How to become a Cyber Security specialist?

[Actual_Criminal]

I work within the finance industry, but there has been a huge demand the last 2-3 years in my industry for people with Cyber security knowledge. My job is quite unique in a way, as you have the base role and then can pair it with another industry to focus on a particular market and become a valuable asset in that area. 

 

Some other examples include:

-Finance + Aviation

-Finance + Marine

-Finance + Engineering

-Finance + Space

-Finance + Accounting

 

etc etc, many more with over 100 different industries. 

 

However, Cyber security is the biggest growing area and I'm looking to educate myself in this field and expand my knowledge to gain a better understanding.

 

Specifically, these will be some of the questions I will need to answer in my role.

-How a cyber attack took place?

-What could have been done to prevent it?

-Who's fault is it for the breach? (Software issue / poor I.T security measures / employee error etc)

-The extent of damage the attack caused to the business?

-How to stop it from happening again?

 

So, what can I do/where to start to learn Cyber Security without going to University?

NOTE: The industry requires I just know and understand Cyber Security. I won't be coding / programming / designing software etc. It will only involve understanding the technical aspects and processes of things like DDoS attacks, Malware intrusions, server take downs etc, then performing a theory-only Root Cause Analysis following the attack.

 

Also, are there any true Cyber Security qualifications that are worth getting? (In the UK if possible, or worldwide.) - No gimmick qualifications like 'Sign-up to this 1 day Cyber course to become the next Anonymous member' you see on sites like LinkedIn.

[jaslion]

Coursera would be a nice point to start for a cheap course to introduce. Then you can move from there with course recommendations. Also you get a certificate to prove you completed it. You can speedrun those courses in a weeks time.

[Shimejii]

Quals are only as good as what you need.  i honestly dontt hink learning about cyber security is all that hard, all of it is online, 95% of it on youtube, the rest can be researched. 

[Actual_Criminal]

1 minute ago, jaslion said:

Coursera would be a nice point to start for a cheap course to introduce. Then you can move from there with course recommendations. Also you get a certificate to prove you completed it. You can speedrun those courses in a weeks time.

Yeah, but are the courses essentially a copypasta Wikipedia? I'm happy to complete courses and is what I'm looking for... however, i'm looking for something more down the official routes rather than these mediocre courses so I can gain a better technical understanding. - I.E. in the UK we have Chartered status for certain roles with their own qualifications, i'm just wondering what's the closest thing that Cyber Security would fall under.

 

I agree though those courses will help as a starting point.

[jaslion]

Just now, Actual_Criminal said:

Yeah, but are the courses essentially a copypasta Wikipedia? I'm happy to complete courses and is what I'm looking for... however, i'm looking for something more down the official routes rather than these mediocre courses so I can gain a better technical understanding. - I.E. in the UK we have Chartered status for certain roles with their own qualifications, i'm just wondering what's the closest thing that Cyber Security would fall under.

 

I agree though those courses will help as a starting point.

They are individually made courses that are pretty nice. Also a lot of big tech companies make their own with the intention of you going down their entire course which is pretty great and I personally did learn a fair bit. You can totally cheese the tests and stuff by just googling the answers (I did that just to have a couple certifs for things I was literally working in on the daily just to have a better resume to present) but other things are a lot of knowledge. Can be a bit boring but I put them up on the tv whilst folding laundry and stuff and then read the reading parts after. Then did the test and moved on to the next part.

[DavidKalinowski]

just for reference, I am doing the cybersecurity and information assurance from wgu.edu included in their B.S degree path are these 14 certifications: If you are not interested in the degree path, you can test for any of thoese certs on your own you just have pay for it. (I will say ITIL4 cert was a real pain in the ass for me.) But this list is a good place to start researching.

• Certified Cloud Security Professional (CCSP) – Associate of (ISC)² designation
• Systems Security Certified Practitioner (SSCP) – Associate of (ISC)² designation
• A+ (CompTIA)
• Cybersecurity Analyst Certification, CySA+ (CompTIA)
• Network+ (CompTIA)
• Network Vulnerability Assessment Professional (CompTIA)
• Network Security Professional (CompTIA)
• Security Analytics Professional (CompTIA)
• Security+ (CompTIA)
• Project+ (CompTIA)
• PenTest+ (CompTIA)
• IT Operations Specialist (CompTIA)
• Secure Infrastructure Specialist (CompTIA)
• ITIL®¹ Foundation

[cmndr]

My girlfriend had a job as an office manager in the legal industry. COVID hit and the courts closed. She lost her job.

She got a PMP and did a temporary consulting gig at a subsidiary of Denon - so sorta techy where she did basically everything that wasn't coding for the department. She eventually got a referral to a mid-sized company that does fin-tech stuff. She was rejected for the project manager role she applied to but ended up being told to apply to an info-sec role that was about to open up...

