Search Results

Common Port Scanning Techniques In the world of information security, port scanning is a vital part. Enterprises, organizations or regular users use port scans to probe systems for open ports and their respective services. If you think of a computer as a hallway of doors, port scanning can be compared with walking through the hallway looking for open doors. Penetration testers like I once was use this information to find entry ways into the computer. Port scanning is part of the “active reconnaissance” phase, a vital part of any penetration test. I aim to explain to you a few of the common port scanning techniques. PING PORT SCANING Ping Scans are used to sweep a whole network block or a single target to check to see if the target is alive. It sends an ICMP echo request to the target – if the response is an ICMP reply, then you know the target is alive. However, it is increasingly becoming more common that ICMP pings are being blocked by firewalls and routers that you will likely have to resort to other methods to accurately tell if the target is alive. TCP Half-Open This is probably the most common type of port scan. This is a relatively quick scan that can potentially scan thousands of ports per second. It works this way because it does not complete the TCP handshake process. It simply sends a packet with the SYN flag set and waits for the SYN-ACK from the target and does not complete the connection. When you initiate a TCP connection you first send a packet with the SYN (synchronize) flag set to the destination. The destination then acknowledges this synchronize request with a packet with the SYN-ACK (synchronize-acknowledge) flag set. Finally, the sender acknowledges that it got the SYN-ACK response packet by sending the destination a packet with the ACK flag set. Now, a connection is established. By not sending the final ACK packet to the target after receiving a SYN-ACK, a connection is not established; however, you now know if the target/port is available and listening. If you receive a RST (reset) packet back from the target, then you know that the target is active; however, the port is closed. If no response is received and you know that the target is alive, then the port is considered filtered. TCP CONNECT This is essentially the same as the half-open scan above but instead, we finish the handshake process and establish a connection by sending the final ACK packet. This is a much slower means of port scanning as it takes more packets to finish. UDP UDP scans are most common to detect DNS, SNMP and DHCP services. UDP scans work by sending a packet, which is usually empty. This can be changed or even set to a random payload for each port. If the target responds with an ICMP unreachable error (type 3, code 3) packet, you know the port is considered closed. If it responds with an ICMP unreachable error packet with other codes, the packet is considered filtered. If no response is received at all, the port is considered open or filtered. The reason why it might be filtered is that packet filters might be in use that are blocking the communication. Version enumeration could very well help in knowing if packet filters are involved. The problem with using any communication with UDP is that it is unreliable – it has no way of creating an established connection or synchronizing the packets like TCP does. For this reason, UDP scans are typically slow. Because you are waiting for a packet that may never come, nor do you have any real way of telling if the packet even got there in the first place, you might have to send numerous packets then wait to make sure a port is considered open or filtered. STEALTH SCANNING – NULL, FIN, X-MAS These scan types are known as stealth scanning because you are crafting the packets flags in such a way that you are trying to induce some type of response from the target without actually going through the handshaking process and establishing a connection. The FIN scan sends a packet that would never occur in the real world. It sends a packet with the FIN flag set without first establishing a connection with the target. If a RST (reset) packet is received back from the target due to the way the RFC is written, the port is considered closed. If no packet is received at all, the port is considered open. The X-MAS tree scan gets its name because it “lights up the packet light a Christmas tree.” It sets a TCP packet with URG, PUSH, FIN flags and fires it at the target. Again, if no packet is received, the port is considered open and if a RST packet is received, the port is considered closed. NULL scans also send a packet that should never occur in the real world. It does not set any flags on the TCP packet and fires it at the target. Like above, a RST packet response means it's a closed port – no response is considered an open port. These scans are great because they are unlikely to appear in logs and are some of the most minimal port scanning techniques available. The bad thing is, though, the way Microsoft implements the TCP/IP stack, all ports will be considered closed. However, if you DO receive an open port, you now know that the target is NOT running a Microsoft Operating System. As a conclusion, port scanning is one of the first steps in any vulnerability analysis or penetration test. Knowing which ports are open is the beginning of being able to actively communicate with the target. One of the best port scanners available is www.nmap.org . Nmap is an incredibly powerful and versatile port scanner with its own scripting engine. I can’t stress enough how much nmap comes in handy and is used professionally. I hope you have found this information to be useful.   Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

The Demand for Cybersecurity Jobs Looks Good I don't know what it is about protectors, but we all like to talk about the future. We like to predict the future. If we can plan for the future, the present is safe. While it's never possible to fully predict the future, you can cover many bases and scenarios. The demand for cybersecurity jobs looks good. I have been in a slump where I've been feeling like the best of cybersecurity is behind us. Ten years ago cybersecurity was in the news every single day and it was the biggest panic. I felt like I was doing something meaningful and that I was indispensable. It gave rise to a lot of entitled workers who quickly profited off the companies' oozing of cash to solve this problem. Cybersecurity was top of mind for CEO's as none of them wanted to end up in the news. Well companies did burst at the seams to solve this problem, and those that could collect did collect and the problem became less of a problem. People, Process and Technology Solving cybersecurity is a pie chart of three things: People, Process, and Technology. At the beginning all we had were a few people that knew anything about cybersecurity, immature processes, and not great technology so cybersecurity