Hands-on learning with Infosec Skills
Your Infosec Skills membership grants you access to:
• 270+ courses
• 40+ learning paths
• 100+ hands-on labs
• Certification practice exams
Staying relevant in any job is a challenge, but in a world where threats are constantly evolving and changing, cybersecurity is certainly not an easy field to keep up with. If you want to stay in the game and remain competitive, you need to constantly be learning, researching and practicing — and we’re not talking about certifications. Your certifications should help to act as a foundation of your knowledge, but any additional techniques and information that you need to stay ahead of global and trending threats need to come from other sources.
You need to develop new skills and stay in the loop so that you can identify and strengthen your skill set to stay relevant. We have put together a number of tips and tricks to help you to continue upskilling and developing yourself, as well as how you can continue to acquire new cybersecurity skills in 2019.
How can you build your cybersecurity skills?
All industries go through trend cycles, where new advances in technology accelerate the development of products and services. This leads to new ways of doing things, and IT is no different.
To keep up with the ever-changing technical challenges in cybersecurity, you will want to start doing things like:
- Stay up to date with the latest happenings in cybersecurity: Sign up for forums and newsletters. Get actively involved in a dedicated online community that caters for cybersecurity professionals, or even start your own events that involve people in your field
- Independent research: If you are dealing with a unique problem at work that needs a thorough investigation, then it might be worth doing some research on how to solve the problem. If you come across something interesting, then you have the materials that you need to share your findings with the rest of the world
- Attend specialized training: If you identify any gaps in your skills or knowledge, then spending time on dedicated skills could be the way forward. This might require travel on your part, but if the skills that you need are worth the effort, then it is definitely a good idea pursuing this type of training.
- Attending workshops and seminars: This is like specialized training, but in less depth and detail. Workshops and seminars are a good way to help you connect with other people in your field and will show you what’s new in cybersecurity training or products, depending on the event that you attend
- Product launches and industry trade shows: Trade shows are not everyone’s idea of a good time, but if you are interested in looking at the latest and greatest technologies and products, then these are great events to attend. They can help show which direction the trends are going and will ultimately introduce you to products and services that could help you in your day-to-day life as a cybersecurity professional. Things like intrusion detection solutions, malware scanners and security suites are the types of products you can expect to see at such trade shows
- Network with other cybersecurity professionals and exchange ideas: If you are fortunate enough to have a group of socially-inclined colleagues then you could set up meets at certain times of the year, like how LUGs (Linux User Groups) operate. These are fun events where people can meet and discuss topics of interest that relate to cybersecurity and technology in general
- Collaborate with colleagues, both senior and junior: People that have been working in cybersecurity for a long time can share vast amounts of information with you, and they can provide valuable insights into the way that they do things. The same is true of more junior team members. They join the workforce with a different perspective on cybersecurity, and the skills that they bring with them reflect a newer approach to the way that cybersecurity is taught. Both perspectives can help to strengthen your own views on how cybersecurity should be practiced and enforced in your own professional life.
You can also do small things like set up a Google alert with specific keywords so that whenever there are new articles, events or videos posted online you can be the first to know.
Staying involved will keep you interested in the latest goings-on and will keep you inspired to keep on learning with relevant, real-world information as it becomes available.
Which cybersecurity skills are most in demand?
Cybersecurity is such a broad term that it is difficult to stand out in a crowd of other cybersecurity professionals, especially when the roles share similar job responsibilities. If you are going to lead the pack in your area of expertise in the field of cybersecurity, then you will need to identify what companies are most concerned with in 2019.
Let’s look at some basic skills that you should have as a cybersecurity pro.
