At-home Windows Hardening Security Project Hanging out with fellow hackers is part of our job. Most of us white hats dabble in a little curiosities from time to time, and you're typically just surrounded by more people skilled enough technically to raise the risks for you a bit. Below is a guide. the At-home Windows Hardening Security Project that I created to help you harden your Windows 10/11 system but not make it so secure that it is unusable. Disable Remote Access Attackers can use Microsoft Remote Desktop's remote access feature to gain control of your device, steal information, and install malware. You'll want to be able to launch R emote D esktop C onnection to log into various things (including the lab here), but you do not wish to host a remote desktop service. The easiest graphical way to disable Remote Desktop is by using Settings. Start by launching Settings using Windows+i. From the left sidebar, select "System." On the right pane, scroll down and choose "Remote Desktop." On the following screen, turn off the "Remote Desktop" toggle. The Windows 11 Home edition doesn't support remote desktops. Use Antivirus Windows' Virus & threat protection is good enough. It is on by default. Go to Start, type in "Virus & Threat Protection," then go to "Manage settings." Make sure that all toggles are in the "on" position. If you do choose to handle malware on your computer, you will want to take note of the "Exclusions" and add exclusions to the folders you don't wish to scan. Create Strong Passwords Passwords should be in a password manager, and I don't care what anyone says; you should invest in a good one like LastPass. Always be careful who you're giving your data to and their financial situation. You should also purchase two YubiKeys, ensure the password manager's 2-factor authentication is enabled, and set up with your primary and backup YubiKey. Buy a YubiKey Nano to stick in your laptop and keep a YubiKey on your keyring. Share your master password with a loved one and make your password vault part of your digital inheritance if something should happen to you. I know I am bleeding into other subjects, but someone needs access to your digital identities if something were to happen to you. There is a line of cybersecurity that is too secure for no one to access anything, and that isn't where you need to draw the line. It's something you need to consider seriously. You'll already be maintaining your digital life. Enable File Backups Regular file backup can help prevent data loss during malware attacks or hardware failures. Go back to Start, then "Virus & Threat Protection," scroll down to "Ransomware protection," click the option to "Set up OneDrive," and follow the prompt to choose which folders to back up. Turn on Core Isolation This feature adds virtualization-based security to protect against malicious code and hackers. It isolates core processes in memory and prevents hackers from taking control of unsecured drivers.  To turn on core isolation in Windows 11, do the following: Click the Start button Type "Windows Security" Select Device security Select Core isolation details  Turn on: Local Security Authority protection Microsoft Vulnerable Driver Blocklist Turn on Bitlocker Drive Encryption If you have Windows 11 Pro, go ahead and set up Bitlocker Drive Encryption. That way, when your computer starts up, you will be prompted with a password, which will encrypt your data at rest. Optional PUA protection I've never turned this on, and it may be an annoyance as we tend to play with many applications, but you do have the ability to turn on "Reputation-based protection," which will protect you from potentially unwanted applications. Windows Update Settings Go to Windows Update Settings and ensure "Get the latest updates as soon as they are available" is OFF. Even with this setting off, you will still receive important security updates automatically to protect your device.  Then click on "Advanced Options" and turn on "Receive updates for other Microsoft Products." That should do it. Make sure you stay updated with Windows updates and use your password manager. Also, make sure you turn on 2-factor authentication everywhere! Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

How to Get a Job in Cybersecurity from IT No one tells you the truth about how difficult it is to land even an entry-level role in cybersecurity. What I’ve seen in the job market in the past years is that even an entry-level role requires experience. Without that, even getting an interview can be a challenge.  But if you have previous IT experience, you are already ahead of the crowd. The skills and experience you may have gained in IT roles provide a solid foundation for transitioning into the world of cybersecurity. IT is considered one of the easiest and most natural paths in the cybersecurity field. In this article, I would like to share how IT positions can be a springboard into a cybersecurity career. It will be important to highlight your transferable skills and take advantage of your IT experience when making this career transition. The Natural Progression from IT to Cybersecurity The IT field can include a range of roles. The most common IT positions are Help Desk Technician, Network Administrator, Systems Administrator, Database Administrator, IT Support Specialist, Cloud Engineer, and DevOps Engineer. Each of these roles contributes to the design, implementation, and maintenance of an organization's technology infrastructure.  Overlap Between IT and Cybersecurity Responsibilities While IT and cybersecurity are distinct fields, there is a natural bridge between IT and cybersecurity roles.  Because IT tasks also involve security, there is a big overlap in the responsibilities and knowledge of these two areas. Some of this overlap happens when IT professionals work on configuring firewalls and network security devices. They will also manage user access and maintain secure systems and applications. IT professionals must also regularly conduct system updates, monitor anomalies, and respond to technical incidents. Why IT Professionals are Well-Positioned for Cybersecurity Careers IT professionals have significant advantages over other jobseekers who are new to the job market. Because they already have a strong technical foundation and understanding of IT systems, networks, and infrastructure. This basic knowledge and experience is needed in all cybersecurity roles. The experience from troubleshooting IT issues directly translates to mitigating security threats. Understanding how various components of a system interact is a skill used every day in IT. Because technology keeps changing, IT professionals have already learned to be adaptable and keep up with it. They require less training than individuals from non-technical backgrounds or with no experience. Core Technical Skills Gained in IT IT professionals develop a range of technical skills that are directly applicable to cybersecurity roles. These skills cover anything from networking fundamentals to system administration, and scripting and automation. Networking Fundamentals Understanding the TCP/IP protocols governing internet communication is necessary in the  IT field. This knowledge is also used to analyze network traffic, identify potential threats, and secure network structures in the cybersecurity field. A common task in IT is firewall configuration which directly translates to configuring and managing firewalls in network defense. Remote work has also increased the use of VPN setup and IT management. Cybersecurity roles also work on the maintenance of secure remote access to corporate resources. System Administration Skills in managing computer systems are very useful when moving to cybersecurity jobs. Cybersecurity experts need to understand how to work with Windows and Linux in order to find weak spots, make them safer, and fix problems.  Experience in handling user accounts is also necessary. IT professionals have a lot of experience in making new accounts, changing them, and removing old ones, which is essential. Typically, they will know how to set up who  can access what . This skill helps keep systems secure by giving people only the access they need. Another important task they have is keeping systems up-to-date. Having experience here will help them fix known problems and keep the whole organization safer when working in a cybersecurity role. Scripting and Automation Scripting and automation skills developed in IT roles are transferable to cybersecurity. Being proficient in PowerShell allows for efficient system administration and automation.  PowerShell skills in cybersecurity are useful for threat hunting, incident response, and automating security tasks. Experience with Bash scripting in Linux environments is needed for log analysis, system hardening, and automating security checks. IT professionals who have used Python for automation tasks will be valuable because they can use this experience to develop security tools, analyze data, and automate repetitive security processes. How These Skills Translate to Cybersecurity Roles The skills you learn in IT jobs are really helpful for many cybersecurity jobs. For example, network security experts use what they know about networks to keep them safe. System security experts use their knowledge of computers to make them stronger against attacks. Security automation engineers use their programming skills to create tools that increase security. Incident response teams use their broad tech knowledge to solve security problems. People who work in IT can move into cybersecurity jobs more easily than others because they already know a lot of the basics. This natural move from IT to cybersecurity is good. It creates security experts who understand both how technology works and how to use it safely in real situations. They are great at keeping digital spaces secure because they see the big picture of tech and security. Hands-on experience with Systems and Networks One of the most valuable assets IT professionals bring to cybersecurity roles is their hands-on experience with systems and networks. They have a deep understanding of how technologies work in real-world scenarios.  IT professionals develop strong troubleshooting and problem-solving skills through their daily work. They're often the first line of defense when systems malfunction or users encounter issues. They have experience thinking critically, analyzing complex situations, and developing effective solutions quickly. All these skills are directly useful to cybersecurity roles. Through their work, IT professionals also gain familiarity with common attacks. They understand how systems can become compromised, whether through social engineering, unpatched vulnerabilities, or misconfigurations. This knowledge helps them anticipate potential threats and implement proactive security measures. Understanding system vulnerabilities is another crucial skill that IT professionals develop. They know how to identify weak points in systems and networks.  In cybersecurity roles, this understanding is needed for conducting meticulous risk assessments and implementing security controls. Real-world scenarios where IT and cybersecurity collaborate are common. For instance, an IT professional troubleshooting a network performance issue might discover signs of a malware infection. They will collaborate with the security team to eliminate it. Or, during a system upgrade, they might identify and patch critical vulnerabilities. Their efforts directly contribute to the organization's overall security. Thanks to all their experience, IT professionals have a holistic view of how security integrates with broader IT operations. This perspective is highly valuable in cybersecurity roles. Understanding of Compliance and Regulations IT workers often learn about rules and standards for keeping digital information safe. They work with guidelines like ISO 27001 or NIST, which tell them how to protect data. They also know about laws like GDPR or HIPAA that explain how to handle private information. This knowledge is really useful in cybersecurity jobs, where following these rules is very important. IT workers understand how to apply these rules in real life, like setting up strong passwords or keeping data safe. IT professionals also help create safety rules at their work. They may include rules about how to use computers safely or set up ways to save important information. This experience helps them understand how to keep things safe in everyday work. In cybersecurity jobs, this knowledge is extremely necessary. With it, they can create and enforce safety rules, manage risks, and be ready for compliance auditing. This understanding of both the why and how of regulation makes IT workers great at cybersecurity jobs. Collaboration with Cybersecurity Teams IT professionals often have opportunities to collaborate with cybersecurity teams exposing them to security practices and methodologies. This collaboration can take various forms and is beneficial when transitioning to a cybersecurity career. Cross-functional projects involving security teams are common in many organizations. For example, an IT professional might work alongside security experts when implementing a new system. These projects provide insights into security methods, familiarizing IT professionals with cybersecurity practices. Incident response is another area where IT and cybersecurity teams often collaborate. When a security incident occurs, IT professionals may be called to help contain the threat, gather forensic data, or restore systems. This hands-on experience in dealing with security incidents is great when transitioning to cybersecurity roles. IT professionals may also be involved in security assessments and audits. They will work with security teams to evaluate the security of systems they manage, or assist in preparing for external audits. Having this experience shows them how security professionals approach risk assessment and mitigation.  