wasn't very good. The demand was immense and the world bursted at the seams with cash to improve on this problem. Over time, more people were trained in cybersecurity, and that credit didn't go to colleges. The progression of cybersecurity was so fast college curriculum couldn't keep up. Instead, companies would pay for expensive training like SANS and other vendor training, these smaller and more agile outfits that could keep abreast of the changes. Once those employees were trained they would train other employees. The baseline of skill in the cybersecurity industry began to grow and the number of qualified people in the industry increased. A few years ago companies were still building brand new programs and this was my favorite thing to do. I loved to launch brand new security monitoring programs from the ground up and I did it at four separate companies. I'd come in and take it from nothing and create the skeleton of the processes, engineer the tools and lay the groundwork for a successful program, then I'd hire a few people and train then and then hand the program off to a manager. It was the most fun thing in the world for me because I enjoy creating. There are very few of of those opportunities anymore to create, so I'm creating my own company instead. The initial processes at these companies have continued to be improved upon and over time companies now have mature processes. People are no longer having to figure things out on their own or be creative, instead they are just following a set of predefined instructions. There's a lot of documentation. So now there are a growing number of sufficiently trained employees, and well defined processes to follow, the next piece of the pie is the technology. While all this was happening the cybersecurity vendor market exploded and venture capital poured in their funds to improve the tools that we use for cybersecurity. If you were one of the industries very best, it's likely you were working training a tool to do your work. And over time, tools and technology became so good that it became brainless to do the work and it gave rise to the advent of automation. Now you have an adequate number of cybersecurity professionals, you have mature written processes, and you have tools that can automate those processes so automation began. It began taking away the tedious repetitive work and when it started doing that, less people were needed in cybersecurity. So there quickly became a surplus of professionals in cybersecurity. And this happened quickly over maybe a year. More people were needed in cybersecurity at the beginning because there just wasn't any processes or technology in place to help solve the problem. Now there is. So here we stand, with more people in cybersecurity than we need and a bunch of people with hopes and dreams of starting a career in cybersecurity standing at the doors banging on them to get in. The future of the Cybersecurity Demand Its easy to be pessimistic about this situation but I am here to tell you that the demand of cybersecurity grows. Yes, it grows (in the long run) . The cybersecurity industry is about to change and it is closer than you might think. And this isn't about AI. AI is just one example. This is another, and there are others coming down the pipeline. I want you to think of the demand of cybersecurity as an ebb and a flow. Right now, there are more people than we need, and with the invention of new technology it creates new things to secure and the process above starts all over again. There will never be a lack of technological innovation, people create new things and then people think about security later. That is us. We think about security later. Its up to us to keep things secure. And we collect on that opportunity. There will be another cash busting event that will happen for us and it is in quantum computing and this is going to happen in just the next five to ten years. Quantum computing is a new technology that promises to deliver huge amounts of computing power. It can potentially solve complex problems in seconds that current computers would take years to solve. While this sounds exciting, it also poses risks, especially to the encryption methods we use to protect sensitive data. Currently, encryption relies on mathematical problems that are hard to reverse without the correct key. But with quantum computing, these problems could be solved quickly, making our current encryption methods vulnerable. This means that sensitive information like credit card details and personal data could be at risk if attackers gain access to quantum computing capabilities. Cybersecurity professionals need to prepare for these changes. Recently, the National Institute of Standards and Technology (NIST) introduced new encryption standards designed to be resistant to quantum attacks. These new standards will replace current methods in the next decade, and cybersecurity experts will need to learn how to implement and manage them. The demand for cybersecurity professionals skilled in quantum-resistant algorithms will increase. The amount of work that will be required to update current encryption implementations to new encryption algorithms is massive and there will be many, many companies that won't be prepared and they will need people right now and they will throw cash at this crisis. There will always be new technology, and there will always be an initial demand to secure it that is higher than the demand of the people needed to maintain it. This industry works in an ebb and flow. It is still a fantastic time to begin in cybersecurity, so don't give up. It's prime time to keep abreast on what's coming down the pipeline so you, too, can be ready to capitalize on the next cash explosion. There will be one. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

We are entering the age of repudiation. What used to be used as evidence for the truth can now be denied. Pictures and soon videos will be generated with anyone doing anything. This is troublesome because, besides public opinion, court systems use this evidence to prove and disprove a crime. So, the question becomes, how do we, as security experts, add non-repudiation, or un-deniability, back into the media? We will first enter a time ahead of us, a time long ago, where the only thing that mattered was a witness. Is there anyone who saw this happen and can testify to the video's authenticity? If so, what is the credibility of that witness? But more is needed for today, when AI often assists surveillance, and no one is around to see it unfold in real time. What algorithms can we apply to legitimate recording and surveillance systems that prove AI didn't generate this? A hash of the video that includes the time and date and the hardware that captured it. But how can this not be spoofed? It's not that the owner needs to know it's true; it's that the owner now has to prove it's true. This new technology, which has yet to be introduced, needs to be publicly accessible. Anyone can upload evidence and check whether it's true. It needs to be a public service. While there is a technology that can detect AI generation now, this will become increasingly difficult as video and photo proof become ultra-realistic. Whether one technology is further ahead, the detector or the generator will be a never-ending concern. So, cameras and video systems will need to have non-repudiation built in. This will happen because they will be selling fewer and fewer cameras, and the market will demand it. Today, it's an unknown number of how much we believe is true is not. And that number will continue to grow in this new age of repudiation. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

