Overview Of Cybersecurity
Cybersecurity is more of a buzzword to many these days. When you really sit down to try to learn Cybersecurity, you may find out that it has a lot to do with a collection of skills rather than just a single skill. Some of these skills you may have not even thought of, even the non-technical skill is a requirement. If you are in the process of trying to get started, this article will share some thoughts or insights that will make the process easier for you.
A career in Cybersecurity? It could be one of the most exciting tech jobs out there for you. This article highlights some of the things you need to learn and understand in order to get the appropriate expertise for a cybersecurity job. It gives a brief overview of the vast opportunities that abound within the cybersecurity niche. It is worth mentioning that Cybersecurity is often not a single competence but a collection of skills and expertise that may cut across both technical and non-technical aspects.
Meaning of Cybersecurity
Cybersecurity is the process of protecting Systems, Networks, and programs from digital attacks or unauthorized access. It involves a collection of techniques that are employed to secure your device from authorized access. It can be just protecting your mobile devices such as your phones/tablets or much more complex deployments like the Networks and programs that support the critical infrastructure for businesses. In a world where information or data is priceless, any unauthorized access to private information can prove to be very expensive from either financial or reputational standpoint
The goal of Cybersecurity is to prevent any unauthorized access to private or confidential information. A good implementation of Cybersecurity will achieve Confidentiality, Integrity, and Availability. Confidentiality means that data is only accessible by authorized persons, Integrity means that the data has not been tampered with or modified in the process of transmission, and Availability means the data is available for use. The unauthorized access is usually from a hacker whose goal is to target any of these processes in order to exploit it.
There are currently over 3.5 million cybersecurity jobs that are yet to be filled. This figure is from 1 million unfilled openings in 2014. The upward job trend is expected to continue well into the next decade. In the US, about a million cybersecurity jobs are available, with only about half of those being filled(According to the National Initiative for Cybersecurity Education). Information Security is listed as one of the top 10 jobs in Tech for 2023. It is expected to increase by 28% all through to 2026 (according to US Bureau of Labour statistics).
Further Data suggests that the demand for Cybersecurity is growing twice as fast as the workforce being generated to fill the available position. The high demand for Cybersecurity skills in recent years has been driven by the fact that we are all interconnected now more than ever and the ever-increasing number of bad actors. Most persons own a smart device, and almost all businesses are supported by the Internet in one way or another, The Internet of Things(IOTs) is increasingly becoming a part of our daily lives. It is certainly a good niche with many career opportunities.
Cybersecurity Hard To Learn?
The learning difficulty for Cybersecurity varies widely depending on a number of factors such as your prior knowledge, background, and the specific sub-niche of Cybersecurity you are interested in. Generally speaking, if you are willing to put in the work, and dedication to learning, Cybersecurity is not hard to learn. There are many persons who have made a career transition even from Non-tech backgrounds to become successful in Cybersecurity. It helps a lot if you follow a well-structured learning approach to Cybersecurity.
As mentioned earlier, some aspects of Cybersecurity will require you to have competence in a wide variety of hard skillsets, each of which may take some considerable time to acquire.
A Structured Learning Approach To Cybersecurity
To learn Cybersecurity, I found out that it is best to follow a structured learning approach to gain expertise. Organize your learning into sections that are easy to manage, rather than trying to learn the entire bulk as a whole. A good course layout for Cybersecurity should be able to offer some guidance for this. For a beginner, I found the following broad layout to be a very helpful approach to learning Cybersecurity;
1. Foundations And Cybersecurity Principles
As a beginner, start with the basics, and learn the terminologies, core principles, and concepts of Cybersecurity. Learn about the security landscape and threat vectors, the concepts of Confidentiality, Integrity, and Availability. often referred to as the CIA triad. Learn about the “AAA” framework of Authentication, Authorization, and Accounting. Other concepts you learn will include
Learn about the process of identifying, assessing, and mitigating potential risks and threats in an organization or system. No system is ever completely free of threats, Risk assessment investigates the likelihood of an attack and the impact such an attack will have on the organization and as such better able to allocate resources to mitigate against it.