Through these collaborations, IT professionals have the opportunity to build relationships with security professionals. They can learn from seasoned security experts, understand the challenges faced by security teams, and understand the day-to-day responsibilities of various cybersecurity roles. These relationships can also be valuable when seeking mentorship or job opportunities in the cybersecurity field. Working alongside cybersecurity teams teaches them to view systems and processes through a security lens. IT professionals will consider potential threats and vulnerabilities in every aspect of their IT operations. This shift in perspective is necessary for those transitioning into cybersecurity roles. Pursuing Certifications and Training If you're in IT wanting to move into cybersecurity, getting special certificates and training is really important. These show that you know your stuff and are serious about the job. A good certificate to start with is the Network+, which teach you about networks. You can get certificates like CompTIA Security+ as you learn more about cybersecurity. These teach you how to keep computers safe and how hackers think. For mid-level and advanced positions, certificates like the CEH and CISSP are good to have. But remember, certificates aren't everything. You need to keep learning all the time because cybersecurity changes fast. You can take online classes, go to workshops, and practice at home. Try setting up your own computer lab to test security tools. You can also join capture-the-flag contests where you solve security puzzles. It's important to keep up with new security news and threats too. Doing all these things will help you get better at cybersecurity and be ready for a new job in this field. Networking and Professional Development Building a strong professional network is invaluable when transitioning from IT to cybersecurity. Networking provides opportunities for learning, mentorship, and career advancement that can significantly help the transition process. When moving from IT to cybersecurity, making good connections with other professionals is super important. This helps you learn new things, find mentors, and grow your career. One great way to do this is by joining groups like ISACA or (ISC)². These organizations have local chapters where you can meet cybersecurity experts in your area. They also offer training and resources to help you learn more about the field.  Another way to build connections is by going to big conferences like DEF CON. These events let you learn about new security tools and methods, and meet lots of people working in cybersecurity. If big conferences seem too much at first, you can start with smaller local meetups. Don't forget about online communities too! Places like Reddit's cybersecurity forum, the CNE Discord, the BHIS Discord, or LinkedIn groups are great for asking questions and sharing what you know. Being active in these online spaces can help you make a name for yourself in the field. Building a professional network that spans both IT and cybersecurity is particularly valuable for those in transition. Maintaining connections with IT colleagues while building new relationships in the cybersecurity field can lead to unique opportunities that can utilize your cross-domain expertise. These connections can help you find out about job openings, offer mentorship, and stay informed about developments in both fields. Strategies for Transitioning from IT to Cybersecurity Making the leap from IT to cybersecurity requires strategy. Start by identifying your transferable skills. As an IT professional, you will have many skills that are directly applicable to cybersecurity roles.  Connect these skills to common cybersecurity job requirements so you can identify your strengths and areas you need to improve. Seek internal opportunities within your current organization. Express your interest in cybersecurity to your manager and HR department. Look to take on security-related tasks or projects in your current role.  Volunteering for security-related projects, such as assisting with security audits or implementing new security tools, can also help you. Building a personal lab for hands-on cybersecurity practice is crucial for skill development. Set up a home or cloud network with virtual machines to experiment with various security tools, practice penetration testing techniques, or analyze malware in a safe environment. Platforms like Hack The Box, TryHackMe, OWASP WebGoat, and our Cyber NOW® Cyber Range can provide structured environments for practicing cybersecurity skills. You can gain hands-on experience by taking on side projects or freelance work related to cybersecurity. Build a portfolio of security-related work so you can share when applying for cybersecurity positions.  Conclusion The path from IT to cybersecurity is not only viable but often advantageous. IT professionals can maximize their transferable skills and experience to form a solid foundation for a career in cybersecurity. From networking fundamentals and system administration to hands-on troubleshooting and compliance knowledge, IT experience helps you build a toolkit that aligns with cybersecurity job functions.  For those with IT experience considering a move into cybersecurity, don't hesitate to take the leap! Your background gives you a significant head start in understanding the complexities of technology infrastructures and the potential risks they face. Your IT knowledge is a unique strength. Focus on building upon it with cybersecurity-specific skills and certifications. Network with professionals in the field, seek out mentorship opportunities and don't be afraid to start with entry-level cybersecurity positions that allow you to gain experience. To those without experience in either IT or cybersecurity but aspiring to enter the cybersecurity field, consider starting your journey in IT. Since landing a cybersecurity role directly may be more challenging, gaining IT experience can be an excellent stepping stone. IT roles provide invaluable hands-on experience with systems, networks, and technologies that are fundamental to cybersecurity. This experience will not only make you a stronger candidate for future cybersecurity positions but also help you develop a holistic understanding of technology ecosystems. Every step forward in IT is a step closer to your cybersecurity goals. Tyler Wall is the founder of Cyber NOW Educati on. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

How to Network in Cybersecurity Networking in cybersecurity offers far more than just potential job leads. Good networking helps you gain insider knowledge and stay updated on industry trends. You gain access to a wealth of collective experience and insights by engaging with peers and thought leaders. Cybersecurity can be a challenging and high-pressure field. Building a professional network provides you with an invaluable support system. You will become part of a community of like-minded professionals who understand the unique demands of the job and the job search process. This network can offer guidance, mentorship, and emotional support, helping you navigate career challenges, combat burnout, and find encouragement in difficult times. Effective networking in cybersecurity will open doors to new opportunities. It will foster continuous learning and create a support system to help your long-term success in this field. LinkedIn for Your Brand LinkedIn is more than a social media platform. It can be the first impression you give to a potential employer. Your LinkedIn profile is like an actor’s calling card. The profile should make them want to hire you. Professional Profile Picture Some of us may be shy about taking pictures, but this is one moment when you really need to get over that fear and post a profile picture. They say, “A picture is worth a thousand words.” Take a high-quality headshot where you are dressed professionally. Select a neutral background that doesn’t distract from your face. Consider customizing your background image or banner using a tool like Canva to reflect your personal brand. In addition, create a custom professional URL for your profile (e.g.,   linkedin.com/in/yourname ). This URL looks much more polished when it is included in job applications and resumes. Make sure your contact info is up-to-date so recruiters can easily reach you.  If you do not want to spend a bunch of money on a professional headshot, this is an area where AI can excel. We have found the AI company Dreamwave AI to offer an affordable package for producing professional quality headshots from a number of your less professional selfies.  They will send you hundreds of AI-generated images, and one or two are bound to look just like you. Headliners Craft a catchy headline that goes beyond your job title. Include your expertise and what you bring to the table. Look at this from the point of view of what the hiring manager is hiring for.  For instance, they’re not hiring for an engaging creative artist; they’re hiring for an Entry-Level or Aspiring SOC Analyst and the skills associated with it. Incorporate industry-specific keywords to enhance search visibility. You can find specific keywords by looking over job postings and taking some of their content to describe your experience.  Remember, hiring managers are always more inclined to employ likable employees. Do not be afraid to make it personal and authentic when you share your career goals, motivations, and values in the About Section. Use storytelling to connect with your audience. Work Experience and Key Skills List relevant work experiences and use specific keywords related to your industry. As much as possible, highlight your achievements rather than the tasks you did in each role. Focus on quantifiable results (show them the data!) and use action verbs.  Identify and list 10-20 relevant skills used for each position.  When recruiters search LinkedIn, they are searching for these skills; if they aren’t there, they can’t search for you. And, as you write each experience, make sure to show how you used those skills in practice.  Do not hesitate to list any internships or volunteer experiences that are relevant to the roles you are seeking.  Endorsements and Recommendations Do not be afraid to ask those you have worked with you for LinkedIn recommendations. You will build credibility with every personalized recommendation and skill endorsement from colleagues and supervisors. Recruiters will read through any recommendations to gauge your ability to work with them. They will also take time to look into your skills and qualifications. But to be successful, remember: don’t just take! Networking is an equal parts dance, so offer to write recommendations for others to encourage reciprocity. Multimedia Content & Projects Add multimedia elements like videos, presentations, or portfolios to showcase your work. Ensure all content is professional and aligns with your brand. Use the Projects section to detail key initiatives you’ve worked on. Include measurable outcomes to demonstrate your impact. The featured section is critical to your LinkedIn profile.  This is an opportunity to link to your blog, GitHub, and other websites so that the recruiter or hiring manager spends more time considering you as a candidate.  Don’t waste this opportunity. Optimizing your LinkedIn To maximize your networking potential on LinkedIn, start by optimizing your profile for cybersecurity roles. Highlight relevant skills, certifications, and experiences that showcase your expertise in the field. When job hunting, leverage the "Open to Work" feature strategically. When you are still employed, consider setting its visibility to "Recruiters Only" – this discreet option signals your availability to recruiters without alerting your current employer or colleagues. You can maintain confidentiality while still opening doors to new opportunities. However, making your job search public has potential advantages since it could prompt your network to share leads. While there are fervent teams on each side of the “Open to Work” banner, it seems that when the profile meets the qualifications, the recruiters will reach out. Remember, your LinkedIn profile is often your first impression on employers, so ensure it accurately reflects your cybersecurity focus and career aspirations. Connecting with Recruiters There are two general strategies for recruiters and LinkedIn, the first is to reach out to recruiters, and the second is to make recruiters come to do, and you need to be doing both.  By optimizing your LinkedIn profile above, you will occasionally get targeted messages from recruiters who are looking to fill a role that matches your profile.  To reach out, the first thing you need to do is identify relevant recruiters.  The easiest way to do this is to find them from job postings on LinkedIn, but you can also do a text search for recruiters who have posted that they’re hiring for positions.  Once you've identified relevant recruiters, the next step is to reach out and establish a connection. Here's how to do it effectively: Sample Message Template When contacting a recruiter, keep your message concise, professional, and tailored to your situation. Here's a template you can adapt: Subject: [Your Job Title] Seeking New Opportunities Hi [Recruiter's Name], I hope this message finds you well. I'm a [Your Job Title] with [X] years of experience in [Your Industry/Field], currently exploring new opportunities in [Target Industry/Role]. I noticed that you are recruiting/hiring for a [Specific role], and I'd love to connect to discuss how my skills in [Your Key Skills] might align with your client's needs. Would you be open to a brief conversation about potential opportunities or reviewing my resume?  