ROT13 Mystery I want to tell you a story. A true story. A mysterious story. It has an ending but I will leave it to you to figure out. I want you to think about this just long enough so that it will stick in your mind and there might come a day where you remember it, and it makes sense to you. It did for me, but this isn't a story with an ending that can be explained in words. I woke up one morning as the rooster crowed in Kauai, Hawaii. The roosters actually do crow, because according to legend Captain Cook sailed there one year and dumped a bunch of chickens on the island and that is the reason they roam free today. It was a breezy morning, just like every morning as the cool trade winds blew, and perfect weather in the mid 70s Fahrenheit. I was there on Kauai, for the second time in my life. This time I saved up $2000 and landed on Kauai and found a room to stay in from a Craigslist ad. I purchased a cheap moped for $800, and I hit the block looking for work determined to make my stay longer. By the time this particular morning had occurred, I'd made it a year and half doing odd jobs, janitorial work, cleaning construction sites, and part-time computer repair work. My excuse for being there was 'I was finishing my degree,' and I was doing it online so I could be anywhere - so why not Hawaii? I was living in no more than a shed by this time, that was converted into a duplex behind someone's house. I had no kitchen, just a hotplate and a microwave and a refrigerator. I shared one bathroom with the other side of my duplex from my neighbor who would frequently call the ambulance because, "he was going down." He was a childhood friend of my landlord and they were both locals. He suffered from some mental health condition, like many people on this magical little island, who all found the peace and serenity (and seclusion) rather nice. Kauai is the 4th smallest island and it is tiny and it is beautiful. I made fast friends with "Black", that's what the locals called him because his Polynesian skin was many shades darker than normal locals - it's what he preferred to be called. I lived in the part of town that the locals described as where the "Menehunes" lived. According to lore they were a mythical species of small humans who were very mischievous. I really enjoyed the rich lore associated with every mountain and area. It was all so well developed culture over thousands of years that it could very well be a religion; or it just may be, I'm not really sure. I stretched out after waking up in my bed, who knew where the sheets were, they just seem to fly off the bed when I go to sleep. Probably the Menehunes. And I go out to check my mail and discover a my student loan reimbursement has arrived. This check for about $1800 was sure to help me last a little longer on the island. I hopped on my moped and went to the store and a shiny bottle of Crown Royal was sitting on the gas station counter. In Hawaii you can buy hard liquor at gas stations. I didn't, and still don't, drink very often but I thought what the heck, let's celebrate. I cruise back down the hill to my duplex with the bottle of Crown Royal and a 12-pack of Coca-Cola, and some snacks, and turn on the TV. I open the Crown Royal bottle for an adventure I'll never, ever forget. A few drinks in, I'm watching TV and feeling good too much to even think about studying and I'm bored. Suddenly I get struck with the idea that I am just going to fly to Honolulu and do some shopping. I had never been to Honolulu before, but this certainly seemed like a rational thing to do so I hopped on my moped, the one place I shouldn't have been while buzzed, and head off to the airport to buy a ticket. I arrive at the airport and park my Moped. I just had a backpack with my laptop in it and that's about it. When I get on the plane, I order a few more drinks and they make an announcement that there will be a delay in landing the airplane because of the APEC conference. I had no idea this was going on, and I had never heard of APEC in my life but it is some conference for global leaders of the world to come together and solve some challenges and it just happened to be happening right then. When the plane lands, it's nearing darkness, and I wander over to the phones because I hadn't planned anywhere to sleep and see that there is a free taxi to a hotel nearby. I picked up the phone and called the taxi and sure enough, one arrived to pick me up. As we are nearing the hotel all of the streetlights are flashing yellow and there are national guard at every corner directing traffic. There are concrete barricades all over the road, especially in front of buildings. There were a lot of concrete barricades in front of the hotel we were pulling in, my hotel. It looked like a complete war zone in disarray. I get out of the taxi and make my way to the front desk, and since I was paying with all the cash from my student loan reimbursement they asked me for a credit card to use as a deposit. I worked out a deal with them to pay for a cash deposit because I don't and still don't own credit cards. I get up to my room and toss my stuff in a chair in the corner, and head off to go exploring. I first explored the hotel bar where I grabbed a drink. Then I made my way through the dark to the courtyard where there are some picnic tables and some folks standing around them. Unlike me to do this but I drank enough to say I was drunk, I striked up a conversation with a group of people at the picnic tables in the courtyard. I don't recall all of the details, but I remember one of them saying he was a pen-tester after I told him what I was in school for (cybersecurity), and he chatted me up for some time. I thought it all went well and I headed back to my room to go to sleep. I took off all of my clothes except my boxers and, threw my wallet, phone, everything into the little chair in the corner, and jumped into bed. I slept like a baby and the beds were just fanciful. This hotel was like $300 a night and not quite what I was used to. The next morning I take off in Honolulu to go do some shopping and thought while I was here I would go see Pearl Harbor. I bought some clothes, got a haircut, and visited pearl harbor