Key Aspects to Succeed in Cyber Security

a lot of people might think that cyber security is easy to get into but in fact cyber security is hard I have been working in cyber security as a security operations analyst in the blue team and I'm going to share with you some of the most important characteristics and traits that you must have in order to succeed in cyber security also run through some key Knowledge and Skills you need to build up in order to maximize your capability to get into cyber security first we need to understand why cyber security is hard you might see a lot of headlines saying that there are not enough cyber Security Professionals around the world to help Safeguard company you might even be inclined to think that since there's an abundance of vacancy in cyber security it'll be easy to get into the hard truth is cyber security as a field is not beginner friendly there are way too many things to understand when you're just studying off fresh such as basic stuff about computers and all the way to security architecture of an organization this is why a lot of people start their career in cyber security by not starting in cyber security instead they start off in a standard help desk job in an IT department to build their fundamental knowledge first this usually consists of understanding how to diagnose a problem on a computer both hardware and software and then slowly moving on to getting more exposure to security systems like firewalls and web traffic couple of things you really need to wrap your head around when going to cyber security is how different systems work for example how do you secure a new device like a laptop in your organization do you use a cloud EDR solution to monitor it how do you secure the web traffic and network how do you go about securing who's able to access this particular device if you're going to cyber security without any of this knowledge and understanding then you definitely find it hard in the field of cyber security there are many jobs available the most stereotypical job that you see in the movies are usually penetration testers in the red team where they try to hack into an organization with permission to check for any gaps in the security systems when you're getting into cyber security you won't be getting into this job at least as your first job you'll most likely end up as a security analyst working in the blue team that means you'll be working in a defending team in an organization that helps monitor systems remediate vulnerabilities and respond to incidents depending on your team there are times when you're flooded with so many alerts and incidents and it becomes pretty hard to respond to everything which often times results to burnout so does it get better in 2024 unfortunately not really with the emergence of AI our job as cyber Security Professionals will only get harder from my perspective the use of voice AI cloning deep fakes adaptive email scams using AI are only going to get better which means it'll be more difficult for us to defend against the majority of scams that are actually affecting companies are fishing scams where the threat actor Will pose at someone else to either get information from you or steal your money if you want to learn more about how to protect yourself against this kind of scams then make sure to check out this video here all right so now we've talked about how security is actually hard let's talk about the important characteristics and traits you need if you have this then you're more likely to be successful in cyber security the first thing you need is to have the drive to learn now what do I mean by that let's say you saw a particular news on TV that says that a company has been hacked any ordinary person would just take that news face level and leave it at that but if you're the type of person that gets more Curious and does a bit more Googling into why the company was hacked how it was hacked basically being more curious about the specific details then you're one step ahead of the majority of the population this is actually very important not just in cyber security because this type of trade allows you to expand your knowledge without any expectation in return if you're at work and your manager tells you to research on the same piece of news you probably wouldn't have the same cut of energy as it feels more like work and once you've completed your research you probably expect some form of acknowledgement in return which isn't ideal if you have this type of self-initiative to learn then you usually have some form of a passion in that industry or simply a passion to learn new things in terms of cyber security it's important to learn new things such as the latest technology in the field cyber security news and vulnerabilities to say a step ahead of threat actors you also need to have the drive to learn new skills to add under your belt for example if you have been working in help desk in your it Department then you would need to expand your knowledge to a cloud stack or maybe a particular coding language depending on your interest which leads into the second point you also need to understand the technicals for cyber security it's important for you to have a general understanding at the very least of how different security systems work with each other following the previous example if you're onboarding an external laptop into an organization you need to make sure it's secured from everything the first thing you got to decide is if you want cloud or on premise Solutions some examples could be using Crow strike as your endpoint detection and response solution IBM for firewall and AWS for applications once you know how each systems interact with each other this allows you to know which systems to look into when you have an incident when you understand the security architecture this allows you to solve problems more efficiently for example if a user says their laptop might have a virus then you know straight away that the first problem to solve is to go on your EDR solution and check there if your drive to learn is strong then you might even look into automating your daily tasks for example one of my daily task was to investigate email attachments such as PDFs so to do that I would need to go on our sandbox environment and manually upload the PDFs there so I can open them up and safely investigate I eventually created an automation which automatically uploads all the PDFs and retrieves all the discovery and sends a summary report to the email this manual process usually takes me like 5 to 10 minutes to do per email but since this has been automated it frees up more time for me to upskill in other areas the third point we need to talk about is the grind when you're studying in cyber security you need to appreciate the grind a lot of times this brings a negative stigma like every day you're clock day 9:05 and sometimes even longer and then this ruins your work life balance which makes it very unsustainable on you physically and mentally you need to understand that when you're a beginner you don't have any experience the only way to obtain exper experience is to grind the