source : images.hdqwalls.com
INTRODUCTION :
In the era of technological advancement of the 21st century, lots and lots of developers are there contributing towards the IT industry, developing new software and deploying them. But have you ever given a thought on how such applications operate securely? As our global economy has led to more internet-based computing and connectivity around the world, organizations have grown even more vulnerable to cyber threats. In such a grave situation, knowledge on cybersecurity is of utmost importance. But the main problem is that people don't know where to begin. So, in this article, a proper pathway has been discussed on how to begin your career in cybersecurity.
WHAT IS CYBER-SECURITY :
Now what is Cybersecurity? It is the practice of defending computers, servers, mobile devices and electronic systems. It is also defined as the protection of computer networks and data from information disclosure, theft of or damage to their hardware, software, or electronic data. Cybersecurity is also known
as information technology security or electronic information security.
PRE-REQUISITES TO CYBER-SECURITY :
Before anyone begins with cyber security, one must have a very good concept on networking. It is absolutely necessary to know how devices communicate with each other over the internet. One must have a very deep understanding of the TCP/IP model and the OSI model. It teaches the basic knowledge on networking. If you have got a great grasp over it, the next thing to learn is the operating system used in cyber security. Linux is the most preferable OS which is used in this field, particularly Kali Linux. It is a Debian based OS which is a distribution of Linux. There are also other operating systems used in this field such as Parrot OS, Blackbox etc., but the most popular one is Kali Linux.
You must master the commands and command line interface of this OS. It is the basic requirement to interact with this OS since you will be using the command line interface more as compared to the graphical user interface.
CATEGORIES OF CYBER-SECURITY:
OFFENSIVE CYBER-SECURITY :
Now cybersecurity is divided into two categories, offensive and defensive. If you want to pursue your career in offensive cybersecurity, you have to follow this path. You must start with learning how to enumerate and gather information on how any of the services or software operates, what tools can be used to enumerate them and how to detect a flaw in the system through that information gathered. Once you have discovered the vulnerabilities, now it’s the time to identify the proper attack vectors and attack surfaces. You also have to know what type of access you can gain to the system as well as what type of information you can retrieve. You must also be aware of what type of damage it can cause to the services and furthermore to the entire system. You can also test your skills on platforms such as Vulnhub and HackTheBox. Once you have mastered this, it’s time to test your knowledge. There are several exams out there to test your skills but, in this article, I will discuss the most popular ones. OSCP or Offensive Security Certified Professional is one of the most popular exams in this field. It’s a forty-eight -hour duration exam where you have to gain administrative access to five virtual machines and you also have to submit a report. Other exams are CEH or Certified Ethical Hacker, CCNA or Cisco Certified CyberOps Associate, CompTIA Security+, ECSA or EC Council Certified Security Analyst, and lots more. Note that all these exams are for beginner’s level.
DEFENSIVE CYBER-SECURITY :
If you want to learn cybersecurity from a defensive approach, one should start with learning the CIA triad. Its stands for Confidentiality, Integrity and Availability. This is a model designed to guide policies for information security within an organisation. Next thing to learn is the different types of threat within a system, how malicious software, malware, trojan, spyware, botnets, rootkit logic bombs etc can destroy the security on this system and gain higher level access. Defensive field includes network security, system security, architecture security and lots of other fields of security. There are many options in your hand. You have to learn according to what you want to pursue as your career. Now it's time to test your knowledge. In terms of examination there is not much difference from the offensive one except it would be better if you give the theoretical based exams for defensive career in cybersecurity. Few of the notables are CISSP or Certified Information Systems Security Professional, CISA or Certified Information Systems Auditor, SSCP or System Security Certified Professional etc.,. it will boost your confidence as well as increase your knowledge.
TOOLS USED IN CYBER-SECURITY :
There are plenty of open-source and paid tools available in the market you can use to reinforce your security. Enlisted below are the top 14 cyber security tools.
1. Wireshark
2. Kali Linux
3. John the Ripper
4. Metasploit
5. Tcpdump
6. Nikto
7. Nmap
8. Nessus
9. Nexpose
10. Aircrack-ng
11. BurpSuit
12. Tor
13. OSSEC
14. Snort IDS
ROLES AS CYBER-SECURITY PROFESSIOAL :
Various paths are available to achieve a job as a cybersecurity professional. To begin, one must start with an entry-level job in the field and equip themselves with adequate training and knowledge for attaining different levels of progress. The following are the various job roles to begin a career in cybersecurity -
Security Architect
The Security Architect takes care of planning, implementing, and testing security systems. They are responsible for protecting the data from hackers, malware, and DDoS attacks. Since this is a senior-level position, adequate training with certification will be expected.
Security Consultant
The Security Consultant is a flexible and tech-savvy person who protects the organization’s data and capital. They understand and analyze various security systems in all fields. Adequate training for determining the different tests, like vulnerability, to protect the computer, network, and data is expected.
Penetration Tester
A Penetration Tester finds the weakness and loopholes in the system that hackers can use. They are also called Ethical Hackers. They have a range of tools to test the network, web application, or product. They also document the research and findings to be helpful in the future. Training on practical applications of usage of tools is necessary.
Chief Information Security Officer (CISO)
This is an advanced-level job for which you will be required to handle a Security Officers team. You have the power to create your own security measure. You will also be required to collaborate with other stakeholders in determining the security of the system since this is an advanced role. There is an absolute necessity for proper training and certification.
Cryptographer
Cryptographers are security system professionals who are responsible for writing a code that hackers can’t crack. It is a mid-senior-level job that you will enjoy if you love coding. You ought to have a deep understanding and knowledge on the hashing and encoding algorithms.
Security Analyst
As a Security Analyst, you will be required to plan and execute various security measures. You analyze and document the security of the system and find the areas that are prone to attacks. This is an entry-level job if you aspire to become a cybersecurity professional.
Security Engineer
A Security Engineer is responsible for rebuilding the security system for the organization. They build the necessary arrangements to safeguard the system. This is an entry-level job if you aspire to become a cybersecurity professional.
CONCLUSION :
After reading upto this , the first question that arises is “What are the job and salary opportunities for cybersecurity?”. In a developing country such as India, the cyber security professionals are in short supply. However, NASSCOM reported that India alone would need 1 million cyber security professionals by 2021. The recent overwhelming need for cyber security is the result of Digital India and Demonetization, General Data Protection Regulation and Aftermath of WannaCry
Ransomware. Despite having the largest IT talent pool in the world,India simply lacks skilled cyber security professionals. In fact, the need for experienced professionals is so high that companies are willing to pay a premium salary of over Rs 1.5 to 4 crore to top talent. In a nutshell, as organizations across a wide range of different industries are actively recruiting cyber security professionals, the job demand will only go up. The challenge is to meet that demand by making sure people are getting trained for these critical security roles. And once they are trained, exciting and well-paying jobs await! Hope this article helps new students entering in to this field.
Source : ak.picdn.net