where I met one of the last living survivors and talked with him for what felt like hours. I'll never forget the first hand conversation I had with him when I asked him what it was like and he told me, "The ground shook so hard I fell to my knees." When I tell this story, that doesn't seem to phase people, but that paints the picture perfectly what the chaos and disaster it must have been to have bombs being dropped all around you. I had someone snap a photo. The day was coming to an end and I needed to get back home to my island, now sober. So I check out at the hotel and get my deposit back and as I was leaving there was a police parade of cars leaving from my hotel which I could only assume it was whatever dignitaries that were staying at the hotel leaving to go back to their respective homes. I arrive at the airport and make my way towards TSA and pull out my wallet from my back pocket, reach in to pull out my ID to show them, and noticed there was a yellow stickey note on the back of it, and on it in pen, not in my hand writing, it said ROT13 This baffled me but I handed it the TSA agent anyway and they hand it back. I make it all the way back to my home, get unpacked with all my new bags of clothes and things and hop on the internet to tell my buddies about this strange adventure I just had and this strange ROT13 note. This was over 15 years ago, and it led me down a rabbit hole for a decade in which, just in the last five years, I understood what the mystery of ROT13 is all about. You can still see remnants of ROT13 encoded ciphers in some of the most obscure places in the internet, all referring to this one idea. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

Cybersecurity Career Paths: Exploring Various Roles The cybersecurity field has a few different cybersecurity career paths for career opportunities. Each role has varying skill sets and focus. This article will show you the different jobs in cybersecurity, from entry-level positions like Security Analysts to more advanced jobs like Security Architects. Each role plays an important part in safeguarding information systems and responding to threats. Understanding the typical career progression—from Analyst to Engineer to Architect—can help you plan your own career path. Whether you are just starting your journey in cybersecurity or looking to advance your career, this article will help you understand the opportunities and challenges that come with each move. SOC Analyst What You Will Do A SOC Analyst helps keep a company's computer systems and information safe. They watch for any strange activity on the network and look into security problems. Security Analysts decide if something is malicious using data and doing response actions for everyday things. They often collaborate with other IT professionals to develop and maintain security protocols. At times, they may also be involved in incident response planning. Skills You Will Need SOC Analysts need to know a lot about cybersecurity basics. They should be good at using security tools and understanding how networks work. They also need to know how to spot and respond to threats. Being able to solve problems and think critically is essential. A good analyst can explain complicated security ideas to people who know little about technology. It's helpful if they know about laws that protect data and how to handle security incidents. Knowledge of regulatory frameworks, such as GDPR or HIPAA, and experience with incident management processes are also valuable assets. How Hard It Is to Get This Job This is often a starting job in cybersecurity. Unfortunately, this does not mean it will be so easy to land. Because there is fierce competition for these entry-level roles, you may need to take a role that is less than ideal. To break into the field you may have to take an overnight role. The good news is that because it is an entry-level role, there is turnover. After a few years of working as an entry-level analyst, most will try to move into a more senior role. Some companies will hire people just starting if they know the basics of IT and cybersecurity. Looking for internships or entry-level IT jobs to gain experience can also help. You will also need to have certifications like CompTIA Security+.  Career Progression Junior SOC Analyst to Senior SOC Analyst Career progression for SOC Analysts will begin with roles like Junior SOC (Security Operations Center) Analyst. You will start out by gaining hands-on experience in monitoring and responding to security incidents. Once you have acquired the necessary experience and expertise you can advance to the Senior SOC Analyst position. This is where you can take on more complex responsibilities, including handling more complex incidents and mentoring junior analysts. Expectation to Mentor Junior Team Members as a Senior As SOC Analysts progress to senior roles, they are often expected to mentor and train junior team members. You will directly or indirectly mentor new talent within the organization. In doing so you will reinforce your leadership skills. When experienced analysts share what they know, they contribute to building a strong defense against cyber threats for their organization, while also enhancing their own professional growth. Security Engineer What You Will Do A Security Engineer builds and takes care of an organization's security systems. In this role, you will create security plans, set up security tools, and make sure data stays safe across all systems. The job includes finding possible security risks and implementing systems that spot intruders. You will often work with other IT teams to deploy and maintain security tools. Security Engineers design a company's digital defenses, always working to stay ahead of the bad guys. Skills You Will Need Understanding security tools and how networks work is crucial. You should also know about security rules like NIST or ISO 27001. Being able to write code in languages like Python and learning how to use security software like SIEM systems is essential. Good problem-solving skills and critical thinking are needed for this job. You'll also need to communicate well, especially when explaining tech stuff to non-tech people. It's helpful to keep learning about new security threats and how to stop them because there are always new ones popping up. How Hard It Is to Get This Job Becoming a Security Engineer is not an entry-level job. Companies want people who already know a lot about cybersecurity and have some experience. The typical expectation is that you will have about 3 to 5 years of Analyst experience before qualifying for an engineering role. Most Security Engineers start as SOC Analysts. This helps them learn the basics before moving up. Working on personal projects is a good way to show off your skills. Being eager to learn new things can also help you stand out because there will always be constant changes. Career Progression As a SOC Analyst, you