good thing is you don't have to grind forever to give an example when I first started in cyber security I barely knew any of the security Concepts as my background was software engineer so in order to put myself up to that level where I'm expected to be I had to grind hard on learning the fundamentals and also how to use our systems such as Splunk which is a common seam solution one of the things I knew I had to do was to use my own personal time to speed up the learning process what really helped me to stay consistent with the grind is to be on schedule I had to block out at least 1 hour a day in my own personal time and have notifications telling me it's time to self-study in order to stay consistent so if you're the type of person that says you really don't have any time then you need to ask yourself how important is cyber security to you now that you know what to expect how do you prepare yourself for a career in cyber security personally I would highly recommend checking out Professor mess's playlist he's actually the best when you're studying because to me he explains everything a lot lot better than some of the courses you find on Udi plus it's free on YouTube and the contents are quite similar to those paid udemy courses if you're studying from a different field where your knowledge on computers are limited then make sure to start with the A+ training course he also has playlist for Security Plus and network plus so those will be the next courses to take after you're done on top of the theoretical knowledge from those courses you also need to learn technical skills I highly recommend learning basics of python and SQL the reason for this is not because you'll be coding or building automations but just so you can read code for basic trouble shooting when I started my job as a stock analyst I was glad that I learned SQL because in order to navigate around logs and indexes on a seam like Splunk you need to learn how to use search processing language which is quite similar to SQL using the combination of your theoretical knowledge and technical skills that you learn the next thing you should do is practice some basic stuff on your Seam for example Splunk lets you try out for free so you can apply all the knowledge and practice there as much as you want if if you want to learn more about how to get started with Splunk I've done up a beginner friendly tutorial link is in the description the last thing I would recommend is to build your own project portfolio I personally recommend building your own home lab a home lab is basically a simulation of an environment which allows you to onboard devices and security systems like firewalls EDR and network security this is a really good project to add to your portfolio because it will showcase your understanding of how different systems interact and how you can utilize them in an incident investigation the good thing is you can send all the logs from your home lab to your sim solution which you can further expand into one big project the reason why I recommended Splunk and the home lab is because that's literally what we do as a sock analyst so if you're able to show those to your interviewer then you're already way better than average person anyway that's pretty much all I have to say about this video If you enjoyed this video and found it useful then don't forget to support the channel by taking a moment to click like And subscribe thanks for watching

a lot of people might think that cyber security is easy to get into but in fact cyber security is hard I have been working in cyber security as a security operations analyst in the blue team and I&#39;m going to share with you some of the most important characteristics and traits that you must have in order to succeed in cyber security also run through some key Knowledge and Skills you need to build up in order to maximize your capability to get into cyber security first we need to understand why cyber security is hard you might see a lot of headlines saying that there are not enough cyber Security Professionals around the world to help Safeguard company you might even be inclined to think that since there&#39;s an abundance of vacancy in cyber security it&#39;ll be easy to get into the hard truth is cyber security as a field is not beginner friendly there are way too many things to understand when you&#39;re just studying off fresh such as basic stuff about computers and all the way to security architecture of an organization this is why a lot of people start their career in cyber security by not starting in cyber security instead they start off in a standard help desk job in an IT department to build their fundamental knowledge first this usually consists of understanding how to diagnose a problem on a computer both hardware and software and then slowly moving on to getting more exposure to security systems like firewalls and web traffic couple of things you really need to wrap your head around when going to cyber security is how different systems work for example how do you secure a new device like a laptop in your organization do you use a cloud EDR solution to monitor it how do you secure the web traffic and network how do you go about securing who&#39;s able to access this particular device if you&#39;re going to cyber security without any of this knowledge and understanding then you definitely find it hard in the field of cyber security there are many jobs available the most stereotypical job that you see in the movies are usually penetration testers in the red team where they try to hack into an organization with permission to check for any gaps in the security systems when you&#39;re getting into cyber security you won&#39;t be getting into this job at least as your first job you&#39;ll most likely end up as a security analyst working in the blue team that means you&#39;ll be working in a defending team in an organization that helps monitor systems remediate vulnerabilities and respond to incidents depending on your team there are times when you&#39;re flooded with so many alerts and incidents and it becomes pretty hard to respond to everything which often times results to burnout so does it get better in 2024 unfortunately not really with the emergence of AI our job as cyber Security Professionals will only get harder from my perspective the use of voice AI cloning deep fakes adaptive email scams using AI are only going to get better which means it&#39;ll be more difficult for us to defend against the majority of scams that are actually affecting companies are fishing scams where the threat actor Will pose at someone else to either get information from you or steal your money if you want to learn more about how to protect yourself against this kind of scams then make sure to check out this video here all right so now we&#39;ve talked about how security is actually hard let&#39;s talk about the important characteristics and traits you need if you have this then you&#39;re more likely to be successful in cyber security the first thing you need is to have the drive to learn now what do I mean by that let&#39;s say you saw a particular news on TV