Thank you for your time and consideration. Best regards, [Your Name] Remember to personalize this template based on your research of the recruiter and their specialization. Keep your message under 100 words for higher response rates. Follow-up Strategies Don't be discouraged if you don't receive a response to your initial message. Follow these strategies for effective follow-up: Wait about one to two weeks before sending a follow-up message. Be polite and professional. Maintain a courteous tone, acknowledging that recruiters are often very busy. In your follow-up, provide new information to reiterate your interest, but always keep it brief. Your follow-up should be even shorter than your initial message. Example follow-up message: Hi [Recruiter's Name], I hope you're having a great week. I just wanted to follow up on my previous message about potential opportunities in [Target Industry/Role]. I've recently [completed a relevant project/earned a new certification], which I thought might be of interest. I'm still very interested in connecting. If now isn't a good time, please let me know when would be better to reach out again. Thank you for your time. Best regards, [Your Name] If you don't receive a response after your follow-up, it's best to focus your efforts elsewhere for the time being. Remember, building relationships with recruiters is a long-term strategy. Even with no immediate opportunities, maintaining professional connections can be valuable for your future career moves. Networking with Others While connecting with recruiters is crucial, networking with fellow cybersecurity professionals can be equally valuable for your career growth and job search. When reaching out to peers, focus on building genuine relationships rather than immediately asking for job leads.  Here's a sample template for connecting with cybersecurity professionals: "Hi [Name], I came across your profile and was impressed by your work in [specific area of cybersecurity]. I am also in the field, I'd love to connect and share about [relevant topic]. Would you be open to a brief chat?"  OR "Hi [Name], I was reading your post on [chose something recent] and appreciated it because [mention something you liked]. I am also in the field, I'd love to connect here." When interacting on LinkedIn, maintain professional etiquette. Always personalize your connection requests and engage meaningfully with others' posts. Share valuable content related to cybersecurity, and be respectful of others' time and boundaries. Avoid hard-selling yourself or your services in initial interactions. Instead, focus on building rapport and establishing yourself as knowledgeable and collaborative. This approach can lead to organic opportunities and valuable professional relationships over time. Your connections will also notice when you engage with their content. So, actively participate in their posts before you reach out to them. You will have a higher chance they will want to connect with you, and you will have something to talk about with them right away!     LinkedIn Groups Engaging with LinkedIn groups is necessary if you want to expand your network and improve your job prospects. By actively participating in relevant cybersecurity groups, you can connect with like-minded individuals, industry experts, and potential employers. Within these groups, actively share insights so you can position yourself as a knowledgeable contributor in the field. Contribute valuable content, ask thoughtful questions, and engage in meaningful conversations. You can build relationships that may lead to job opportunities and collaborations, strengthening your presence in the competitive job market.   Here are some LinkedIn Groups you can consider joining: - SOC Analyst Jobs - Cloud Security Alliance   - Information Security Careers Network (ISCN) - Information Security Network - Cyber Security Forum Initiative (CSFI) Industry Conferences and Events Attending industry conferences and events is an essential aspect of networking in the cybersecurity field. These are great opportunities to connect with peers, learn about the latest trends, and showcase your expertise. Several high-profile conferences stand out in the cybersecurity field. I want to recommend some of the best below. Major Cybersecurity Conferences Black Hat : Known for its technical focus, it attracts security professionals, researchers, and hackers worldwide. It features cutting-edge research presentations and hands-on training sessions. It's expensive. DEF CON : The world's largest hacker convention, DEF CON is famous for its informal atmosphere and various activities, including capture-the-flag contests, lock-picking villages, and social engineering competitions. Due to its affordability, this is likely the first big conference you will go to, and it is one you won’t likely forget. RSA Conference : This conference is one of the largest in the industry, covering a wide range of cybersecurity topics. It's a valuable opportunity to network with vendors and learn about new security products and services. Local and Regional Cybersecurity Meetups While large conferences are important, don't overlook the value of smaller, local events. They’re nearby, and you can get to them easily and more frequently.  OWASP Chapters :  Many cities have local chapters of the Open Web Application Security Project, which organize regular meetups and workshops. BSides Events : These community-driven conferences occur in many cities worldwide and offer a more personal setting for networking and knowledge sharing. Industry-Specific Meetups: Look for gatherings that focus on your particular area of interest within cybersecurity, such as cloud security or incident response. Virtual Conferences and Webinars In recent years, virtual events have become increasingly popular and offer unique networking opportunities as well: Online Conferences: Many major conferences now offer virtual attendance options, allowing you to network globally without travel. Webinars : Regular webinars hosted by companies (including our own at Cyber NOW®), educational institutions, or industry leaders can be excellent opportunities to learn and connect with speakers and attendees. Networking Tips for In-Person Events Like with online networking, you will create connections with peers and potential employers. Since you will be interacting in person, it can be helpful if you have come up with a couple of ways to introduce yourself. If you are more introverted, practice introducing yourself at home with family and friends. This will help you feel less anxious and look relaxed when interacting. Your introduction to the employer can highlight your passion for the industry and what you hope to gain from the event. Preparing Your Elevator Pitch Craft a concise, engaging introduction that highlights: Your name and current role Your key skills or areas of expertise What you're passionate about in cybersecurity What you're hoping to gain from the event For example, you might say, "Hi, I'm Alex Johnson, a recent graduate with a background in computer science and a strong passion for network security. I specialize in threat detection and vulnerability assessment, and I'm eager to learn more about the latest trends in cybersecurity. "  Make sure you take a notebook and pen to the in-person events. Ask everyone you meet for their contact information. Most people will happily provide you with their LinkedIn and email addresses. Write down this information and a brief note on what you discussed with the person.  I suggest this method over using your phone because it is more personal. Follow-Up Techniques Post-Event In-person networking is only as effective as your follow-up strategy. The goal is to turn conference connections into lasting professional relationships.  Within 48 hours of meeting someone in person, send them a personalized connection request on LinkedIn. You can reference your specific conversation or shared interests in your follow-up message. If you promised to share relevant articles, resources, or your resume during your interaction, do so in your follow-up message. One way to track where and when you met each contact is by reiterating this information in your first message. If appropriate, suggest a virtual coffee chat to continue the conversation. Remember, the goal of attending these events is to collect business cards or LinkedIn connections and build meaningful professional relationships that can enhance your career in cybersecurity. Joining Professional Organizations Becoming a member of professional cybersecurity organizations can significantly increase your networking opportunities and career development. These associations offer many resources, educational opportunities, and platforms for connecting with industry peers. Cybersecurity Associations to consider: (ISC)² (International Information System Security Certification Consortium) (ISC)² is renowned for its prestigious Certified Information Systems Security Professional (CISSP) certification, which is highly regarded in the industry. In addition to the CISSP, the organization offers a variety of other certifications, including the Systems Security Certified Practitioner (SSCP), Cloud Security Professional (CCSP), and Certified Secure Software Lifecycle Professional (CSSLP). (ISC)² focuses on developing and maintaining high professional standards in information security, providing members with access to a wealth of resources and a global network of security professionals.  ISC(2) has chapter meetings in most cities with a membership that isn’t related to being a credential holder.  Many people attend ISC(2) meetings without having one of their certifications.  Membership to an ISC(2) requires dues that are collected separately from ISC(2) themselves. ISACA (Information Systems Audit and Control Association) ISACA is known for providing globally recognized certifications such as the Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), and Certified in Risk and Information Systems Control (CRISC). The organization emphasizes the importance of governance, risk management, and information systems control, making it a valuable resource for IT governance professionals. ISACA also offers extensive resources, including research, training, and networking opportunities, to help members stay current in an ever-evolving field. ISSA (Information Systems Security Association) The Information Systems Security Association (ISSA) is a not-for-profit international organization dedicated to information security professionals and practitioners. ISSA promotes management practices that ensure the confidentiality, integrity, and availability of information resources. The association facilitates interaction and education among its members, fostering a collaborative environment that enhances global information systems security. Through various events and resources, ISSA aims to create a more successful and secure information security landscape. OWASP (Open Web Application Security Project) The Open Web Application Security Project (OWASP) is a nonprofit foundation dedicated to improving software security. It is best known for its Top 10 Web Application Security Risks report, which highlights the most critical security issues in web applications. OWASP offers local chapter meetings and global events that bring together security professionals to share knowledge and best practices. By fostering a community focused on improving application security, OWASP plays a crucial role in enhancing the overall security posture of organizations worldwide. Benefits of Membership and Participation Joining and actively engaging with professional cybersecurity organizations can significantly boost your career development and networking opportunities. These associations offer a wealth of resources for professional growth, including access to cutting-edge training, workshops, and conferences that keep your skills sharp and current. Many organizations provide pathways to earn industry-recognized certifications, often at discounted rates for members, adding to your credibility and marketability. The networking potential is immense, with opportunities to connect with peers, mentors, and potential employers through both in-person events and online forums. Members typically gain access to exclusive career resources, including specialized job boards, career guidance, and salary surveys specific to the cybersecurity field. Online Communities Online platforms have become invaluable tools for networking in the cybersecurity field. These virtual spaces offer unique opportunities to connect with professionals, share knowledge, and stay updated on the latest trends and threats in the industry. Discord  is a very popular platform for cybersecurity communities, offering real-time communication and collaboration. The Cyber NOW Education (CNE) Discord server is too quiet sometimes, and we’re waiting for you to come to add value. Another Discord community you can join is the Black Hills Information Security (BHIS) server. This much larger discord is often very active and offers a great place to meet other professionals just like you. The BHIS Discord has a library of resources, including access to webcasts, tools, and discussions with experienced professionals.  Def Con also has its own very active Discord server.  Darknet Diaries is also a good place to meet folks and an excellent podcast to listen to! There is one called InfoSec Community , and Wild Wild West Hacking Fest gets active around the time of their conference.  Reddit  serves as another powerful platform for cybersecurity networking and information sharing. The r/netsec subreddit is a goldmine for technical discussions on network and information security. It's an excellent place to find in-depth analyses of recent vulnerabilities, tools, and research papers. You can also join r/cybersecurity for a mix of news, career advice, and industry trends. Take time to engage with experts and peers through comments and discussions.  But be careful here; Reddit can be very toxic, so watch for trolls and remember to let the water roll off your back. By actively participating across these platforms – sharing insights, asking questions, and engaging in discussions – you can expand your network, enhance your knowledge, and stay up-to-date with the field. By a general rule of thumb, the smaller a group you participate in, the more impact you have in making meaningful connections. There is nothing more potent than a one-on-one conversation with someone. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here . and winner of the 2024 Cybersecurity Excellence Awards.