learn how to spot and respond to security threats. This experience is really useful when you become an engineer and start designing security systems. As you grow in your career, you'll take on more complex projects. You might lead big security initiatives or help plan the overall security strategy for your company. After working as a Security Engineer for a while, you might aim to become a Security Architect. This is a higher-level job where you design the big-picture security plan for an organization. You'll need to understand both the technical side of security and how it fits into the business goals of the company. To move up to this role, you'll need to keep improving your technical skills, learn more about business strategy, develop leadership skills, and get experience managing large-scale security projects. Within cybersecurity, there's always more to learn. Staying curious and open to new ideas can help you go far in this career! Security Architect What You Will Do A Security Architect designs the big picture of an organization's security system. They figure out what security measures a company needs and create plans to put those measures in place. You would need to make sure the company's security setup matches its business goals. As with the other roles, you will still look for weak spots in the company's systems and come up with ways to make them stronger. You will collaborate even more with the different teams in the company to make sure everyone understands and follows the security plans. Since you will be working with the Director level and above more frequently you will need to translate business goals into technical solutions. Skills You Will Need To be a good Security Architect, you should be knowledgeable in several areas of security. You should understand how networks, applications, and cloud systems stay secure. It will also be important to know the security rules and standards like ISO 27001 or NIST by heart. At this point, you should have extensive practice and skill at solving complex problems and thinking critically. You will need to be a great communicator when explaining what you are doing because you'll often talk to people who aren't tech experts. Planning big projects and thinking about long-term strategies will become part of your day-to-day. How Hard It Is to Get This Job Becoming a Security Architect is not easy. It's a high-level job that usually requires a lot of experience. Most companies look for people who have worked in cybersecurity for at least 7 to 10 years. You often need to have worked as a Security Engineer or in a similar role first. This is because the job needs someone who really understands how security systems work in the real world. It can be a challenging position to get. But for those who put in the time and effort to build their skills and experience, it's incredibly rewarding. Career Progression Many Security Architects start out as Security Engineers, who started out as SOC Analysts. As you continue in your career you gain more knowledge, hands-on experience, and critical thinking skills. You should also continue to think about the big picture in everything you do and always plan for the long term. Some Security Architects move into roles like Chief Information Security Officer (CISO) where they're in charge of all of the company's security efforts. These roles require more and more leadership skills. In this role, you will not only plan and execute the security strategy but also oversee many employees. The key is to keep learning and improve at both the technical side of security and the business side of running a company. DFIR Teams What is a DFIR Team? A Digital Forensics and Incident Response (DFIR) team is a specialized group of cybersecurity experts who focus on identifying, investigating, stopping, reversing the damage, and analyzing security incidents and data breaches. This team will include Incident Responders, Forensic Analysts, Tier III Incident Response practitioners, the Chief Information Security Officer (CISO), Security Operations Center (SOC) staff, IT personnel, Privacy Officers, and legal teams.  Incident Responders are the 'firefighters' in the team because they work on active threats. While the Forensic Analysts are like the 'detectives' because their focus is on collecting and analyzing digital evidence.  DFIR teams need to detect and respond to cyber threats and at the same time preserve digital evidence that can be used in legal proceedings. They follow a structured process that includes preparation, detection and analysis, containment, eradication, recovery, and post-incident activities. They need to make sure that the evidence they gather will be admissible in court cases, useful for insurance claims, or during regulatory audits. Their work can be used in criminal proceedings so they need to follow a strict chain of custody when collecting and handling any potential evidence. The combination of digital forensics (DF) and incident response (IR) skills makes it so the DFIR teams can provide a comprehensive report of security incidents, from initial breaches to full remediation and future prevention. Their detailed investigations and reports can help find the source of specific attacks or threats and support legal actions against cybercriminals. Incident Responder What You Will Do An Incident Responder is like a firefighter for computer systems. When there's a more serious security problem, you're the first one to jump in to fix it. You'll look for signs of trouble in the company's networks and computers. When you find a problem, you’ll work quickly to stop it from getting worse. Your job is to figure out what's going wrong and how to fix it fast. After the crisis is over, you will make sure it doesn't happen again by writing reports and suggesting ways to improve security. Skills You Will Need To be a good Incident Responder, you need to have extensive knowledge of how computer systems work and how they can be attacked. You should be good at solving puzzles and thinking critically and be able to stay calm when under pressure. Knowing how to use tools that detect threats and protect systems is essential for the role. You must also be familiar with different types of attacks and how to stop them. Being able to explain technical things in simple terms will be an invaluable skill as you relay information to individuals who may be unfamiliar with technical terms.  