that says that a company has been hacked any ordinary person would just take that news face level and leave it at that but if you&#39;re the type of person that gets more Curious and does a bit more Googling into why the company was hacked how it was hacked basically being more curious about the specific details then you&#39;re one step ahead of the majority of the population this is actually very important not just in cyber security because this type of trade allows you to expand your knowledge without any expectation in return if you&#39;re at work and your manager tells you to research on the same piece of news you probably wouldn&#39;t have the same cut of energy as it feels more like work and once you&#39;ve completed your research you probably expect some form of acknowledgement in return which isn&#39;t ideal if you have this type of self-initiative to learn then you usually have some form of a passion in that industry or simply a passion to learn new things in terms of cyber security it&#39;s important to learn new things such as the latest technology in the field cyber security news and vulnerabilities to say a step ahead of threat actors you also need to have the drive to learn new skills to add under your belt for example if you have been working in help desk in your it Department then you would need to expand your knowledge to a cloud stack or maybe a particular coding language depending on your interest which leads into the second point you also need to understand the technicals for cyber security it&#39;s important for you to have a general understanding at the very least of how different security systems work with each other following the previous example if you&#39;re onboarding an external laptop into an organization you need to make sure it&#39;s secured from everything the first thing you got to decide is if you want cloud or on premise Solutions some examples could be using Crow strike as your endpoint detection and response solution IBM for firewall and AWS for applications once you know how each systems interact with each other this allows you to know which systems to look into when you have an incident when you understand the security architecture this allows you to solve problems more efficiently for example if a user says their laptop might have a virus then you know straight away that the first problem to solve is to go on your EDR solution and check there if your drive to learn is strong then you might even look into automating your daily tasks for example one of my daily task was to investigate email attachments such as PDFs so to do that I would need to go on our sandbox environment and manually upload the PDFs there so I can open them up and safely investigate I eventually created an automation which automatically uploads all the PDFs and retrieves all the discovery and sends a summary report to the email this manual process usually takes me like 5 to 10 minutes to do per email but since this has been automated it frees up more time for me to upskill in other areas the third point we need to talk about is the grind when you&#39;re studying in cyber security you need to appreciate the grind a lot of times this brings a negative stigma like every day you&#39;re clock day 9:05 and sometimes even longer and then this ruins your work life balance which makes it very unsustainable on you physically and mentally you need to understand that when you&#39;re a beginner you don&#39;t have any experience the only way to obtain exper experience is to grind the good thing is you don&#39;t have to grind forever to give an example when I first started in cyber security I barely knew any of the security Concepts as my background was software engineer so in order to put myself up to that level where I&#39;m expected to be I had to grind hard on learning the fundamentals and also how to use our systems such as Splunk which is a common seam solution one of the things I knew I had to do was to use my own personal time to speed up the learning process what really helped me to stay consistent with the grind is to be on schedule I had to block out at least 1 hour a day in my own personal time and have notifications telling me it&#39;s time to self-study in order to stay consistent so if you&#39;re the type of person that says you really don&#39;t have any time then you need to ask yourself how important is cyber security to you now that you know what to expect how do you prepare yourself for a career in cyber security personally I would highly recommend checking out Professor mess&#39;s playlist he&#39;s actually the best when you&#39;re studying because to me he explains everything a lot lot better than some of the courses you find on Udi plus it&#39;s free on YouTube and the contents are quite similar to those paid udemy courses if you&#39;re studying from a different field where your knowledge on computers are limited then make sure to start with the A+ training course he also has playlist for Security Plus and network plus so those will be the next courses to take after you&#39;re done on top of the theoretical knowledge from those courses you also need to learn technical skills I highly recommend learning basics of python and SQL the reason for this is not because you&#39;ll be coding or building automations but just so you can read code for basic trouble shooting when I started my job as a stock analyst I was glad that I learned SQL because in order to navigate around logs and indexes on a seam like Splunk you need to learn how to use search processing language which is quite similar to SQL using the combination of your theoretical knowledge and technical skills that you learn the next thing you should do is practice some basic stuff on your Seam for example Splunk lets you try out for free so you can apply all the knowledge and practice there as much as you want if if you want to learn more about how to get started with Splunk I&#39;ve done up a beginner friendly tutorial link is in the description the last thing I would recommend is to build your own project portfolio I personally recommend building your own home lab a home lab is basically a simulation of an environment which allows you to onboard devices and security systems like firewalls EDR and network security this is a really good project to add to your portfolio because it will showcase your understanding of how different systems interact and how you can utilize them in an incident investigation the good thing is you can send all the logs from your home lab to your sim solution which you can further expand into one big project the reason why I recommended Splunk and the home lab is because that&#39;s literally what we do as a sock analyst so if you&#39;re able to show those to your interviewer then you&#39;re already way better than average person anyway that&#39;s pretty much all I have to say about this video If you enjoyed this video and found it useful then don&#39;t forget to support the channel by taking a moment to click like And subscribe thanks for watching

Transcript for:Key Aspects to Succeed in Cyber Security

Transcript for:
Key Aspects to Succeed in Cyber Security