How to Choose a Cloud Security Certification Let us talk about increasing your cloud security knowledge via certifications.  Getting certified has traditionally been the best way in Technology to demonstrate your knowledge about a subject and that you are serious about a particular topic—cloud security, in this instance. It is also a great way to build a foundational knowledge of cloud security if you are unfamiliar with the subject and to get your foot in the door for a career.    Certifications - Good or Bad?  Cybersecurity professionals often have a love/hate relationship with certifications. Some scoff at them and consider them no substitute for experience, while others believe they are a necessary validation of knowledge for every security pro. I believe cloud security certifications can be very useful in helping professionals get started and give a good baseline on which you can build your experience. However, one problem new entrants into this field face is the cloud security certification path they should choose. There are two paths for a Cloud Security Certification.  Platform Agnostic: Certifications that are not bound to any specific platform like Google, Azure, or AWS and instead focus more on technical concepts and creating a solid foundational knowledge of the cloud  Platform Specific: Certifications like AWS security specialty or Azure Security Engineer specific to a particular platform. These usually assume you know the platform you are trying to secure.  If you have ZERO knowledge of cloud concepts, I would suggest going with a platform agnostic cert before attempting the platform ones. Before focusing on a specific cloud provider, you must ensure your foundation is rock solid. Let's look at the most popular certs in the market.  Platform agnostic certifications  When talking about platform agnostic cloud certs, the discussion usually boils down to either the CCSK or CCSP. Let's look at each in detail:  CCSK (Certificate of Cloud Security Knowledge) Offered by the Cloud Security Alliance (CSA), the CCSK gives a great in-depth overview of Cloud Security concepts such as Cloud Architecture, Identity and Access Management, Key Management, etc. The exam can be taken online and has around 60 questions. It requires you to show knowledge of the below topics:  CSA Security Guidance for Critical Areas of Focus in Cloud Computing  CSA Cloud Control Matrix   Cloud Computing Risk Assessment  Below is the official description from CSA. The CCSK is an open-book, online exam completed in 90 minutes with 60 multiple-choice questions selected randomly from the CCSK question pool. Purchasing the exam costs $395 and provides two test attempts, which you will have two years to use. The minimum passing score is 80%.  The CCSK also has no prior work experience requirement to appear for the exam, however you should have a solid foundational knowledge of the cloud before attempting it. The CCSK is widely known and respected throughout the industry and is an excellent cert for getting your foot in the cloud security door. It has routinely been featured in the top certifications for Cloud Security, and you really cannot go wrong with getting CCSK certified if cloud security is something you are serious about. If you are serious, below are my top tips for getting CCSK certified.  Download the CCSK prep kit, which is free and gives all the prep material for Free!  Understand how the exam is structured.  It tests your knowledge about three key documents: the CSA Security Guidance for Critical Areas of Focus in Cloud Computing, the CSA Cloud Control Matrix, and the EU’s Agency for Cybersecurity’s Cloud Computing Risk Assessment.  Understand thoroughly the CSA Security Guidance for Critical Areas of Focus in Computing , which is a list of best practices recommended by security experts. 87% of the questions are based on this report, so know it inside out!  Read the ENISA risk assessment report , which comes with the prep kit. It is a thorough analysis of the risks and benefits of cloud computing. Know the guidance and the risk report inside out. Around 6% of the questions are based on this document.  I fully understand the Cloud Controls Matrix,   around 7% of the total exam. Enroll in self-paced training , which is easily available on Udemy. If you don't feel like shelling out $$$, there are some great videos freely available on YouTube.  Practice!  Please do not underestimate the exam and attempt to take it without taking a few practice exams. I suggest taking a month of prep for the CCSK cert. Make sure you have a solid foundation via the three documents and supplement it via training and practice tests. The exam itself is online and non-proctored, which makes it a more relaxing experience than other examinations. You usually find out the results immediately. Once you pass, the CCSK is a great stepping stone for other certs like the CCSP, AWS, Azure, etc.  CCSP ( Certified Cloud Security Professional )   ISC2 is famous for introducing the gold standard in security certs, the CISSP, so everyone was quite excited when they introduced their cloud security cert. The CCSP is similar to the CISSP and has become well respected in the industry for demonstrating cloud security expertise. It is meant for people with a few years of experience in the field.  The CCSP is structured as per the below domains:   Domain 1. Cloud Concepts, Architecture, and Design  Domain 2. Cloud Data Security  Domain 3. Cloud Platform & Infrastructure Security  Domain 4. Cloud Application Security  Domain 5. Cloud Security Operations Domain 6. Legal, Risk and Compliance  The CCSP also benefits from the respect and credibility that the CISSP already has in the industry, and at least one year of that experience should have been in one of the above domains.  The CCSP is not an entry-level cert like the CCSK.  Still, it has been made for information security leaders, cloud security managers, and experienced professionals with a few years under their belt. It proves you have an in-depth understanding of cloud security and how to secure applications. Unlike the CCSK, it has a five-year experience requirement, of which three must be in information security, and one must be in the six domains on the CCSP syllabus. If you are a junior engineer new to the cloud, I recommend the CCSK exam instead.  The official quote from (ISC)2 is“To qualify for the CCSP, candidates must pass the exam and have at least five years of cumulative, paid work experience in information technology, of which three years must be in information security, and one year in one or more of the six domains of the (ISC)2 CCSP Common Body of Knowledge (CBK®). A candidate who doesn’t yet have the required experience to become a CCSP may become an Associate of (ISC)2 after successfully passing the CCSP exam. The Associate of (ISC)2 will then have six years to earn the experience needed for the CCSP certification.”  An important point to note is that the CCSK cert can be substituted for one year of experience in cloud security, and CISSP holders automatically meet the experience requirements. So, if you have invested time and effort in getting these certifications, you can reap the benefits of your hard work!  Like the CCSK, the first step is to download the CCSP body of knowledge  and fully understand the breakup of the domains on which you will be tested. If you pass the CCSP exam, your expertise in these areas will be validated. If you are serious about passing the CCSP, I recommend buying the official guide for the CCSP, going through it religiously, and making notes of the critical points to understand. Unlike the CISSP, which is an inch deep and a mile wide, the CCSP is focused on cloud security and goes into much deeper detail on its concepts. I am recommending the official guide, but you can look at other alternatives and keep in mind, like official training and Udemy courses tailored for this specific exam.  There is no single magic book or course that will make you pass the CCSP exam. It is all about studying, practicing, and giving yourself enough time to be ready.  The most critical part of preparing for this exam is to practice like crazy.  Most of the information you get from the study guide and courses you will forget unless you apply it in practice exams. The official guide comes with sample questions, but you should invest in getting more practice questions to build up your confidence in these areas.  Give yourself enough time, and I recommend setting aside at least one month of dedicated practice for these exams. A good resource is the ISC2 electronic flashcards for CCSP which you can get for free on their website. Remember that ISC2 exams require you to prove that you maintain a high standard with regular Continuing Professional Education (CPE) credits submissions over three years. An Annual Maintenance Fee (AMF) is also to be paid annually. While the CCSP may seem more difficult and expensive than the CCSK ( and it is ), the benefits are tremendous to your career, as the CCSP regularly shows up on the list of the most in-demand certs.  CCSP vs CCSK  This one is tough to answer as both are excellent certs backed by respected organizations. I have attempted to break it down as per the three criteria:  Experience:  The CCSK does not have an experience requirement, and passing the exam is enough, while CCSP requires 5 years of experience in the infosec industry, one of those being in the cloud. The CCSK, therefore, is more suited to those who are at entry level and want to get into cloud security, whereas the CCSP is more geared towards experienced professionals.  Cost: As of this lecture, the CCSK exam is cheaper than the CCSP, but the latter also has those pesky Annual Maintenance Fees. Sometimes, companies are happy to reimburse the costs, so do check with your employer before proceeding.  I ndustry Standing: Both are respected certifications with good industry standing. You cannot go wrong with either of them when validating your cloud security expertise. Which you should choose depends on your career stage. If you are a mid-to senior-level professional, you should select the CCSP, while people new to cloud security should choose the CCSK. Platform-specific certifications  Let us move on to platform-specific certs, which show experience in a specific cloud provider. Cloud platforms like Azure, AWS, and GCP can have hundreds of services, and companies with critical workloads in the cloud want assurance that they can navigate them. A specialized cert will make you stand out in their eyes. Let’s look at what cloud security certification path you can take:  AWS Certified Security – Specialty  AWS is the most popular cloud platform in the world today, and the demand for certified AWS professionals will not go down anytime soon. Numerous certification paths are available, and a specialized AWS security cert is present.  The AWS Certified Security specialty is an excellent certification that shows you know your way around the vast number of security services present and how to configure services like AWS GuardDuty, Config, Security Hub, etc. AWS does recommend that you have a few years’ experience before taking this test, so if you do not have any experience with AWS, I would recommend first going with the AWS Solutions Architect Associate – Exam, as that gives you an excellent overview of the different AWS services and makes the AWS security specialty exam much more accessible in my opinion.  As the name suggests, this is not a beginner certification  but is for those with experience in AWS security. AWS AWS Certified Security – Specialty is intended for individuals who perform a security role and have at least two years of hands-on experience securing AWS workloads. However, if you already know AWS and want to demonstrate expertise in AWS security, then this is the best certification to go for  The certification is still going strong as of 2024 and is in demand. The AWS cloud ecosystem is the biggest among the major cloud providers, and cyber-security remains a top concern. You really cannot go wrong with having this on your resume.  According to the official exam guide on the AWS Certified Security Specialty page, the exam is pass or fail, with a minimum passing score of 750 out of 1000.  How to prepare for the AWS Security Specialty Certification  This is not a platform-agnostic cert like the CCSP and the CCSK, so it must be approached slightly differently. These are my key tips for preparing for it. Know your level:  While nothing is stopping you from making this your first AWS certification, if you are just starting out, I would recommend doing a beginner-level AWS certification like the AWS Certified Solutions Architect—Associate first. This will create an excellent foundation for AWS services such as IAM, KMS, and other concepts you will need in the future. The AWS security specialty assumes that you are already familiar with AWS terminology, which can become a big challenge if you attempt this as your first AWS cert.  Get hands-on with AWS Services : Another critical step would be to set up a home lab environment and start playing around with the AWS services so you can start understanding them. A vast number of AWS services are covered in the exam, and you should know all of them. Without having hands-on experience, you will not be able to understand questions that involve IAM Policies, EC2 instances, etc. Create an AWS free tier account and start playing around in the AWS cloud environment.  