How Hard It Is to Get This Job Getting a job as an Incident Responder can be challenging, but it's not impossible. Most companies want people who already have some experience in cybersecurity or IT. Many started out in roles like SOC Analyst to learn the basics first. Sometimes, companies will train their own employees to become Incident Responders. This can be a good way to move into the role if you're already working in IT at a company. Having certifications like GIAC Certified Incident Handler (GCIH) or CompTIA CySA+ can also help you stand out. And, most Incident Responders start out as SOC analysts. Career Progression As you grow in your career as an Incident Responder, you might take on more complex cases or start leading teams. You could move up to become a Senior Incident Responder or an Incident Response Team Lead. Some Incident Responders go on to become Security Managers or even Chief Information Security Officers (CISOs). If you enjoy solving problems and keeping people safe online, this could be a great career path for you. Don't forget to work on your leadership skills as well. Forensic Analyst What You Will Do A Forensic Analyst is like a detective for digital crimes. When something bad has happened to a computer system, you're the one who looks for clues to figure out exactly what occurred. You might need to recover deleted files or look through lots of data to find evidence. Your work often helps with legal cases, so you need to be very careful and accurate. You'll use specialized tools to examine computers, phones, and other devices to understand what happened during a security incident or cybercrime. Skills You Will Need To be a good Forensic Analyst, you need to be very detail-oriented and patient. You should be comfortable using special software to look at data closely. You'll also need to know about the legal rules for handling evidence because your work might be used in legal proceedings. Being good writer will help you create clear reports that can be easily understood by both technical and non-technical people. In some cases, knowledge of programming and scripting can be helpful for automating some of your tasks. How Hard It Is to Get This Job Becoming a Forensic Analyst can be tricky because it's a specialized job. Most companies look for people who already have a background in cybersecurity and often want some experience in IT or security roles. You will need special training or certifications in digital forensics, like the GIAC Certified Forensic Examiner (GCFE) or the EnCase Certified Examiner (EnCE). Some people start out as Incident Responders or SOC Analysts and then move into forensics as they gain more experience. While it can be challenging to get into this field the more skilled you become the closer you will be to qualifying to be a Forensic Analyst. Career Progression As you advance in your career as a Forensic Analyst, you might specialize even more. For example, you could specialize in financial crimes or mobile device forensics. You could move up to become a Senior Forensic Analyst or a Digital Forensics Team Lead. It's common to see a Forensics analyst have a law enforcement background - they've come from law enforcement, worked in the SOC, and then moved into forensics. Others might move into roles like Security Consultant or Digital Forensics Manager. With experience, you could even start your own digital forensics consulting firm. Because cyber crime never stops there will always be opportunities to learn and grow in this career. Penetration Tester  What You Will Do A Penetration Tester is also called an Ethical Hacker. You can compare it to a professional burglar hired by the good guys. Your job is to try to break into a company's computer systems but with permission. You'll look for weak spots in networks, websites, and apps that bad hackers could use to cause trouble. When you find these weak spots, you'll tell the company how to fix them. As a result, you will write reports explaining what you found and how the company can make its systems safer. Skills You Will Need To be a good Penetration Tester, you need to think like a hacker but act like a guardian. You should be great at solving puzzles and thinking creatively. Knowing how to write computer code is important, especially in languages like Python. You'll need to understand how networks and computer systems work because you will be using hacking tools to break into them but in a safe and legal way. Not unlike the other roles mentioned, you will absolutely need to know how to explain complex technical concepts in basic terms. You will need to help people understand what you've found and how to fix those security risks. How Hard It Is to Get This Job Becoming a Penetration Tester is one of the toughest jobs to get in cybersecurity. It's like trying to become a professional athlete - lots of people want to do it, but only a few make it. Most companies want someone who already knows a lot about cybersecurity and has experience finding and fixing security problems. Most will have worked as SOC Analysts first. Certifications like Certified Ethical Hacker (CEH) or Offensive Security Certified Professional (OSCP) can help you out. But even with these, it can be hard to get your foot in the door. Many successful Penetration Testers start by practicing their skills in safe, legal ways, like participating in bug bounty programs or working on their own test systems. Career Progression As you grow in your career as a Penetration Tester, you might focus on specific types of systems or security problems. You could become a specialist in testing web applications, mobile apps, or even internet-connected devices like smart home gadgets. Some Penetration Testers move up to lead teams or become security consultants. As a consultant, your work would entail advising big companies on how to improve their defenses. The field of ethical hacking is always changing because new technologies and new types of attacks are always being created. This means you'll need to keep learning throughout your career. If you enjoy the challenge of outsmarting tricky security problems and helping to make the digital world safer, this could be an exciting career path for you, but it will not be without challenges. Conclusion The cybersecurity field offers a few career paths, each with its unique challenges and opportunities. From entry-level SOC Analysts to advanced roles like Security Architects, and specialized positions such as Incident Responders, Forensic Analysts, and Penetration Testers, getting hands-on experience is key for professional growth. Each role demands a specific set of skills, ranging from technical expertise in network security and coding to soft skills like problem-solving, critical thinking, and effective communication. The career progression in cybersecurity is marked by continuous learning, real-world experience, and the ability to adapt. Even though the path can be challenging, your passion for cybersecurity can help you overcome any obstacles that may arise.  The competition for entry-level positions can be intense, but your dedication, persistence, and commitment will help you advance to higher roles.  Whether you're just starting out or looking to advance your career, don't be discouraged by the challenges. Instead, view them as opportunities to hone your skills, gain valuable experience, and prove your worth in the field. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

