Cracking the Code: Cybersecurity Expertise from Scratch

Cybersecurity is one of the fastest growing industries in the world. As the expansion of technology appears increasingly more effervescent, the need to protect the data, processes, and technological components of those evolutions becomes increasingly pertinent.  Cyber professionals are a well sought after group of individuals and finding experts in this field is becoming increasingly difficult, considering the magnitude of certifications, pipeline courses, and degrees in tech theory; those things alone may not lead to you being a trusted source of expertise in cybersecurity.  Crest Security Assurance had its foundations during the infancy of cybersecurity as a field. Educational resources were limited. Courses were most likely only offered in major cities, (employees have had to drive 3 hours out of the way for training in the past) and because of the novelty of the industry, self-guided training programs were essentially nonexistent.  We have not only had to find, but train cybersecurity professionals to become experts at their craft, know exactly what vulnerabilities to look for, how to mitigate those vulnerabilities, and complete each task with a swiftness and efficiency to establish credibility for our business. It is because of this past experience and continuous growth in the cyber field, we’ve put together a comprehensive guide of a few things that will get you started on becoming a desirable and knowledgeable candidate in today’s cyber industry. 

Where to even start?

With the amount of resources available for cybersecurity training, it can be difficult to even figure out where the best places to start are. Will these certifications and training aid me in my field? Which one is the best? How much time do I have to invest to really become an asset to my field?

These may be some questions you're asking yourself…

Well the first place you're going to want to start isn't actually in the SECURITY area of cyber, it's in the fundamentals of how computers work in general.

The components of a computer, the way they function in unison to make the computer behave as it should, and the software that go along with the computing processes are crucial before taking the steps of securing these computer systems. 

Understanding how the Random Access Memory (RAM), Processors, Hard Drive, and other critical hardware function and connect to the Motherboard is essential. Identifying not only how each piece functions in isolation, but as a collective unit  is foundational before even considering learning security practices.

Understanding standard and commonly used software programs in computers is also imperative to this learning process; software such as Windows, Linux, Unix, macOS are operating systems for various computing systems. Not only should you understand their functions separately, but how they work with the hardware to manage computer functions and memory processes. 

This requires individual research; hours upon hours of reading, taking apart computers and identifying hardware, using simulations and pictures to understand the connections between hardware components and operating systems alike. It is quite a heavy research and learning period, but IT and Cyber Professionals are always learning. This may be the beginning of that journey, but constant research is just a part of the job description.

Coding is key…

In order to secure computers, you have to speak their language.  Every computer is different, but with key elements that will help you recognize those vulnerabilities and common commands when you eventually become a cyber professional. Languages like Java, Python, JavaScript, PowerShell and others will help you acclimate to various computing systems, understand how the movement of data presents, and develop the knowledge to demand tasks of the computing system. Calculations, data transfer, program building all aid the understanding of the function of computer systems as a whole. 

Create your lab…

Now that you've had a little practice with the exterior and interior basics of a computing system, it is time to start working with a virtual lab environment. VMware Workstation Player is a great tool to get this part of your education started.  With these virtual servers you can begin to connect external machines and computing systems, and learn the specifics of how to secure specific operating systems. Essentially it's the ultimate training tool for beginners in the cybersecurity field.  You can make real-life mistakes, play around with different security mechanisms, and learn the ins and outs of maneuvering computers to your will without the real-life consequences. It's the cybersecurity version of practicing CPR on a dummy.  Each misstep you learn from ensures you don’t make them in high stakes, lucrative positions.

How do I train though?

Well it is a lot simpler to learn these standards of computing systems through institutional offered courses, training programs, and certifications; however, it is fully possible to learn all the fundamentals with the vast scope of YouTube videos, blog posts, forums, free courses, books, and websites that proved information on these very subjects. Digging with tenacity and focus can lead you to quite a few resources that even thousand dollar courses cannot offer.  It's all about the resources you already have to work with, your financial position, and your aptitude for hard work.  Both the institutional and self-guided educational paths require vehement practice on your own time.  10,00 hours, as they say, make you an expert at your craft.

Certifications VS Degrees

In most cybersecurity positions, a combination of both college education and cybersecurity certifications are going to make you a competitive candidate for hire. They each offer their own benefits to you and give a direct message to the employer about your assets, but is one more valuable than the other?

Degrees…

Getting a degree from a university/college is always helpful. Most of the time, the most helpful degrees in the cyber industry are going to be in computer science, software engineering, computer programming, IT management, and pretty much anything that has to do with the creation, administration, or management of computer systems.  This is not always a green flag to an employer that you will be competent when performing actual security measures though. A degree is more of a signal that:

1. You have a background in computers

2. You have the tenacity to stick to a task, an aptitude for complex learning and understanding theory

3. The ability to communicate effectively through written composition

Now a degree in computer related topics is not the signifier you are going to be a desirable cybersecurity professional. A degree in English, politics, and a plethora of liberal arts/ STEM degrees are just as likely to result in competent cyber professionals with the right secondary educational practices. A degree is really the best way to tell employers, I’m dedicated, intelligent, and can communicate your ideas effectively on paper.

Certifications…

Certifications are going to be the more prominent aspect of your education in the cybersecurity field, simply because the work and testing that goes into certs is more closely aligned with the practical work you would be doing in the field. Many of the examinations require demonstration of actual security measures, and the materials you learn are more closely related to how to execute said security measures in different environments for a multiplicity of vulnerabilities. The ISSO, CISSP, and Offensive Security Certified Professional (OSCP) Certification are just a few of the most common (and most helpful) certifications that can make you more competitive in the cybersecurity industry. The OSCP is a cert that is specifically helpful, as the content, and exam is dense, strenuous, and time consuming, making it complicated and demonstrative of your aptitude to be a cyber expert. Certifications alone are not a signifier of solid cybersecurity understanding, you may have the skills to complete the exams based on the content you have learned, but do you know the basics? Have you worked on your own time to learn all the components of a computer? Can you communicate your procedures and findings eloquently to those that have no previous cyber knowledge?

You can be successful with one or the other if you are brilliant and dedicated to your craft, but as a precaution and solidification, it's best to gain both a degree and various certifications to make yourself stand out in an increasingly competitive industry. 

If you're looking for a bit of insight into the minds of employers, Crest can offer a few aspects of what we believe a qualified cybersecurity expert would look like…

1. Experience with security assessments, penetration testing, reverse engineering, cyber threat hunting, phishing, and common skills needed to practice cybersecurity.

2. Nationally recognized certifications in some/all of the skills mentioned above

3. A degree, can be in IT and computer technology but can be from a range of subjects

Now Crest works heavily with government agencies, so most of the time our staffing criteria is determined directly by the needs of the contracting officers, but the general skills listed above are always going to be an asset. 

And remember a cybersecurity professional must always be learning, always staying one step ahead of potential adversaries, always determining what new vulnerabilities could be exploited in the future.

Continue to seek out knowledge, practice your craft, and you can become the cybersecurity professional you set out to be!