Anyone work in Cyber security ?

[Bounce]

I have a keen interest in cyber security, but have no experience or qualifications in this area.

I’d be interested to hear from people who are in the cyber security industry.



Iv seen lots of job adverts asking for
CISSP qualification
comptia a+
Iso 27001

How easy is it to get into? And what is the day to day role like?

 

[malachi]

I have a keen interest in cyber security, but have no experience or qualifications in this area.

I’d be interested to hear from people who are in the cyber security industry.



Iv seen lots of job adverts asking for
CISSP qualification
comptia a+
Iso 27001

How easy is it to get into? And what is the day to day role like?

Do you have an IT background already?

 

[dowie]

How easy is it to get into? And what is the day to day role like?

Disclaimer; I'm not in cyber security, that's a whole field though rather than a specific role so asking "what is the day to day role like" is kinda open and variable.

For example, one guy working as a consultant at a tech firm I was at left for a security role at a big-name consultancy (he didn't have any security qualifications at all just consultancy experience), he'd go to client sites and run a bunch of scripts and send data to some third party firm and found it all rather boring.

I remember some IT guy at one firm moving to a new "security analyst" role and a manager becoming the head of IT security (which was a tiny 2-3 person team), they did some pen testing I believe, not sure if he had any certificates or not but it was an internal move.

It would probably be better if you were to state what you do now and what qualifications you have already... for example it could be pointless someone suggesting an MSc course if you don't have a relevant BSc/BEng etc. Likewise, if you don't actually work in IT right now and have zero experience then your prospects might be rather different to say some networking specialist looking to switch roles.

 

[Noxia]

Most of the people we recruit are students with a STEM degree but you can manoeuvre into that space with self learning too.
They do a lot of screening and stuff to see if people have aptitude for it as well which is cool. I do not but there are far more roles than just the technical ones.

 

[Bounce]

Do you have an IT background already?

No my background is in Compliance (H&S, ISO's, Fleet Management)

Disclaimer; I'm not in cyber security, that's a whole field though rather than a specific role so asking "what is the day to day role like" is kinda open and variable.

For example, one guy working as a consultant at a tech firm I was at left for a security role at a big-name consultancy (he didn't have any security qualifications at all just consultancy experience), he'd go to client sites and run a bunch of scripts and send data to some third party firm and found it all rather boring.

I remember some IT guy at one firm moving to a new "security analyst" role and a manager becoming the head of IT security (which was a tiny 2-3 person team), they did some pen testing I believe, not sure if he had any certificates or not but it was an internal move.

It would probably be better if you were to state what you do now and what qualifications you have already... for example it could be pointless someone suggesting an MSc course if you don't have a relevant BSc/BEng etc. Likewise, if you don't actually work in IT right now and have zero experience then your prospects might be rather different to say some networking specialist looking to switch roles.

As above I'm a Compliance Manager responsible for H&S,ISO Accreditations, Fleet Management , I have two a levels in IT, which I did about 10 years ago now, I don't want to go spend time out of work and go to University. Is there anyway into the industry as a junior and what qualifications would be benefitable to do?

 

[malachi]

No my background is in Compliance (H&S, ISO's, Fleet Management)


As above I'm a Compliance Manager responsible for H&S,ISO Accreditations, Fleet Management , I have two a levels in IT, which I did about 10 years ago now, I don't want to go spend time out of work and go to University. Is there anyway into the industry as a junior and what qualifications would be benefitable to do?

I dont work in cyber security at the moment but I do taking part in security projects in my job and I have a few cyber security certs.

As cyber security is so broad such as defence, ethical hacking, on-prem, cloud security, etc. You need to decide where you want to be.

Understand the basics of security and get a certification such as Comptia Sec+ (doesn't seem useful in the UK) or Cisco Certified CyberOps Associate, maybe even an cloud security cert such as the Microsoft Security, Compliance, and Identity Fundamentals (SC-900). The CyberOps Associate covers abit more than just cyber security but an overall picture such as networking, DevOps, info sec etc. You can buy the materials, take the exam and see from there. Self study in your spare time, dont bother attending courses or anything.

CISSP is more for information management than cyber security and there is an requirement for taking the exam which is an high level.

Work on a few projects off the internet https://www.techapprise.com/cybersecurity/hacking-learning-websites/ and build a portfolio. Combined with an basic cyber security cert, this will help you get your foot in the door which you start applying for jobs.

Keep in mind, some JD's have crazy requirements, even for juniors. Ignore them.