Learn AWS IAM inside and out:  AWS Identity and Access Management is one of the most challenging areas in the exam, requiring you to understand how policies are evaluated and in what order. Know the policy flow and evaluation logic and how IAM elements work. Start experimenting with the IAM policies in your AWS IAM account.  Be ready for “MOST” and “LEAST” questions : Many questions will attempt to trick you by providing correct responses, so you must pick the most suitable one. Understand the pros and cons of each AWS service so you can respond to these questions accurately, as there is no single wrong answer here.  Deep dive into Encryption and Logging : Many questions will cover scenarios pertaining to KMS keys and which type of encryption to use in a particular scenario. Additionally, you are expected to know the logging and alerting use cases of AWS CloudTrail and CloudWatch and how they differ from each other, along with best practices.  My tips for passing the exam  In addition to the above, these are the steps I took to pass my AWS security specialty exam:   Training:  Invest in training so you understand AWS security concepts in a structured way. I used A Cloud Guru training, which is one of the best ones around, but there are several good ones on Udemy and even YouTube. AWS also provides a free readiness course that goes over the essentials of the exam and is definitely recommended as a refresher.  Practice!  No amount of studying will prepare you for the exam without practice tests, so they are a must. Cloud Guru and Udemy courses have some excellent practice tests, but I recommend going for the one on WhizLabs as they were ( in my opinion ) the closest to the actual exam.  AWS Whitepapers:  AWS has some amazing whitepapers that go into great detail about security best practices and their security services. These are not mandatory but are recommended to be read once before the actual exam.  AWS Labs:  Lastly, AWS provides some great labs based on its well-architected framework, which I would suggest everyone go through once as they slowly build up their hands-on experience. These can be a great supplement to any training courses you take on and range from Foundational to intermediate to Advanced.  I hope this gave you a good overview of how to prepare for the AWS Security Specialty exam. The exam is not easy by any means, and there is no magic bullet or solution for passing it. Build up a solid base of technical knowledge and supplement it with practice exams, and you should ace it on the first try.  Microsoft Azure Security Engineer Associate  For those on the Microsoft Azure platform, the Azure Security Engineer associate validates your expertise in configuring security services and data protection. You are expected to have a good knowledge of the platform and understand how the different services interact with each other as per the Microsoft guide:  “Candidates for this exam should have subject matter expertise implementing Azure security controls that protect identity, access, data, applications, and networks in cloud and hybrid environments as part of an end-to-end infrastructure.”  One advantage is that most people are usually familiar with Microsoft Services, so the learning curve is not as steep as those new to AWS or Google Platform. You can get certified by passing the AZ-500 exam. However, one key point to note is that Microsoft has added lab questions to the Az-500 exam, so do not try this exam without first having some hands-on experience  with the platform and the different services that Azure offers.  When it comes to passing this, you can still pretty much apply the advice I gave for AWS Security Specialty to an Azure environment.  Google Cloud Security Engineer  Like the above two and rounding out the top three providers, the Google Security Engineer proves you can securely design and implement Google Cloud. The foundational elements are like Azure and AWS, which require knowledge of identity and access management, data protection, key management, etc. This is an excellent certification, and I recommend it if you plan to work on Google Cloud. It is also a stepping stone to one of the most in-demand certifications, the Google Professional Cloud Architect Cert (GPCA). Although technically not a security cert, this is a very in-demand cert, and professionals must have a firm knowledge of Google Cloud, one of the highest-paying certifications . Having the Google Cloud Security engineer gives you a great foundation to try this exam. As with the previous, when it comes to passing this, you can still pretty much use the advice I gave for AWS Security Specialty and apply it to an Azure environment.  Summary  I hope you got a better idea of the different cloud security certification paths in the market. These are great ways to show your expertise and boost your career but remember that they are not the end goal. Certifications get your foot in the door, but the cloud is a highly challenging field, and you will not go far without hands-on experience. Having many certifications will only help during the interview process, but your hard work and expertise will make a difference in the long run. Make sure that, along with the certification, you have the required skills to make your cloud career a long-lasting and successful one!  Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

Is cybersecurity a good career? Is Cybersecurity a Good Career? Over the last few years, the job market has shifted drastically across all industries, making it difficult to land the dream role. The field of cybersecurity is no exception. With more and more candidates being added to the pool every year, the competition has become increasingly intense. You might be asking yourself is cybersecurity a good career? Because you are considering this field, it is only fair to give you realistic advice about the industry so you don’t get blindsided as you try to find the proper role. With the increase in competition, entering cybersecurity may require some sacrifices. To land a role and succeed in this field, you need to be ready for the long haul. It will help if, like an Olympic athlete, you have an intense passion for the work, you don’t give up at the first challenge, and you are quick to adapt.  Unfortunately, with the current job market, having a fundamental interest in cybersecurity and a degree is not enough. These things will not necessarily make you stand out to recruiters and hiring managers. There are just too many other people entering the job market in that same situation. Consider these three  areas to see if you will be a good fit in the Cybersecurity space: Passion Resilience Adaptability Passion Now more than ever, you need a passion for cybersecurity to succeed. Because job searching can be long and tedious, love for the topic and the work are essential. Some sacrifice is involved in making it.  I’m sure you have heard the saying, “You are what you consume.” This also applies when it comes to showing passion for cybersecurity. Someone with a passion for the industry will live and breathe this field. You will stay informed on industry news by regularly reading articles and journals. In addition, you will surround yourself with like-minded people. Following and interacting with cybersecurity experts on social media and in person can go a long way. Connecting with those already in the field can speed up landing a role. A great place to find these thought leaders is on sites like Medium and LinkedIn.  Engage as much as you can in cybersecurity forums and online communities. Try to create genuine relationships with these professionals and learn as much as possible from those who have already reached your goal. Participating in cybersecurity conferences and continuing your education through webinars or online courses can deepen your knowledge. These activities can help you create real-life examples of your work to showcase to recruiters. If recruiters and hiring managers can’t see that you exude passion for the field, they might pass you up. You will stand out and prove you are passionate when you have tangibles to prove it. Don’t keep everything you are learning to yourself. Share it anywhere. A cybersecurity community is ready to listen, and it is in a place like LinkedIn where you know headhunters are around.  Those who genuinely have a passion for the field and are ready to give 110% to the job search process will have no problem being resilient when things don’t happen immediately. Resilience Resilience is a soft skill you will need to develop early in this career. You will encounter many setbacks during the job search and even in your day-to-day role at any company. You can practice resilience by learning to manage your emotions effectively. When there are setbacks or complex challenges, it's essential to self-regulate. A resilient person does not let their negative emotions eclipse them. You will need to learn to cope with disappointments and failures effectively. To stay employable in this field, it’s good to develop the ability to bounce back quickly from setbacks and keep moving forward. Like riding a bike, this skill is acquired through consistent practice. Whenever you encounter a challenge or setback, practice not focusing on the feelings of failure or disappointment. Instead, analyze what went wrong in the situation, what you learned, and how you can prevent this in the future.  Practice focusing on the positive part of every situation. Consider what invaluable knowledge you have gained from the experience and remind yourself that you are constantly learning new things. There will be moments when you may not have the best answer right away, and let’s face it, sometimes we just get it wrong. Setting realistic goals and expectations is critical. Everyone in the field started at zero, just like you. Resilience can give you the added motivation not to give up when you face a challenge that a senior-level professional could solve quickly. You have to be realistic about what you can do at your level and continue to have the drive to keep learning and improving.   Managing feelings of disappointment, focusing on lessons learned, and having realistic expectations will improve your resilience and help you embody adaptability, another skill crucial to cybersecurity. Adaptability Every Cybersecurity professional has to be adaptable. Since this field changes and develops constantly, you must be ready to change. Adaptability will be a skill you use continually in your day-to-day role. However, it can even benefit you in the job search process. Years back, there was a significant need for additional professionals to join the job market in this field. However, the landscape has changed drastically in recent years. Landing an entry-level role by simply applying with basic qualifications is no longer feasible. Though not impossible, you will have to be adaptable. For example, you may have a role in mind in a specialty you enjoy, but when you apply, you find out that the experience requirements are far greater than you expected. You can adapt by looking for roles that fit your current qualifications. Initially, you may have to assume an entry-level role with a less-than-ideal shift. Then, with time, transition to the specialty and change of your choice. This may take more time and effort, but by adjusting, you can land a role and gain the additional experience and knowledge you need to be competitive in the job market. Another thing that can help is to build a support system of colleagues and friends. Those who have gone through a similar experience can give you tips and “tricks of the trade” to help you get through these situations.  Being willing to adjust your career plan is a way to practice resilience. Remember, there is a solution for every problem, but it may not be what you initially thought of. This can help you stay motivated in this career. Since there will be ups and downs in the job search process, being able to quickly shift and take in feedback from others who have made it to where you want to go is invaluable. Navigating the cybersecurity field and its job market will require a deep-seated passion, resilience, and adaptability on your part. As the job market becomes increasingly competitive, it's crucial to cultivate these skills to stand out. Passion will drive you to stay informed and engaged. Resilience will help you bounce back from setbacks and maintain a positive outlook. Being adaptable ensures that you can pivot your strategies and expectations in response to the changes in the industry. By actively practicing these skills, you can position yourself for success in the job search process and your future career. I don't want to leave this KB article without leaving it on a high note. We can summarize the recent demand for cybersecurity changes to AI and automation, but I want you to see the big picture. The big picture is that the demand for cybersecurity persons is an ebb and flow, and right now, we're just ebbing. In the next few years, there will be another flow, another significant demand for cybersecurity, and that is when quantum will make its leap, and there will be a massive need for individuals to fix the encryption that will break overnight. This is but one example, one we know of, that will shift the demand, but there is always that groundbreaking technology that will come up when we least expect it. The demand isn't stagnant. Stick with it.