It's come up in conversation a few times how all of this business can be done with Large Language Models (LLMs). Or people unfamiliar with the ins and outs of LLM and how it integrates with social media platforms and the public. To put it simply, I think AI is a fantastic tool in our tool belt, but it can't do our jobs and I am about to explain why it doesn't make sense for us to use it to generate content. This is our AI Generated Content Policy. People who are familiar with AI can spot AI generated content a mile away and feel ripped off if they believe they are paying for something they could get themselves. I am one of these people, so I know that's how some people feel. I can spot a copy and paste from most of the major AI players right away, even a lightly rewritten AI content, and I immediately close out the article, or ask for a refund. I constantly learn and that means I'm paying premiums for subscriptions to sometimes obscure places on the internet to get the latest tips and tricks and hear other professional's opinions. On three occasions I have asked for refunds from my entire subscription costs because I recognized one of their articles were a completely AI generated copy and paste. And I was upset. And I would expect anyone to be just as upset for the no value added resale of free or low cost LLM. All it takes is one single article to ruin your whole reputation - you can build 100 bridges... AI content is inaccurate. For example, you can go to any AI vendor and ask if cybersecurity is in high demand and it will tell you that it is. We KNOW that the demand has changed, and if I am paying for content from someone I want it to be completely accurate and if it has been posted recently, I also expect it to be up to date. Every bit of this is garbage and you can't visit LinkedIn for two minutes without complaining about how they're having challenges finding a job. This is just one example of very many things that AI is inaccurate about and I am not willing to stake your careers and my reputation on the accuracy of AI. 3. Social media platforms and blogging websites demote AI generated content. Now, they scan content to see if it has the markers for AI generated content and they will demote it. Even if it's not. Content creators have to avoid even looking like AI generated content now. So it can't be used for marketing, even social media marketing. 4. It's inauthentic. The rise of AI has created a higher demand for human generated content. By being one of the few creators who use their genuine voices to develop content that is both accurate and authentic, you are creating a demand for your particular skillset. Only one person has this skill set and it's you. Millions of people have ChatGPTs skill set. People WANT personality and AI just doesn't have it. With this in mind, we still do use AI to help us in our content creation but not to create content. Instead we have a policy to only refer to AI to help us come up with ideas to develop on our own, that are up-to-date and accurate, or develop high level outlines and content calendars, but we are strictly opposed to use it to drill down and develop content for us. It hurts my feelings a little bit when people underestimate the amount of work it took to create a book because they assume that it was just copy and pasted from AI, when all they would need to do is flip through it to see its clearly in our voices. People seem to think writing a book is easy now. It is only if you want to completely waste your time. We are currently at Narrow AI. Narrow AI means that AI can do one task as well as a human. And what it can do is language. It can write as well as a human. General AI is when AI can perform like a human and do multiple tasks as well as a human. For instance, taking that language, understanding it, reasoning it, and coming up with a conclusion. AI can not do that yet. We are not yet at General AI. Then lastly, Super Intelligent AI is the last stage when it can do all the things a human can do better than a human can. Thus skynet begins. It is not plausible to go to AI for answers yet. It seems like every other day I am in a discussion mansplaining to someone how AI works and why they can't use it in a debate and it always falls on deaf ears. Like Dale Carnegie says, if I want to win friends and influence people I'd let them save face but I'm just not that mature (most of the time). That is our official stance on AI. We use it to help us come up with ideas on occasion as just another tool like Google, but all of our content is authentic and will always be authentic because there is no market for AI generated content. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

The Cyber Range has been expanded to include a Kali virtual machine and Windows 10 VM to be used throughout the course Hack NOW! Kali is the premier Linux distribution for penetration testing including over 2500 hacking tools. As a Premium Member you are granted unrestricted access to these virtual machine to ethically test out the tools and their capabilities. Because all user accounts are in the sudo'ers and administrators group, it is inevitable that these machines will break from time to time. The idea is that you do try new things, and if it breaks.. oh well, I'll reset it. Please send me email at tyler@cybernoweducation and I will revert the snapshot back to a fresh install if you are ever running into problems. If you happen to find this VM broken, also send me a snapshop so that I can do the same. There is no way for me to promise uptime on these virtual machines as it would prevent you from having unrestricted access. I will do my best to keep it up and ready for you when you want to use it. I will walk through connecting to the Hacking Lab in both Windows and Mac below. The idea is that you use Kali to hack the Windows 10 machine. I will begin to create tutorials and guides on using some of the cooler tools in this distribution, but do check out the course Hack NOW! for a full walk through of hacking for beginners. Connecting to the Hacking Lab (Windows) Search for Remote Desktop Connection Type in 52.190.3.239 for the Kali Machine and 52.149.217.161 for the Windows 10 VM Check 'don't ask me again' and click yes Type in the username and password; use one of these combinations. If one doesn't work, try another. Username: studentone Password: HackNOW! Username: studenttwo Password: HackNOW! Username: studentthree Password: HackNOW! ... And Hack Legally Connecting to the Hacking Lab (Mac) To log into the hacking lab using a Mac, first visit the App Store and download Remote Desktop Click on Add PC For PC name enter: 52.190.3.239 for Kali and 52.149.217.161 for the Windows 10 VM Click the checkbox to not ask this again and click connect It prompts you for a username and password. Enter one of these three accounts: Username: studentone Password: HackNOW! Username: studenttwo Password: HackNOW! Username: studentthree Password: HackNOW!