- Intrusion Detection: Learn how to keep unwanted people out of your network and find out when anyone tries to break in. Intrusion detection lets you keep tabs on the strength of your defense and how many attempts are being made on your systems. Being strong in this field is a good way to ensure that you will stay relevant in a security-reliant environment
- Software Reverse-Engineering: When malware and virus infections cause issues on a network, it is invaluable to have people on hand that can identify the cause of the attack and inspect it further. Reverse-engineering skills allow cybersecurity experts to explore the contents of infectious files to see how they deliver their payload, as well as who the instance of malware was trying to communicate with. This helps in the creation of new safeguards to prevent similar attacks from occurring again in the future
- Analytical Skills: If you have a complex environment with lots of data being generated, then having the skills to filter out the useful information from the garbage is very valuable to an employer. Learning frameworks such as ELK Stack and Graylog are good ways to show that you are comfortable with large data sets. Creating custom searches, filters and reports can all help with the organization’s cybersecurity stance if used correctly
- Risk Mitigation: Understanding how to mitigate risk is essential for cybersecurity professionals. This helps them to lock down environments and prevent breaches and data loss by following best practices and by preventing further damage once an attack occurs
- Cloud Security: More companies are turning to the cloud to host their vital services, but not many businesses understand what a cloud-based platform is and what vulnerabilities it has when compared to an on-premises solution. Cloud skills are specialized because of the way that security is handled across one or many data centers, and as such, they require specific skills to maintain them properly
- Incident Response: When a cyberattack is first detected, it is imperative that action be taken as soon as possible. Working as an incident responder means that you are the first line of defense when a breach or attack is first detected. Learning these skills will help you to be more effective in times of crisis
- Encryption Technologies: Understanding how encryption works, how it should be implemented in a corporate environment and how it can be circumvented are all important for cybersecurity professionals. There are many different types, so understanding how they work is very important and is beneficial if you are trying to remain relevant as a cybersecurity professional
- Penetration Testing: The best way to learn how to secure a network is to learn how to break into it. Pentesters are highly sought-after individuals that understand how to exploit common lapses in security to gain access to systems. Pentesting requires skill and experience which comes from years of experimentation, along with trial and error. If you haven’t already started learning how to pentest networks and servers, then setting up a home lab to experiment is the best way to get started
How much does cybersecurity training cost?
Cybersecurity training is not expensive when one looks at the cost of recovering from a cybersecurity attack, but the cost is relative to traditional IT certifications. Costs in cybersecurity training and certification will differ depending on the level of training and certification that you are aiming at. Learning new skills through cybersecurity training is a never-ending process because the methods and technologies are always changing and evolving.
Cybersecurity training differs from traditional certifications because they act as a stopgap that fills in missing knowledge that you might not have learned when you were certifying your current qualifications. These training sessions generally cost as little as a few hundred dollars per attendee and last only a single day, like a basic cybersecurity awareness program for junior IT staff and general users.
For more data-intensive skills-building training courses, the costs can run into several thousand dollars if the training is intensive and comprehensive enough. This type of training may last from a few days to a few weeks, but not necessarily all at once. This is useful if you work full-time because you don’t need to be away for lengthy periods of time in some cases. The sessions are normally followed by distance learning or e-learning. In some cases, this is finished with an exam, although not all training sessions will require an exam.
Again, it all depends on the depth and detail of the training that you are attending. Examples of such courses could include things like:
- Introductory Courses to Cyber Forensics
- Network Security
- Cybersecurity Risk Management
So the takeaway from all of this is that the higher the level of training is, the more technical the subject matter will be. The more intensive and detailed the course is, the higher the cost.
How can you keep your cybersecurity skills sharp?
There are plenty of ways to keep your cybersecurity skills sharp, especially when you have an interest and actively participate in staying up to date with news and developments in the industry.
- Online News and Trends Resources: There are literally hundreds of online resources that you can use to stay up to date with cybersecurity advancements, threats and techniques
- Online Communities: You can engage with online communities, contribute to forums, attend conferences, follow training providers for the latest course updates and much more
- Follow Industry Advancements and Cybersecurity Leaders: Cybersecurity is like any other career that has intense knowledge requirements such as engineering or medicine: you need to actively engage with the community and participate as much as you can!
Regular exposure to all this information will help you to reinforce your existing knowledge and will also help you to learn new skills.
How can you make yourself a more attractive candidate for cybersecurity positions?
The best way to open job opportunities for yourself will start with certification. Certifying your skills is a way to show your potential employer that you satisfy the basic requirement for your position and will make you a more attractive option when compared to similarly-experienced candidates with fewer educational achievements. But certifying your knowledge is only the beginning …
Standing out from the crowd requires creativity and a genuine interest in cybersecurity. Perhaps you have a project that you have been working on, such as an application or a script that you can mention in your interview or on your resume. Mention cybersecurity-related interests that you have such as:
- Capture the Flag (CTF) Jeopardy Events: If you enter these events, then mention some of your proudest moments during the event. Perhaps you solved a particularly tricky flag that required some out-of-the-box thinking, or a custom script to get the job done? This shows that you have an interest in penetration testing, and if the role you are applying for requires these skills, then you could have an advantage over the competition
- Capture the Flag (CTF) Attack/Defense Events: These events are team-based challenges that have targets on each side of a network. Teams take turns attacking and defending until all the objectives are complete
- Hackathons: Although each event is different, a hackathon is generally a creative exercise that will have you cooperating with team members to make something, break into something or fix something. If you mention your interest in these types of events, then you could be setting yourself apart from the pile of applications next to yours
- Building and Testing a Home Lab: Perhaps you enjoy testing out new theories and practical methods in your home lab. This is a great way to experiment with dangerous commands and tools that could wreak havoc on a live system or network. Mention the brands of routers and switches that you are comfortable working with, too, as some roles are looking for expertise with a flavor of manufacturer like Cisco, Juniper or Mikrotik
- Website and Blog: If you enjoy sharing your experiences, insights and knowledge online, and the content is professional and not too personal, then it could be a good idea to show your interest in cybersecurity by showing off your online work
- Hardware Hacking and Reverse-Engineering: This wasn’t always applicable to cybersecurity hopefuls, but the rise in popularity of IoT devices has meant that there is a genuine need for security professionals to understand low-level electronic functions and how to interact with them to extract data and detect malware. If you already have an interest here, then this is a great piece of information to share on your resume or in the interview if you feel that it is relevant to the role that you are applying for
How can you safely practice using your cybersecurity skills?