How to Build a Resume Funnel When you're just starting in cybersecurity, you're up against tough competition. After all, a hiring manager can open a job requisition and get 500 applicants the same day. Getting a cybersecurity job has always been semi-difficult, but today, it's tough. A perfect storm of an influx of candidates graduating and preparing for roles in this industry, coupled with the reduced amount of work due to automation and AI, means there are just so many people who want jobs and so few who are hiring. This is how to build a resume funnel. When a hiring manager reviews the 500 applicants, it's a job no one wants to do; it's boring, and all the candidates look the same. The strategy for you is to make the hiring manager invest more time in you as a unique candidate and invest in you as a unique person. On your resume, at the top center should be your name and any significant certifications, the following line should be your contact details, and the third line should be a link to your blog/medium. The hiring manager will immediately see this as unique in a classy, non-flashy way. If the hiring manager scans the rest of your one- to two-page resume and likes it, they will click on this link and your LinkedIn link to learn more about you. The goal of this funnel is to make the hiring manager invest time in you as a candidate. In the following two sections, we are going to talk about your LinkedIn and your Medium LinkedIn Improving your LinkedIn is almost universal advice for increasing your chances of getting a better-paying job. LinkedIn is the new resume; most recruiters find you there if they are looking for your skillset. If your LinkedIn is drab and boring, you significantly reduce your chances of being discovered, no matter how strong your cyber-security knowledge is. Apart from the general stuff like putting in your certifications and job title, there are some tips you should keep in mind. Use the LinkedIn banner image and headline to grab attention. Take full advantage of the “Featured” section on your LinkedIn profile. This is the best place to showcase your achievements and awards you might have won. Also, please provide any good articles you might have written, videos, etc. When describing your current job experience, do not just include your job description and what you do; also include your achievements and the extra stuff you did to stand out in your current position. Remember that the hiring manager is interested in your unique strengths, not just your 9–5 duties! Use the media section for each job to add any awards or conferences you attended while in this position. Medium If you want to start building up a brand as a cybersecurity expert, then Medium is quite possibly one of the best places to start doing it. It is a free blogging site with a massive built-in audience of technology professionals, and the next one might be your new manager. Choose a few topics on your road to cybersecurity, tutorials for any projects you've worked on, cybersecurity product or service reviews, training reviews, and reviews on any books you've read; try not to sound too pessimistic, and write at least two articles every week. Share them on LinkedIn and see the magic happen as more people follow and interact with you. Leave a banner at the end of every Medium article connecting to your LinkedIn profile. SOC Conferences & Meetups Word of mouth is your friend! It is important to grow your network. Having a broad network of people you can talk to professionally opens up new opportunities and gives you people to discuss your new ideas with. Professional connections help you stay on top of the latest trends, such as news or technical techniques, that will benefit you greatly. There are many opportunities to get involved in projects or communities that are local to your area. Some of these include: 2600:  2600 ( 2600.org ) is an organization deeply rooted in hacker culture. Today, it exists as a website, meetup space, conference, and magazine, to name a few. The history of hacking is fascinating, and their name comes from 2600hz, which is the frequency at which a plastic whistle found inside a Captain Crunch box sounded when blown. Blown into a payphone allowed the hacker to make free phone calls. DEF CON:  The crown jewel of hacking conferences. The DEF CON conference is traditionally held annually in the summer in Las Vegas, NV. It is considered a pilgrimage for anyone in infosec! There is so much to do, so many knobs to twist, bells to ding, and big red buttons to push; you will never have time to do it all. What makes this conference great for your career is that recruiters love it! I have heard so many stories of people getting job offers on the spot at DEF CON. DEF CON is even better if you volunteer at the events. You will meet more people and at a deeper level. Additionally, DEF CON has “DEF CON groups,” which are smaller DEF CON meetings in your local areas, usually every month. This is also a great way to network with your regional infosec peers to see what is happening in your local infosec industry and hopefully pick up a lead! BSides:  BSides is a popular conference held locally in many cities and during the same time frame as DEF CON in Las Vegas. It is relatively popular and offers a lot of value. Tickets are cheap (and free if you volunteer), giving you access to what is happening and the people in your area. OWASP:  The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve software security. Through community-led open-source software projects, hundreds of local chapters worldwide, tens of thousands of members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure the Web. Hackerspaces   and   Makerspaces:  These meetups in your local areas are a great way to meet people, tinker, pull knobs, and push buttons. Sometimes, these meetings allow their members to give presentations in a show-and-tell format, which is a great way to build your presentation skills. If you have been attending meetings in your surrounding areas, don’t forget to take a pencil and notepad to write down emails and contact info of the people you meet. It is not weird and doesn’t feel uncomfortable; everyone there is there for the same reason, and you’d be lucky to have a notepad. Most people would feel flattered if you cared enough to write their information on the notepad. Tell your new friends you want to keep in contact and be on the lookout for them. Follow up with everyone the day after, and send them your resume to share with others. Knowing someone who will refer you might be your only way in with so many applicants. If someone refers you, you get to skip the line and miss the whole first stage, and they will automatically pick up your resume from the pile and give you an interview. Online Chats Getting your name out there online is also important. Start getting involved in groups like the Cyber NOW Discord and the more popular ones like the Black Hills Information Security Discord (BHIS). There are many other online Discords and Slacks that you can join to get to know people and sometimes get the latest job offerings before they hit the public. Competitions This KB wouldn’t be complete if we didn’t take a minute to talk about capture-the-flag (CTF) competitions.  Capture-the-flag has been around since the beginning, and it started with vulnerable applications and systems with text strings hidden inside of them.  The participant finds the text string and submits it to the judges, and they get points for every proof that they’ve hacked it.  It started in 1996 at DEF CON (mentioned above) and today has evolved into all sorts of various capture-the-flag challenges inside and outside of conferences.  Tyler’s favorite challenge is the DEF CON Blue Team Village capture-the-flag, but he has competed in Ghost in the Shellcode, SANS Netwars, Holiday Hack, and CSAW, and was a mentor for high schoolers for the CyberPatriot program.  Tyler was never fantastic at them but always competed on a team, which was fun. Most bigger conferences other than DEF CON will have their capture-the-flag competitions. For instance, the Splunk conference, Splunk.conf, hosts a popular capture-the-flag called BOTS for the Boss of the SOC, which is very challenging and popular (congrats, VMware, for taking 3rd in 2023!). If you are in college, there are many student-oriented capture-the-flag competitions, and perhaps the biggest one that should be on your radar is the Collegiate Cyber Defense Competition (CCDC). In addition to these, there are many online CTF competitions and challenges that not only have communities that you can join and participate in to enhance your networking by finding common ground with new people but also provide awards, credentials, and overall bragging rights.  The most popular online CTF platform today that I would recommend you look at is TryHackMe (THM).  TryHackMe’s popularity has skyrocketed for being the premier hacking challenge, and it's expected to look around on LinkedIn and see analysts advertising that they are “Top 2% in TryHackMe” or “Top 5% TryHackMe”. If you get serious about playing the game and showing off your skills, you can purchase the subscription to make your learning and earning points faster. TryHackMe offers guided walkthroughs and is best suited for beginners.  Hack the Box (HTB) is another platform like TryHackMe, except it is a little more expensive for its subscription program, and you’re a bit more on your own with its challenges. HTB's claim to fame is that it is the top cybersecurity upskilling platform. However, the platform does require a basic understanding of pen-testing and may not be as beginner-friendly as other alternatives. It is very comprehensive and challenging. On the other hand, for defense (blue team) challenges, Lets Defend is rising in popularity. They have a free option, but it's a subscription purchase for the SOC Analyst track. They have some neat challenges that would give you hands-on exposure to some of the things we do daily and even give you a certificate to share on LinkedIn. I hope this short KB has given you some ideas for building your brand The Resume Funnel Strategy . We will continue to work on building a brand that employers want. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

