Getting Started in Cyber
I am often asked how to “get into cyber”. Over the years I have compiled a few things and thought I would share them here. The journey will be different for everyone I am sure. It will depend on motivations and interests.
There are so many different aspects to the cyber . For the purposes of this post I will try to be as generic as possible in an effort to help as many readers. As always, I welcome feedback.
Training/education:
ISACA is an industry body (not for profit) that has been around for ever. It was born out of Audit and Assurance functions and has expanded into Cyber. A good place to start would be the Security Fundamentals. Cyber Security Fundamentals.
If you are serious, then you can work toward be identified as an Information Security Professional. Certified Information Security Professional and Certified Information Security Manager.
I do rate these courses as there is a significant effort in obtaining and keeping them. Both are not terribly deep in security but are a million miles wide and touch a lot of topics.
Having said all that, in my opinion to start your journey on actually ADDING VALUE to any prospective employer I do recommend SABSA. Yes, it says Architecture, but I feel the deeper learning is that Security is there for the business. SABSA It is also a great course for old school security folks that need to change the way they work, and focus on driving benefits of security rather than being the “no” people.
Universities have finally come to the party and started to offer courses in recent years. Search for your favourite, UNSW has one that looks appealing – Computing and Cyber Security.
Lastly, I feel that these days an understanding of Cloud is a must – for that I would look for the Cloud Security Alliance and the CCSK.
Groups:
Working toward a certification is great, I feel that there is much to learn from others. There are so many blogs and groups, I won’t go near blogs (there are just too many to follow) but if you want to actually get out and listen to a person speak, there are groups. Look for the chapter meetings with these groups:
ISACA, AISA, CYBER MEETUP and (if you can get an invite) BEERSCAM.
Conferences:
Of course there are conferences too. CeBIT is on annually and is free for the most part. AISA conference (called CyberCon) is reasonably priced and usually puts on good content, as does ACSC. If you can afford it, there is also Gartner.
Other important things:
Sure, you could have a read of ISO2700, but I think if you really want to get into Cyber, start messing with your own computer as much as you possibly can. Play with your security software, create some projects, mess with some tools on GRC.com and go and talk to your company Security team – they will delighted to hear from you.