 

[Bounce]

I dont work in cyber security at the moment but I do taking part in security projects in my job and I have a few cyber security certs.

As cyber security is so broad such as defence, ethical hacking, on-prem, cloud security, etc. You need to decide where you want to be.

Understand the basics of security and get a certification such as Comptia Sec+ (doesn't seem useful in the UK) or Cisco Certified CyberOps Associate, maybe even an cloud security cert such as the Microsoft Security, Compliance, and Identity Fundamentals (SC-900). The CyberOps Associate covers abit more than just cyber security but an overall picture such as networking, DevOps, info sec etc. You can buy the materials, take the exam and see from there. Self study in your spare time, dont bother attending courses or anything.

CISSP is more for information management than cyber security and there is an requirement for taking the exam which is an high level.

Work on a few projects off the internet https://www.techapprise.com/cybersecurity/hacking-learning-websites/ and build a portfolio. Combined with an basic cyber security cert, this will help you get your foot in the door which you start applying for jobs.

Keep in mind, some JD's have crazy requirements, even for juniors. Ignore them.

Thanks Malachi, so first off best going on a The CyberOps Associate course? , and go from there.

 

[malachi]

Thanks Malachi, so first off best going on a The CyberOps Associate course? , and go from there.

Yeah, buy the official guide here https://www.amazon.co.uk/CyberOps-A...6645928&sprefix=cisco+cyb,aps,76&sr=8-1-fkmr1 and take the exam. Then see how you go from there.

 

[ultralaser]

Yes I work in cyber security and have done for around 15 years. Depending on role it'll be quite a challenge from your current background if you want to go into a technical role. If you're looking for a like for like role, I.e. compliance in the cyber security field that might be more accessible and there's plenty around. From your background I'd be tempted to look for a civil service role, they normally are pretty good at offering training and use that to get some qualifications, to get in the door something like CEH might be enough just to demonstrate interest in cyber security (though I'd never recommend it in general if you decide to go a more technical route).

 

[Zefan]

Cisco Certified CyberOps Associate

Expired cyber ops associate here o/

DYOR of course but from my experience the CySA+ is more recognised, even in the UK, which is weird as Comptia is usually less recognised over here. I did the Cisco cert because I got free materials and exam fees through some scholarship while I was in the military. At the time CySA+ and Cisco Cyber Ops were both really quite new so it was a coin toss as to which would be more recognised.

Also worth mentioning is what these certs actually test for, which is very much SOC jobs, which is only a small part of the IT security landscape. Of course they do cover a bit more of a broad area than that, but at least a few years ago they were definitely supposed to be for SOC workers.

I'd do Sec+ first to give myself a broad (almost too broad) awareness of what elements make up the security world and go from there. The value will be more in your own awareness rather than the recognition of the cert itself, which - as malachi says - is more recognised in the USA, although that doesn't mean it isn't recognised at all here. The reason it's more recognised in the USA is - in my view - down to the fact that it's generally known as the easiest way to comply with DoD 8570, which details qualification requirements for US defence contractors.

P.S Know that "security" is about as broad as IT itself, in that there are always specialisations within specialisations within specialisations. It's basically a mandelbrot fractal all the way down

 

[Ev0]

I've done a fair few types of role within security over the years, pen tester, analyst, compliance monkey etc, I'd echo the comments that Sec+ is a good broad overview for people who are starting out.

If already working in compliance type roles then a move into security compliance might make sense to start with, there's things like ISO27001 if you like playing in that space.

Certification wise, again if coming into the field focusing on the compliance side (you can then use the knowledge you build there to pivot into other areas if you wanted) then maybe look at working towards thigns such as the CISA certification (https://www.isaca.org/credentialing/cisa). Not something you'd go for right away, but to work towards.

 

[NickK]

Yes I work in cyber security and have done for around 15 years. Depending on role it'll be quite a challenge from your current background if you want to go into a technical role. If you're looking for a like for like role, I.e. compliance in the cyber security field that might be more accessible and there's plenty around. From your background I'd be tempted to look for a civil service role, they normally are pretty good at offering training and use that to get some qualifications, to get in the door something like CEH might be enough just to demonstrate interest in cyber security (though I'd never recommend it in general if you decide to go a more technical route).

Information (quantum) science is worth if you have the option.