How to Hack with Google Google is a powerful tool for reconnaissance. It is also a great way to find sensitive information online using what's known as Google Dorks. Google Dorking, also known as Google Hacking, is a search technique that uses advanced search operators to find information on the internet that may not be available through standard search queries. It uses Google's search algorithms to find specific text strings in search results. Notably, while the term “hacking” suggests an illicit activity, Google Dorking is entirely legal and often used by security professionals to identify vulnerabilities in their systems. While Google Dorking can reveal sensitive information if it’s publicly accessible, using this technique doesn’t breach any laws or Google’s terms of service. This is how to hack with Google. Different Google Dorking Techniques Google Dorking techniques primarily involve using specific search operators. Below are some of the most commonly used methods: Filetype: This operator searches for specific file types. For example, `filetype:pdf` would return PDF files. Inurl: The `inurl:` operator can be used to find specific words within the URL of a page. For example, `inurl:login` would return pages with ‘login’ in the URL. Intext: With the `intext:` operator, you can search for specific text within the content of a web page. For example, `intext:”password”` would yield pages that contain the word “password”. Intitle: The `intitle:` operator is used to search for specific terms in the title of a webpage. For example, `intitle:”index of”` could reveal web servers with directory listing enabled. Link: The `link:` operator can be used to find pages that link to a specific URL. For example, `link:example.com` would find pages linking to example.com. Site: The `site:` operator allows you to search within a specific site. For example, `site:example.com` would search within example.com. These techniques are powerful tools for information gathering and should be used responsibly. While Google Dorking is legal and can be used for legitimate research and security purposes, misuse can violate privacy and potentially be illegal. The Google Hacking Database The Google Hacking Database (GHDB) is a collection of Google search queries, or "Google Dorks", that are organized into categories to help cybersecurity professionals identify potential vulnerabilities . The database was created in 2004 by cybersecurity researcher Johnny Long, who began collecting Google search queries in 2002 that uncovered sensitive information or vulnerable systems.  Attackers use the GHDB as a tool for advanced Google searching and information gathering. For example, the wildcard operator (*) can be used to search for variable words in a phrase, and the Site: operator can be used to find results on a specific website or domain.  Google Dorking can also return information that isn't intended for public viewing. Fast Finds intitle:"hacked by" inurl:upload inurl:/admin/login.php intitle:("Iniciar sesion" OR "hacked") intitle:"(SSI Web Shell)" AND intext:"(ls -al)" s3 site:amazonaws.com filetype:xls password inurl: document/d intext: ssn Hack NOW! course by Dr. Bryson Payne out now on the on-demand section of the website. 8.5 hours of learning to hack with quizzes and lab to earn your Certified Junior Hacker (CJH) certification. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, Kindle, or PDF versions. The downloadable PDF version can be grabbed here .

Want to go snooping? Go to any website, facebook, banks, school logins, where a password is saved and hope that its reused everywhere. Learn how to hack facebook passwords with lab. Open Google Chrome and go to https://facebook.com/login If they have a saved password then right-click (or CONTROL-click on a Mac) on the password field and select Inspect Find type="password" and double-click on the word password With password highlighted, press the spacebar to replace password with a space (type= " ") Press ENTER to display the updated code in the browser This is a perfect example of why everyone should always use two factor authentication every chance they get, and never ever save passwords in your browser. HACK NOW! course based on the book by Dr. Bryson Payne Go H*CK Yourself  out for purchase now. He's even got car hacking covered. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

Common Port Scanning Techniques In the world of information security, port scanning is a vital part. Enterprises, organizations or regular users use port scans to probe systems for open ports and their respective services. If you think of a computer as a hallway of doors, port scanning can be compared with walking through the hallway looking for open doors. Penetration testers like I once was use this information to find entry ways into the computer. Port scanning is part of the “active reconnaissance” phase, a vital part of any penetration test. I aim to explain to you a few of the common port scanning techniques. PING PORT SCANING Ping Scans are used to sweep a whole network block or a single target to check to see if the target is alive. It sends an ICMP echo request to the target – if the response is an ICMP reply, then you know the target is alive. However, it is increasingly becoming more common that ICMP pings are being blocked by firewalls and routers that you will likely have to resort to other methods to accurately tell if the target is alive. TCP Half-Open This is probably the most common type of port scan. This is a relatively quick scan that can potentially scan thousands of ports per second. It works this way because it does not complete the TCP handshake process. It simply sends a packet with the SYN flag set and waits for the SYN-ACK from the target and does not complete the connection. When you initiate a TCP connection you first send a packet with the SYN (synchronize) flag set to the destination. The destination then acknowledges this synchronize request with a packet with the SYN-ACK (synchronize-acknowledge) flag set. Finally, the sender acknowledges that it got the SYN-ACK response packet by sending the destination a packet with the ACK flag set. Now, a connection is established. By not sending the final ACK packet to the target after receiving a SYN-ACK, a connection is not established; however, you now know if the target/port is available and listening. If you receive a RST (reset) packet back from the target, then you know that the target is active; however, the port is closed. If no response is received and you know that the target is alive, then the port is considered filtered. TCP CONNECT This is essentially the same as the half-open scan above but instead, we finish the handshake process and establish a connection by sending the final ACK packet. This is a much slower means of port scanning as it takes more packets to finish. UDP UDP scans are most common to detect DNS, SNMP and DHCP services. UDP scans work by sending a packet, which is usually empty. This can be changed or even set to a random payload for each port. If the target responds with an ICMP unreachable error (type 3, code 3) packet, you know the port is considered closed. If it responds with an ICMP unreachable error packet with other codes, the packet is considered filtered. If no response is received at all, the port is considered open or filtered. The reason why it might be filtered is that packet filters might be in use that are blocking the communication. Version enumeration could very well help in knowing if packet filters are involved. The problem with using any communication with UDP is that it is unreliable – it has no way of creating an established connection or synchronizing the packets like TCP does. For this reason, UDP scans are typically slow. Because you are waiting for a packet that may never come, nor do you have any real way of telling if the packet even got there in the first place, you might have to send numerous packets then wait to make sure a port is considered open or filtered. STEALTH SCANNING – NULL, FIN, X-MAS These scan types are known as stealth scanning because you are crafting the packets flags in such a way that you are trying to induce some type of response from the target without actually going through the handshaking process and establishing a connection. The FIN scan sends a packet that would never occur in the real world. It sends a packet with the FIN flag set without first establishing a connection with the target. If a RST (reset) packet is received back from the target due to the way the RFC is written, the port is considered closed. If no packet is received at all, the port is considered open. The X-MAS tree scan gets its name because it “lights up the packet light a Christmas tree.” It sets a TCP packet with URG, PUSH, FIN flags and fires it at the target. Again, if no packet is received, the port is considered open and if a RST packet is received, the port is considered closed. NULL scans also send a packet that should never occur in the real world. It does not set any flags on the TCP packet and fires it at the target. Like above, a RST packet response means it's a closed port – no response is considered an open port. These scans are great because they are unlikely to appear in logs and are some of the most minimal port scanning techniques available. The bad thing is, though, the way Microsoft implements the TCP/IP stack, all ports will be considered closed. However, if you DO receive an open port, you now know that the target is NOT running a Microsoft Operating System. As a conclusion, port scanning is one of the first steps in any vulnerability analysis or penetration test. Knowing which ports are open is the beginning of being able to actively communicate with the target. One of the best port scanners available is www.nmap.org . Nmap is an incredibly powerful and versatile port scanner with its own scripting engine. I can’t stress enough how much nmap comes in handy and is used professionally. I hope you have found this information to be useful.   Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

What to Do if You Make a Mistake in Cybersecurity At some point in your career, you will make mistakes—small mistakes, big mistakes, even career-defining mistakes. I am writing this in retrospect because during the course of my job duties, I made a big mistake. This is what to do if you make a mistake in cybersecurity. The details are irrelevant, but I wanted to share my experience with making mistakes in the professional world. Mistakes and human error in Information Security account for 70 percent of the initial intrusion vectors for attackers, states the 2023 Verizon Data Breach Investigations Report . This report suggests that, “basic security hygiene is what matters the most in terms of effective defensive countermeasures.” Security starts with you. Understanding the impact of what a careless mistake could mean to the security of your organization and to your personal reputation as a security practitioner could very well be detrimental. In one case , an employee working in the finance department of a wire and cable manufacturer was sent an email claiming to be from the company’s executive, demanding to have 40 million Euros transferred to a bank account in the Czech Republic. This is one instance where a mistake caused a company an incredible financial hardship due to human error. When making mistakes, especially as a security practitioner, it is important that you look yourself as a brand. You are your personal brand—your brand is defined by your actions. If you have good actions, then your brand will sell very well. If you promote your brand, there will be a higher demand for it. However, in the case of an event where you just made a royal mistake, it’s time to think about your options. If you are genuinely unsure if you made this error, it is important that you first seek clarity. It has been extremely important in my life to take ownership and accountability for my mistakes. But don’t be a martyr. Every mistake comes with a prolific opportunity to grow from it, but if it wasn’t your mistake, then you are hurting your brand without gaining the opportunity to grow. My first suggestion to you if you are unsure of the mistake is to find the evidence. If in your search you do indeed find that it was entirely you and you are the problem, the second piece to the puzzle for is to accept ownership. I have seen people go to vast means to deny, deny and deny. In all aspects of my life, this has never worked to my favor. You need to accept that you can, will, and do make mistakes in life. Taking accountability for your mistake comes with a price tag. There will be some level of consequences for your mistake. We will call consequences “amendments” because to amend something is to change it, and that is exactly what you need to do. The worst thing that could ever come out of this is for you to be wrong once then continue to be wrong for the rest of your life, so call your consequences “amendments.” You want to change the impact of your mistake. Changing the impact of your mistake could mean a lot of things. However, it starts by asking those you’ve impacted, “How can I change things?” This seems simple but the magic in this is meaning it. I’ve done this enough to know that people will feel if you are sincere or not. Amending may very well be not behaving that way from that point forward; it may be a financial payment, it may even be jail time (let’s hope not). Whatever it may be, I have learned that walking away with an action step is the only way to repair your brand. It starts with asking that question. Seek an agreement between you and those affected. Carrying out your obligation to agreement is the only way to repair your brand. I must warn you that entering into this agreement and not carrying out the obligation to the full extent will demolish any credibility you might have beyond repair. It’s very serious and you must treat it so. Handling mistakes this way has proven to be the most effective way to overcome and grow beyond any obstacle I have ever faced thus far. Remember: Seek Clarity Accountability Amendments And remember that security starts with you. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