Cybersecurity Security Policies and Procedures
Cybersecurity Policy refers to an organization’s plan, usually in the form of a statement, to protect their digital systems. Such policy highlights the company’s cybersecurity objectives, principles, and rules. The highlight lays out what each player is supposed to do to protect the system. Procedure refers to the step-by-step process to carry out the cybersecurity policy. Both Policies and Procedures are worth hand-in-hand, it helps a lot to learn about these concepts earlier on as foundational in your cybersecurity pathway.
Threats are foundational in Cybersecurity, They refer to any potential danger or malicious activity that can cause harm to a device, network, computer systems, data, or digital assets. Understand the different forms in which they manifest, such as phishing attacks, malware hacking attempts, Insider threats, etc.
Vulnerabilities and Exploits
A vulnerability is a flaw or weakness in the system that allows unauthorized access to a system while an exploit refers to the actual process of a hacker getting access or control over the system. Vulnerability and exploits are fundamental concepts in cybersecurity, and learning about them is important in understanding the cybersecurity landscape. A cybersecurity expert works to find a patch for vulnerability and prevents exploits by hackers.
This is the structured approach to how an organization handles a security breach and the process it takes to manage its impact. Incidence response will begin with Detection, then Reporting the potential security incidence, Assessing its severity, and then Containment usually by isolation, and finally Eradication which involves removing the threat or vulnerability.
2. Networking In Cybersecurity
Networking in general deals with how devices communicate or “talk” with each other. In Cybersecurity. it demands an in-depth understanding of Network Security, Firewalls, Intrusion Detection and Intrusion Prevention systems, Access control, Virtual Private Networks (VPN), DNS Security, Network monitoring and logging, etc. It is a whole array of subjects and is an essential hard skill to build a strong foundation in Cybersecurity.
For a beginner, learn about Internet Protocols IPs (IPv4 and IPv6), Mac Addresses, Port Numbers, Different Networking protocols, networking devices such as routers, switches, and hub firewalls, and the role they each play in the communication process. Understand the Server-Client Model of Network communication etc. It is difficult to excel at Cybersecurity if the knowledge of Networking is poor. Any problem in the Networking setup will create a vulnerability.
A hacker’s goal is to intercept and compromise the transfer of data as they communicate with one another. An example of this is the well-known “man-in-middle” attack where a hacker inserts himself between two communicating devices. To gain adequate knowledge of Networking, you may want to consider taking some courses such as the Cisco CCNA (the largest vendor on networking devices), CompTIA Networking+, or other networking courses to get started.
3. Operating Systems – Understand How a Computer Works
An operating is a critical software component that manages the different resources of a computing system. The OS of a computing device plays an important role in how people interact and utilize the capabilities of the system. When starting out in Cybersecurity, learn the basics, and be familiar with common OS such as Linux, MacOS, and Windows OS. Linux is especially useful for Ethical hacking and Penetration Testing.
You should have at least an intermediate understanding of how a computer works, and how the various components -CPU, hard drives, RAM, motherboard, Operating systems, and Applications interact with each other. A “computer” in this sense would mean any device or system that is capable of processing information/data or performing “tasks”. Be it your laptops, tabs, Internet of Things, or Smart devices. These are devices that are the target of a malicious act by hackers. Learn about computers, it will help you learn cybersecurity.
You need to know them a bit beyond the basic level. Your job as a cybersecurity professional will be to protect computers so must know how they work. It helps to be naturally curious to know how the different aspects of a computer work. How you can basically “tear’ things apart and assemble them. This is one of the reasons why the CompTIA Certification can offer some advantages.