So she's now in infosec. Minimal relevant experience, but plenty of things to signal aptitude (working with people, handling a wide range of projects, a degree from a top university, a referral, a relatively hard to get cert, etc.)

 

[jauxan]

On 3/7/2022 at 12:37 PM, Actual_Criminal said:

I work within the finance industry, but there has been a huge demand the last 2-3 years in my industry for people with Cyber security knowledge. My job is quite unique in a way, as you have the base role and then can pair it with another industry to focus on a particular market and become a valuable asset in that area. 

 

Some other examples include:

-Finance + Aviation

-Finance + Marine

-Finance + Engineering

-Finance + Space

-Finance + Accounting

 

etc etc, many more with over 100 different industries. 

 

However, Cyber security is the biggest growing area and I'm looking to educate myself in this field and expand my knowledge to gain a better understanding.

 

Specifically, these will be some of the questions I will need to answer in my role.

-How a cyber attack took place?

-What could have been done to prevent it?

-Who's fault is it for the breach? (Software issue / poor I.T security measures / employee error etc)

-The extent of damage the attack caused to the business?

-How to stop it from happening again?

 

So, what can I do/where to start to learn Cyber Security without going to University?

NOTE: The industry requires I just know and understand Cyber Security. I won't be coding / programming / designing software etc. It will only involve understanding the technical aspects and processes of things like DDoS attacks, Malware intrusions, server take downs etc, then performing a theory-only Root Cause Analysis following the attack.

 

Also, are there any true Cyber Security qualifications that are worth getting? (In the UK if possible, or worldwide.) - No gimmick qualifications like 'Sign-up to this 1 day Cyber course to become the next Anonymous member' you see on sites like LinkedIn.

Check free cybersecurity courses on Cisco netacad or Fortinet Academy.

They are ""basic"" but you will learn lots of things.

[wseaton]

Cyber Security degrees are becoming a Meme. Only MSPs hire people with Cyber Certs and nothing else. Don't expect to get paid much or get much respect.

 

Without a BA in computer science, or some serious certs behind your name with some core layer 7 cloud like Azure or AWS or infrastructure engineering the Cyber Cert is barely worth more than a HS diploma.

 

Training and learning is always good, but cyber certs under a specific vendor are only for training with their product.  Cisco wants you to use their products, Fortigate, etc. 

 

Cisco VOIP systems are the #1 hacked infrastructure product in my experience, so it's a bit ironic anybody with a Cisco badge teaches anything about cyber security.

 

Used to be MCSE's were a thing, but then hiring managers realized bored housewives who never set up a server were getting the certs and getting interviews. Same with cyber security. Until you've scrubbed half a dozen ransomware attacks I fail to see what the cert delivers. 

[Echothedolpin]

3 hours ago, wseaton said:

Cyber Security degrees are becoming a Meme. Only MSPs hire people with Cyber Certs and nothing else. Don't expect to get paid much or get much respect.

 

Without a BA in computer science, or some serious certs behind your name with some core layer 7 cloud like Azure or AWS or infrastructure engineering the Cyber Cert is barely worth more than a HS diploma.

 

Training and learning is always good, but cyber certs under a specific vendor are only for training with their product.  Cisco wants you to use their products, Fortigate, etc. 

 

Cisco VOIP systems are the #1 hacked infrastructure product in my experience, so it's a bit ironic anybody with a Cisco badge teaches anything about cyber security.

 

Used to be MCSE's were a thing, but then hiring managers realized bored housewives who never set up a server were getting the certs and getting interviews. Same with cyber security. Until you've scrubbed half a dozen ransomware attacks I fail to see what the cert delivers. 

The greatest cybersecurity defense is training employees, contractors, and even guest users of corporate networks.  The best way to provide this is with trainers who have some technical knowledge or skill and the ability teach good practices to the average user.
 

I’m not saying your wrong! incident response teams and network engineers need highly technically skilled and certified personnel. But the best way to solve an incident is before it happens by training the weakest link.

[laingsoft]

I have a bachelor's in CS from the University of Alberta and I'm currently working on the Georgia Tech online masters of cybersecurity. Some of the really low level information just isn't available anywhere else on the internet. In many cases when you are looking for things like IND-CCA arguments there's only a handful of sources and most of them end up actually being connected to the same ring of professors. 

 

Some of the concepts are also pretty difficult to grapple with, I'm not saying that you couldn't learn it on your own, but it would certainly be extremely difficult unless it happens to just click. 

 

Cybersecurity in general is pretty broad and interdisciplinary. There's part of it that has to do with the actual hands on implementation of certain cryptography schemes. There's another part of it that has to do with system integration, making things work together. There's policy and procedures that intersect with law and legal departments. The best source for each of these is going to be industry periodicals and actually trying things out. 

 

For me, honestly doing formal schooling gave me a lot more access to good information than I've been able to find online. Not to mention the signal/noise ratio of good security info vs some dude selling courses is really poor.