Cybersecurity Monitoring During the US Elections With all the Russian election hacking scandals in the news during and after the 2016 Presidential election, curiosity consumed me to architect and run an experiment to see if I could monitor changes in the threat landscape in Moscow, Russia and Washington D.C. during the 2018 U.S. midterm elections. This is cybersecurity monitoring during the US elections. I have worked at many Security Operations Centers (SOC) and have been in a leadership capacity at two. These SOCs have ranged in size from smaller companies to the Big 4. I am no stranger to security monitoring, and if there is anywhere that I like to be, it is where the action is. My expertise and passion led me to a honeypot project. Honeypots are deceptive security technology that are designed to sit strategically on a network with services that entice attackers to hack. When a honeypot monitors a connection to these services, it sends detailed logs to a centralized log server that monitors in real time the threat landscape. I used the Modern Honey Network for this project, a brilliantly designed network which allows you to deploy deceptive honeypots. I began on this project by deciding what I wanted to monitor and what a significant change in the threat landscape would need to look like if it were to indicate increased or decreased cyber activity resulting from the elections. I decided to buy two dedicated Virtual Private Servers (VPS) located in Moscow, Russia, and one VPS in Washington, D.C. I deployed the Dionaea honeypots to each of the VPS on Ubuntu 14.04 LTS servers. Dionaea honeypots are designed to have numerous vulnerable-looking services as well as a trap to capture malware. Additionally, I spun up two Amazon AWS Dionaea Honeypots in Ohio to act as a control. Roughly a month before the elections, the infrastructure was completely set up, and all the honeypots were sending hundreds of thousands of security events a day to my Elastic, Logstash, Kibana (ELK) stack . Within seconds of deploying it to the public internet, the honeypot got attacked. The takeaway from this observation is that if anyone in your company deploys a non-patched, unhardened system to the public internet for any amount of time, they should assume that the system has been compromised. I played with Kibana to create the best dashboards to visualize the data I was getting. I created this dashboard to be the dashboard that would run 15 days prior to and after the election.       This basic dashboard shows a list and pie chart of what country the attacking IP address was sourcing from, the numbers on unique attacks and a list of the top 15 attack source IP addresses. Also, it lists the samples of malware that they picked up. Now, I waited for 15 days after the election. What I expected to find was two distinct sets of data. One for Moscow and one for the United States. Midterm Elections As it turns out, there were not any significant changes in threat landscape during the election no matter how hard I tried to find a correlation of data. What I found was that the Top 100 attackers in Moscow were almost identical to those in Washington D.C. – I had the same findings in the Ohio honeypots. As time continued, the data normalized across all the geographical locations of honeypots. All the honeypots captured multiple instances of the same malware samples, and during my observations, there were not any instances of regional malware outbreaks. The below pie chart represents one Moscow, Russia honeypot. The Ohio and Washington D.C. honeypots had a similar breakdown of source countries and became almost identical at the close of the project:   My conclusions are that the internet is a war zone that does not discriminate on which country the data lives in. My analysis of all these attackers proved that these are all known bad actors who are generally bots or compromised web and file servers. IP addresses that are found in a public-facing honeypots are almost always true representations of malicious attacker. These IP addresses can feed back into your SIEM and thereby determine if there is any suspicious outbound activity from your internal network to these hosts. With a reasonable amount of checks, they can be inserted into blacklists on your firewalls to improve your security posture. I discovered that there is no product to my knowledge that can take a large set of attacker IP addresses and tell you which emanated from an intelligent human. The intelligent human signifies a more persistent, patient and even more targeted attack source. Something worth investigating further. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

How to Access the Dark Web What is the Dark Web? The deep web, not to be confused with the dark web, is the part of the web that can't be reached typical search engines and often requires getting through additional layers of encryption to access. The dark web goes a step further, providing even more layers of encryption to grant users complete anonymity. To access to the dark web you need specific software called The Onion Router (TOR). You can access the deep web through Google Chrome or a typical web browser. I am going to get you online with TOR, but I do warn you, don't go looking for stuff on the dark web that you don't want to see. I am scared for life because one time, out of curiosity, I went exploring just to see if stuff was there - it was there and I'll never unsee it. What can you buy on the dark web? You can buy credit card numbers, all sorts of drugs, guns, counterfeit money, stolen subscription credentials, hacker Netflix accounts and software and services used for spying and hacking. I haven't been on the dark web in the better part of ten years probably because its not my cup of tea, but everyone should know how. There might be a day when you need to know how to use it for legitimate purposes. If our critical infrastructure was compromised, it might mean the health and wellness of your family to be able to anonymously access resources on the dark web. The bottom line is, you should know how, because the time might come when you need it just like you might rotate gas cans in your garage just in case of a disaster. There once was a time when trackers didn't exist, and it was easy to coast through the internet with your handle and be pretty safe knowing no one knew who you are. The fabric of society is now tied into the internet and its just not a separate world anymore. I wish it was. Anyhow, I don't want to get off on some tangent about the hopelessness of privacy and teach you how to be private in case you ever need it. First, this is best done on a fresh burner Linux machine. Microsoft has trackers built into their operating system. But let's just assume you don't care about Microsoft knowing what you're doing and just want to explore the dark web out of curiosity, but remember don't go looking for stuff to see if its there; its there. Understanding TOR To understand The Onion Router, you have to understand the OSI model. There are two different, let's say, products that TOR offers. There is TOR, which is the routing software. You can kind of think of it like a VPN. And there is TOR Browser. Think of it like TOR works at the routing layer and takes all of your internet traffic and adds a bunch of wrappers to it so no one can see what’s inside of it and it addresses that package to a point somewhere on the internet. When the traffic leaves your computer it goes to your upstream router that your ISP owns and at this point they know that you are sending traffic to the TOR network, but they don't know what's inside of the wrapper. They know this because TOR exit nodes are public knowledge. So while your traffic is anonymized, the fact that you're using TOR is well known. OK, your ISP hands off this wrapped package and delivers it to someone that has setup what's called a TOR Exit Node. Contrary to its name, TOR exit nodes both ingress encrypted traffic and egress plain traffic. So your encrypted traffic goes into this exit node and then it just hops around the planet with the intention to mask where it came from. It keeps removing a layer of wrapping to this package. This hopping makes TOR SLOOOOW. It takes a long time to send your package back and forth across the globe. Now, it has only one wrapper on it that it can now leave the TOR network. Normal internet wouldn't know what to do it with it if it didn't look like normal traffic.. so it goes back out a different TOR exit node that it came in and this time that exit node strips away the last wrapper and your traffic leaves the TOR network as plain jain traffic as if it were leaving your computer, except now, no one knows who the traffic came from. It looks like it came from the exit node, not from you. But there are many problems with this. First, most of the internets traffic is already encrypted using SSL/TLS. People would know who you're sending to, and where it came from, but they couldn't see what's inside the package already. When you use TOR the destination won't know where the traffic came from, unless its inside of the package.... which a lot of the time it is, by cookies or other trackers and fingerprints or whatever personally identifiable information that may be in it. There is usually a way to identify the sender if you had enough data. Also, the exit node that strips away all of the layers to send your plain traffic, they can and will inspect the package and they might be able to determine it came from you so they'll know what you're doing and who you're communicating with. Law enforcement is notorious for operating TOR Exit Nodes so they can keep a log on who is sending what traffic. Tor Browser is a package that TOR offers that includes a FireFox privacy variant bundled with their routing software. Its an easy way to get on the TOR Network and that is what we will be using. Since TOR Browser works at the application layer, specifically with TOR Browser, any other traffic for any other applications would not be routed over TOR. Which means if you're not doing it in TOR Browser then it's not anonymized. TOR can also be used to encrypt and send tunneled traffic that isn't through a browser. That was it's original intent before it became used primarily for browsing websites anonymously. If you are using a command line program to execute and send commands over the internet and not using the web browser, you can anonymize that traffic using TOR. But just so that we're clear TOR Browser wouldn't help you much keeping you anonymized. Downloading TOR Browser We are going to be browsing the internet today, not launching a command and control server so the rest of this is fairly straightforward. Visit here and download TOR Browser. The TOR network websites all end with a ".onion" address. From here you can search around the the normal web for information leading you to illicit ".onion" addresses. You can start by going to a search engine like this and looking for stuff. http://haystak5njsmn2hqkewecpaxetahtwhsbsa64jom2k22z5afxhnpxfid.onion/ May you explore safely with an understanding of TOR and the dark web.