Getting Started in Cyber Security

Sep 11, 2024

Lecture Notes: Breaking into Cyber Security

Introduction

  • Main Problem: How to gain experience in cyber security without formal employment.
  • Speaker: Neil Bridges and David Bumble discussing pathways into the field.
  • Key Idea: Do not need to quit existing jobs or pursue expensive degrees to enter the cyber security industry.

Neil Bridges' Background

  • Over 20 years in cyber security.
  • Experience in offensive hacking with the U.S. Air Force and NSA.
  • Roles in building pen testing and red teams for Fortune 100 companies.
  • Consultant experience with PricewaterhouseCoopers (PwC).
  • Instructor roles and public speaking engagements.

Cyber Security Industry Overview

  • Red Team: Offensive side; finding and exploiting vulnerabilities.
  • Blue Team: Defensive side; protecting networks and systems.
  • More job opportunities in blue teams than red teams (10:1 ratio).
  • Possible to transition from blue team to red team roles.

Breaking Into Cyber Security: Key Points

Degrees and Certifications

  • Degrees: Not necessary, but can be pursued for personal goals.
  • Certifications: Important for knowledge and passing HR gatekeepers.
    • Mentioned Certifications: CEH, OSCP.

Hands-on Experience

  • Essential for career growth and job opportunities.
  • Participate in Capture the Flag (CTF) events and build a home lab.
  • Document participation and achievements in events like Hack the Box or TryHackMe.

Networking

  • Critical for job opportunities.
  • Use LinkedIn to create a professional digital resume.
  • Engage with industry professionals through comments and groups.
  • Aim for a significant number of professional connections.

Suggested Pathway for Beginners

  1. INE Training: Start with free courses on IT and pen testing essentials.
  2. Capture the Flags: Use platforms like CTFtime.org to gain practical experience.
  3. Networking: Build a substantial network on LinkedIn, engage with content and professionals.

Final Recommendations

  • First Certification: Consider starting with certifications from INE (e.g., EJPT) for foundational knowledge.
  • HR Strategies: Understand HR processes and present practical experience gained from platforms as part of your qualifications.
  • Community Engagement: Join Twitch streams and engage in cyber security communities for continuous learning.

Personal Insights and Experience

  • Neil's journey from not being accepted to college to becoming a notable figure in cyber security.
  • Importance of passion, hands-on practice, and community involvement in building a career.

Conclusion

  • Cyber security offers numerous pathways without traditional degree requirements.
  • Emphasis on practical experience, certifications, and networking to break into the field.