah, I think out of those, I probably settle to monitoring and response.

Shame I've left it so long.

Guess who had the idea, back in about 2001 for 2FA/3FA with text messages (more or less as soon as text messaging existed) instead of the stooopid £300 a license RSA tag then SAT ON IT?!

 

[NickK]

Yeah, I think out of those, I probably settle to monitoring and response.

Shame I've left it so long.

Guess who had the idea, back in about 2001 for 2FA/3FA with text messages (more or less as soon as text messaging existed) instead of the stooopid £300 a license RSA tag then SAT ON IT?!

The SMS network isn’t designed for security! The old SMSCs you could read text messages as the administrator and the old ForwardSM map request held the short message payload in the clear and it had coulf be redirect anywhere for man-in-the-middle at the global title/MTP level! I designed the first SMS gateway, built one of the first sms marketing systems, and antifraud/spoofing, i also was on the team that delivered AT&T’s SMS logic that handled the american teen idol, and I also wrote SS7 stack software from scratch too at the time.. that’s all over IP via ITPs but SMS has been overtaken by messaging apps.

 

[CREATIVE!11]

I'd be interested to know how possible it is to transition from software engineer into cyber sec?

That was the field I always originally wanted to go into, but either degree needed or something else. So gave up self taught coding instead. Maybe one day a pivot could be on the cards?

 

[radderfire]

I'd be interested to know how possible it is to transition from software engineer into cyber sec?

Enthusiasm, expertise and qualifications.

Maybe start learning hacking techniques too. There are lots of hacking forums. Then do some hacking, white hat ethical of course.

 

[NickK]

worth doing the google professional cybersecurity course. It’s long and you’ll find some boring (regex l/linux/python etc!) but it will give you the wider environment at a basic level and how they interoperate from a cybersecurity lens rather than a developer lens. Lots I knew and a few bits that it reminded me of. Think of it as wide and shallow although you will configure SIEM tools, learn networking and do automation with python, some basic AI etc.

However for roles you will still want to suppliment with more detailed courses and study like the hacking etc. issue is most online exams don’t give you the experience, so getting into hackathons etc are a good way to learn and demonstrate your ability (write up your adventures to increase brand expertise/engagement).

 

[Mercutio]

The SMS network isn’t designed for security! The old SMSCs you could read text messages as the administrator and the old ForwardSM map request held the short message payload in the clear and it had coulf be redirect anywhere for man-in-the-middle at the global title/MTP level! I designed the first SMS gateway, built one of the first sms marketing systems, and antifraud/spoofing, i also was on the team that delivered AT&T’s SMS logic that handled the american teen idol, and I also wrote SS7 stack software from scratch too at the time.. that’s all over IP via ITPs but SMS has been overtaken by messaging apps.

cool good background.

The secure tags are definitely a harder thing to break but... some characters in a text that may mean lots/nothing AND need the other knowledge of the holder.... probably ain't bad vs nowt.

 

[NickK]

cool good background.

The secure tags are definitely a harder thing to break but... some characters in a text that may mean lots/nothing AND need the other knowledge of the holder.... probably ain't bad vs nowt.

I also architected post quantum systems and quantum cryptographic key generation including taking to to the RSA conference. Ahh tgose were the days, they moved the office so everyone got theboot that dism’t move across the country.

also identity management etc..

 

[Mercutio]

I also architected post quantum systems and quantum cryptographic key generation including taking to to the RSA conference. Ahh tgose were the days, they moved the office so everyone got theboot that dism’t move across the country.

also identity management etc..

Nice, I know enough bits in this sorta direction to be useful but perhaps not quite the chance to join a lot of it up.

I wasn't after random willy waving with my bit, just "I have at least a little pedigree in this kinda thing!" and looking for the better ways in.

Oracle DBA at present.

 

[NickK]

Nice, I know enough bits in this sorta direction to be useful but perhaps not quite the chance to join a lot of it up.

I wasn't after random willy waving with my bit, just "I have at least a little pedigree in this kinda thing!" and looking for the better ways in.

Oracle DBA at present.

A mate is a long term oracle dba.

You could look as infosec as a way in - starting with securing oracle, data privacy and risk, then move from there.

 

[radderfire]

Take a look at job vacancies at cybersecurity companies to see what they're asking for, e.g.

Careers | CrowdStrike

At CrowdStrike, the success of our people is the success of our company. Explore the teams, culture, and people that help us redefine security.

www.crowdstrike.com

Explore Careers and Jobs in Cybersecurity at Palo Alto Networks

Palo Alto Networks is the global cybersecurity leader enabling secure digital transformation. Search our jobs to uncover your career in our global network.

jobs.paloaltonetworks.com

I've always thought the main problem with a cybersecurity career is it's a problem getting recognition -

Hey boss, we've had no cybersecurity incidents for 3 years, can I have a payrise?

Nah, what are you talking about, everything's always fine.

 

[dowie]

I'd be interested to know how possible it is to transition from software engineer into cyber sec?

That was the field I always originally wanted to go into, but either degree needed or something else. So gave up self taught coding instead. Maybe one day a pivot could be on the cards?

As with everything else in tech it doesn't need a degree or qualifications. I remember a fairly junior guy at a company I worked at a few years ago decided he was interested in it, he was in an ops role and showed an interest then eventually moved internally to report to the head of security.

I don't see why a developer couldn't transition into "cyber security" especially given there are literally developers working in that field. Maybe see if there are some projects where you can work with the relevant team(s) in your current org, go and speak to them etc.. then maybe an internal move or if that’s difficult (certainly can be in some firms) then just use the experience to try and land a role externally.

 

[Nasher]

TBH you can move around the IT world and pick things up on the job if the employer is willing to give it time. Bar coding stuff maybe.

We have DBAs who came from something completely different. Started off as numpties and learned it all on the job.

The security team seems to have a high turnover of staff and high levels of burnout. Might not be rosy in all places.

 

[NickK]

The security team seems to have a high turnover of staff and high levels of burnout. Might not be rosy in all places.

That's pretty much standard, and some of the larger companies are explicitly reducing the workloads on staff to retain them (and naturally that means more staff).

It always reminds me of a mate that's a DBA. At job interviews (he's a contractor) people were concerned that a DBA may not be able to cope with a couple of databases.. yet at Oracle, as an FTE DBA he was expected to look after over 250+ databases (hence he's a bit of a scripting guru).

 

[Nasher]

That's pretty much standard, and some of the larger companies are explicitly reducing the workloads on staff to retain them (and naturally that means more staff).

It always reminds me of a mate that's a DBA. At job interviews (he's a contractor) people were concerned that a DBA may not be able to cope with a couple of databases.. yet at Oracle, as an FTE DBA he was expected to look after over 250+ databases (hence he's a bit of a scripting guru).

The trick is not to actually be busy, it's to LOOK busy

 

[NickK]

The trick is not to actually be busy, it's to LOOK busy

That was his approach, script so you know when it's going to have problems, ready the solution, wait and save the day... but you didn't hear that from me lol.