4. Cloud Computing And Cybersecurity
Learning about Cloud Platforms is an important component of your Cybersecurity training. Cloud computing has improved the deployment and delivery of IT services to Organizations and has also introduced new sets of security challenges. Cloud is basically you renting someone else’s computing power (Cloud Service Platform) to run your own computing needs. Learn about the shared responsibility model in cloud services, Cloud service and Deployment Model (Infrastructure as a Service, Platform as a Service, Software as a Service), Data protection, Identity and Access Management, Cloud-specific threats, Cloud native security services like AWS WAF (Web Application Firewall), Google Cloud Armour for protecting Web applications,
Although this is not an absolute requirement in all cases, It does help to have some basics of understanding cloud technology. This is because most businesses have moved from “On-Premise” deployment to the “Cloud”. It is important to be aware of the nuances that this brings to the security ecosystem. The more common Cloud Service Providers are Amazon Web Services (AWS), Google Clouds, and Microsoft Azure. They also offer certifications and training for their Cloud Services depending on your area of interests.
5. Security Risks – Emerging Threats
The field of cybersecurity is always evolving, and rapidly, new threat actors are discovered daily. You will constantly need to be aware of the emerging threats and how the industry is dealing with them. Be active in Cybersecurity forums, and communities and subscribe to newsletters that give updates on the industry. You will need to learn to work with others and get updates on the latest developments.
A cybersecurity job entails understanding security risks. There is security risk inherent in all systems, you will need to understand the basic risk you will need to be dealing with. The threats are constantly evolving as technology changes. A great way to begin would be you take some certification studies such as Security + by CompTIA and the Security Systems Certified Practioner (SSCP) by ISC2.
Having at least cognitive knowledge through certification or through other well-structured learning is essential. And then, getting hands-on experience as you progress will make you stand out as a cybersecurity personnel.
I found it very helpful to do some hands-on practice and try building my own cybersecurity projects. This is the best way to reinforce your theoretical knowledge of each concept. Join online contests and participate in quests on hacking channels or communities. Some of the options where you can learn hands-on are on platforms such as those listed below. They have different levels of difficulties, starting from absolute beginners to experts in cybersecurity.
1. Hack The Box
A cybersecurity upskill platform designed to challenge you to learn Cybersecurity hands-on. You can join the academy to start learning Cybersecurity for free. https://www.hackthebox.com/
Get some free Cybersecurity learning platform with hands-on exercises and labs. Makes learning Cybersecurity fun even with by-sized gaming lessons. https://tryhackme.com/
Hands-on learning and Educational materials to learn cybersecurity. It has free online cybersecurity learning resource with an emphasis on practical labs and real-life simulations https://www.cybrary.it/
4.Capture The Flag Challenges (CTF)
Catch the Flag is a competition-based, cybersecurity hands-on learning platform. You learn by finding text strings called flags hidden in vulnerable programs or websites. You rank up by catching a flag. https://ctf101.org/
Soft Skills are ALSO IMPORTANT in Cybersecurity
Soft skills are also important in cybersecurity. It is for effective communication, teamwork cohesion, problem-solving, and ethical conduct, enhancing technical abilities and overall security efforts. You cannot implement a good cybersecurity procedure without including people – including the non-technical staff of an organization. You require Soft skills to achieve this. Learn to work with people, and learn good communication (oral and written communication).
You must also know that people are part of your security design. In fact, you must be aware that they are the weakest links in any security setup. The best technical designs will likely fail if people are not aware of the habits that can break a cyber security setup. It is part of your duty as a Cybersecurity professional to be aware of this and to effectively educate people with less technical skills than you. You must be able to communicate clearly. Your interpersonal skills must be good as a cybersecurity personnel.
Cybersecurity jobs are varied and often require both technical and non-technical skill sets. Some core aspects of the career (technical) will require you to understand how devices (computers) work, How they communicate with each other (Networking), the Security and Risks landscape, Cloud technology (since most deployments are in the cloud), and CyberSecurity Principles. Cybersecurity will also require you to develop your non-technical skills such as communication skills (written and Oral) and interpersonal skills. It takes discipline to learn Cybersecurity.