There are many different ways for you to practice at home while honing your skills and sharpening your technical abilities. Home labs have always been a staple for IT professionals that want to practice new techniques, applications and methods without risking damaging any production environment systems. The amount of free software that is available to help you to run virtual machines and software defined networks (SDN) has increased over the years with examples of the former such as Oracle’s VirtualBox, VMWare Workstation Player and Microsoft’s Hyper-V.
When learning how these systems work, many people turn to an SDN emulation called Mininet, which can be launched as its own virtual machine and experimented with in your home lab. All of this is possible without spending any money on expensive hardware; when you are confident that you are able to take the next step, then you can look at hiring out racked equipment or even buying secondhand if your budget allows it. You can get really creative with your learning if you look around.
How can you ensure that a cybersecurity course will teach you the most relevant skills for your career aspirations?
The best way to do this is to do some good old-fashioned research. Like we mentioned previously, there are many online resources that you can use to ask questions and get answers. The great thing about this approach is that you get to ask about certain certifications in vendor-neutral environments, so the course recommendations are more likely to be accurate to what you are trying to achieve as opposed to going directly to the certification body that provides the exams. Another excellent resource is Infosec’s website, where you can find out about which courses will apply to your career aspirations on the certification front.
Where are the shortages in the cybersecurity employee market?
There are shortages in cybersecurity professionals around the world, which is a growing concern for many companies, especially where IT security is of the utmost importance. Adding to the pressure that is already being exerted on the cybersecurity shortage is the implementation of privacy laws and regulations that global regions have been working on. This makes it mandatory for specific procedures to be put in place that protect user data and privacy, which creates a higher demand for cybersecurity personnel.
One major example of this is the GDPR (General Data Protection Regulation) in Europe. This has created the need for more information technology professionals, with a specific focus on cybersecurity as data needs to be sanitized, scrubbed and discarded after a certain amount of time.
Some information also needs to be made available to a user on request, which means that more skills have been drawn into cybersecurity to maintain data security. Failure to comply with the GDPR is serious business, with fines of up to €10 million or 2% of the business’s annual global turnover — whichever is higher.
European regulations aside, there are other reasons for the surge in demand for cybersecurity professionals. These specific industries that have made headlines through cybersecurity breaches and attacks over the past decade:
- Oil and Gas: The 2017 attack on a Saudi oil and gas plant made headlines when safety equipment was interfered with by malware, causing the plant to enter a failsafe mode and shut down the plant
- Medical Services: 2017 was a busy year for malware, as the NHS suffered an embarrassing infection of WannaCry ransomware. The infection caused massive system outages on an estimated figure of over 200,000 desktops, servers and laptops, locking users out for several days
- Nuclear Energy: Stuxnet malware was reportedly responsible for an attack on a uranium enrichment plant in Iran way back in 2010. It caused valves to close and affected centrifuges by varying the speeds that they operated at. This was one of the first events that brought public attention to the potential disasters that malware and hackers could unleash on the world.
These are just some of the high-profile incidents from the past few years, but there could be many more incidents occurring daily that don’t get the same media coverage but are just as serious. This clearly illustrates the need for more cybersecurity in these sectors alone, but the truth is that there is always a serious cyberattack around the corner.
Keeping your cybersecurity skills relevant in 2019 is a challenge that needs to be undertaken if you are going to be effective at battling both pre-existing security threats and emerging ones. There are many ways of achieving this, from studying for the latest certification to keeping up to date online with your favorite news and tech channels or attending training and seminars that are relevant to your field of expertise. If you keep an ear to the ground in 2019, then the chances of you being caught off-guard are far less likely, making you a better cybersecurity professional and an asset to your employer.
- Massive nation state malware attack shuts down industrial plant, TechRepublic
- Stuxnet 0.5: The Missing Link, Symantec Security Response
- GDPR Enforcement and Penalties, IT Governance