 

[thefunkygibbon]

hi, I work in cyber and have done for the last nearly 20 years. back then it was pretty niche, i had (and tbh still don't) have any qualifications. I've not worked in end user stuff, but for resellers and now vendors. They don't seem to care as much (but maybe its experience that makes up for it). Personally I'd suggest picking a sub genre of cyber and focus on that, take the relevant qualifications for that, for example, network security, learn up on the likes of Check Point and its products, or end point, learn about Crowdstrike. But obviously get a decent grounding in networking to start with if you haven't already. security+ could be a good one to start with. CISSP is a beast but i've rarely come across any jobs that NEED it, but as I say, not worked end user... that may be something that they ask for. happy to answer any questions you have

 

[ivrytwr3]

hi, I work in cyber and have done for the last nearly 20 years. back then it was pretty niche, i had (and tbh still don't) have any qualifications. I've not worked in end user stuff, but for resellers and now vendors. They don't seem to care as much (but maybe its experience that makes up for it). Personally I'd suggest picking a sub genre of cyber and focus on that, take the relevant qualifications for that, for example, network security, learn up on the likes of Check Point and its products, or end point, learn about Crowdstrike. But obviously get a decent grounding in networking to start with if you haven't already. security+ could be a good one to start with. CISSP is a beast but i've rarely come across any jobs that NEED it, but as I say, not worked end user... that may be something that they ask for. happy to answer any questions you have

Why just Crowdstrike? There a loads of EDRs and NetMon tools.

We actually removed Crowdstrike recently and Splunk seems to have fallen out of favour - I'm looking at Tanium atm.

 

[thefunkygibbon]

Was an example mate. Personally never used any modern EDR product as its not my area of expertise. Other EDRs are available

 

[illuz]

What area do you wish to go into is the big question?

- networking
- analysing (soc)
- architecture
- pentesting
Etc etc

Then each will have subsections etc.

I’m a senior consultant for a firm performing offensive assessments for companies, primarily network based but I cut my teeth young on websites.

If you want to get into offensive security, get programming, python is a decent start. That knowledge will take you very far (handling files, sockets, data manipulation etc). Learn Linux and a bit of bash (sed, awk, grep etc etc).

Don’t bother with CEH, you’ll get laughed at in the industry. Knowledge trumps certs in this field and if you’re capable, at least in testing, it’ll show in the interview.

 

[illuz]

Why just Crowdstrike? There a loads of EDRs and NetMon tools.

We actually removed Crowdstrike recently and Splunk seems to have fallen out of favour - I'm looking at Tanium atm.

CrowdStrike and Cortex give us offensive guys headaches I can attest to them both, we have to be really careful what we do when we encounter them as they alert up the wazzoo whenever we try different injection techniques / process manipulation stuff.

Secondly the best one is probably a properly set up defender for endpoint, think it was called ATP, they’ve changed its name few times. That’s a damn nightmare and will lock accounts down if they’re used out of typical business use.

 

[jon86]

I work in the cybersecurity field and help to architect and build the systems that my employer builds and sells. As someone who is paid to build defenses into our systems, it's great to see the overall tech industry moving towards more secure systems by design and default.

For a SaaS system, things like hardware-based multi-factor authentication/authorisation with TPM (server) and WebAuthn/FIDO (end-user) via hardware keys like Yubikeys, multi-party authorisation, least privilege access, ephemeral credentials for break-glass scenarios, kernel hardening, default egress blocking, DNS redirection/confinement, read-only filesystems, scratch containers, plus XDR, SIEM, and endpoint protection, are all sensible things to put in place that help to create strong defense-in-depth.

 

[Ev0]

and Splunk seems to have fallen out of favour

Always nice to see the competition falling out of favour

 

[gazref]

No my background is in Compliance (H&S, ISO's, Fleet Management)


As above I'm a Compliance Manager responsible for H&S,ISO Accreditations, Fleet Management , I have two a levels in IT, which I did about 10 years ago now, I don't want to go spend time out of work and go to University. Is there anyway into the industry as a junior and what qualifications would be benefitable to do?

Tech side as an analyst is easiest to break into with an it background but I don't think that naturally fits your skill set. If you had tech I'd say do 6 months experience somewhere would play better than no experience with a cert.

Governance, risk and compliance space requires less technical skill but there's not as many roles so I don't think it's as easy to get in the door without a cert. Maybe a popular vulnerability management tool cert will allow you to pivot over. Job role would look like: Perform discovery scans on said tool and document/catalogue what software and version is running on your network. In the event a vulnerability is disclosed Id the risks to stakeholders and organise with service owners what they need to patch and how quickly. It's more managementy and organisation based but over time will give you enough exposure of cyber to move around to other areas.

Just my initial thoughts