Cybersecurity

Magus`

I am currently working on getting a degree in cybersecurity. Have only done some of the basics so far.

I've been working with computers (almost entirely Windows based) casually for over two decades so not all of this is super new.

My biggest concern is being able to certify and actually utilize the knowledge I'm getting. I am not having too hard a time understanding what I'm seeing (on some level) but I worry how well I'll retain it. It's like a second language or math, if I'm not using it, I'm losing it.

Are there any suggestions on how I can ingrain stuff more and what kind of expectations would I have for a job? I worry I won't be hired because I won't have years of network/security experience compared to other folks. I'm a very quick learner, but I want to give myself the best chances.

Athenor

Having worked in IT for a very long time... the only way I actually internalize things is to do it. Tinkering, adjusting, putting things into practice... It makes a huge difference. If you don't actually do things, and don't do them frequently, things will fade.

We live in a world where it is incredibly easy to lease some cloud compute space from Microsoft, Amazon, Google, or a ton of different providers. Do that, get some virtual infrastructure spooled up, and play around with it. Constrain yourself to access via CLI if you want to learn that. Play around with automation. Build on what you know and what sounds fun.

The best recommendation I've ever heard to build a bot. It doesn't have to be from scratch, but if you do things like twitch streaming or have smart devices in your house, program a bot to interact with them. It helps figure out the basics, especially around things like security.


Finally: As someone who works in a university, look into the IT department of your university. They are likely starving for student workers, especially cybersecurity folks. It's a wonderful thing to put on your resume, and it will get you that real-world experience. And it is also VERY likely they can get you the above resources for free or discounted -- there's nothing megacorps like to do more than get students hooked on their ecosystem early, and they'll give away the whole stack for free to accomplish that. Our university offers the complete Adobe creative cloud, Office 365, and Splunk for our students, for example.

Magus`

I've already got a 40 hour a week job so it'd be hard to work on campus, but I agree that I should definitely start to engage in stuff.

The hardest part is to know where to start, though you've definitely given me some ideas!

Athenor

Magus` wrote: »

I've already got a 40 hour a week job so it'd be hard to work on campus, but I agree that I should definitely start to engage in stuff.

The hardest part is to know where to start, though you've definitely given me some ideas!

Ask your professors. They should have a pretty good feel about the options you have.

Radiation

I also found listening to a cyber focused podcast helped me not get blinders on. I highly recommend Risky.biz and I've listened to Black Hills information Security a few times.

It depends on what you want to do. Might be worth just throwing a scanner on your home network and working with that. Nessus is free and used in a lot of IT shops. Scan your home network to see what's there, and patch as appropriate. Setting up a lab and doing a bunch of stuff can be harder especially if you're resource constrained, but is worthwhile. Setting up something small to work a bit on it is a lot easier to work on/towards.

Feral

Set up a home lab. Get a spare computer and stuff it with a bunch of RAM. Install VMware ESXi, Microsoft Hyper-V, or KVM on it. Load up some VMs with different OSes.

Put Kali Linux on one of the VMs, or set up your laptop to dualboot Kali.

Then try to penetrate your own lab. Randomize some passwords in the server VMs, and see if you can recover those passwords or impersonate those accounts. Try to get an executable running on a server, starting with a user with limited rights.

Then change teams. Try to shore up your lab against the attacks you used.

Run vulnerability scans like Nessus against your own lab.

Review some of the major cybersecurity guidelines, like the NIST Cybersecurity Framework or the FFEIC Cybersecurity guidelines, and compare them to your home lab. Try to implement those guidances in your lab.

Magus`

That may not be doable given the amount of space I don't have.

I'll speak to my professor. Knowing where to start is the hardest for me.

Feral

Magus` wrote: »

That may not be doable given the amount of space I don't have.

I'll speak to my professor. Knowing where to start is the hardest for me.

Then sign up for a cloud computing service. Amazon has a free tier.

(Though a single computer doesn't take up much space.)

Magus`

Of course. I'll see what I can do

Zilla360

Watch 'Mr. Robot'. Every season of it.

Pen-testing your own LAN is also a very good tip.

Get the Raspberry Pi Zero 2 W and hack it, then keep hacking it. Build something with it.

discrider

Get paid.

I got hired because I played https://store.steampowered.com/app/469920/hackmud/
Admittedly that took me to the bad place (pre-Covid lockdown training) before it got me to the good place.
But then having the job got me the training.

So I would just say, apply for jobs you're interested in, because you might get them.

(And home labs are work-as-passion nonsense that I object to fundamentally)
(Not that avoiding such things may be possible in America, but still)