It was 2019 and I was on the Dave Ramsey debt snowball and I was gazelle intense baby. My wife and I had just had thrown everything in the yard on a Saturday on an impulse and had a yard sale. My neighbors all thought we were crazy but it wasn’t the first time. I am sure they thought we were in some type of financial hardship and bought too big of a house. A few neighbors even had the curiosity to ask us directly to our face why we were holding the yard sale, and if we were moving. We made a few hundred bucks, but I didn’t stop there. I locked myself in my home office the next weekend determined not to come out until I had a side hustle. I scrolled through all sorts of articles until I landed on making a simple ebook. It had never crossed my mind at this point to make an ebook. Over the course of the next several hours the simple ebook turned into a master plan to change the industry. A simple ebook suddenly evolved into “three books, five years, six figures”. This was a program designed for the cybersecurity industry to soften the exponentially increasing demand for cybersecurity analysts. I knew at the time that cybersecurity had these two problems: There wasn’t enough talent to fill the positions that needed to be filled Candidates were job hopping and taking advantage of the situation to go from $50k to $100k+ in just two to three years. I knew that this couldn’t go on forever and the industry would correct itself. So I devised this plan for employers and for those with atypical backgrounds… those without formal education and certifications, but were self taught, to be able to easily fill in their gaps with my education and play matchmaker with employers. I could sell a few books, and get money when they are hired and for every promotion they got if they stuck around long enough to make it to Lead SOC Analyst. Its a win win, people with atypical background get a chance, and employers get an employee that will stick around. I worked on this idea feverishly and even threw up a temporary website and started reaching out to some of the vendors I’ve worked with professionally. Fortinet was super awesome and supporting. They took the time to tell me about their vet program and how it would help them. I was on fire and my master plan had the grandiosity that even Elon Musk would have been proud of. I woke up on Monday and went back to work and reality set in again. I left my bubble and back to the world. I looked at what I did that weekend and thought some of it was still good. I’m only one person, and I just came up with a plan that was so big that it’s daunting in reality. But just for kicks, I sent emails to publishers with the idea, and more than a few got back to me interested in my books. But it was almost as if they were used to this type of thing and started to reel back my idea to something reasonable. That’s when Jump-start Your SOC Analyst Career happened, and Cyber NOW Education, LLC was born. For tax purposes for all the fantastic royalties that I was going to get (right…). The NOW! is symbolism for the gazelle intense ignite of passion that I felt that weekend that lives with me a little bit every single day as I continue to grow these ideas little by little in my free time. Today we are still focused on people with atypical backgrounds and we are still focused on being useful and relevant to the industry and to employers. The ideas developed into a mission of accessible cybersecurity training. Accessibility means more than wheelchair ramps, and handicap parking, it means that learning can be accessed and consumed by people with all backgrounds, even including but not limited to those with disabilities. This means our content has to be at price point that is accessible (sub $100), the format in which it is delivered has to be accessible (books, audio books, video, subtitles,.. etc), where they can access it has to be accessible (phone, desktop, tablet, poorer countries), the content that is consumed has to be as useful as mainstream premium content (even though it might be on less of a budget), and the content has to be engaging, and interesting.. people want to consume it. Its a challenging and tricky ordeal and thats what makes it so much fun. Excited to be continuously working on the same project for so long. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University, and also CISSP, CCSK, CFSR, CEH, Sec+, Net+, A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, four online courses, and regularly holds webinars for new cybersecurity talent. You can connect with him on LinkedIn . Get 20% off all courses in our On-Demand catalog  with coupon code “Welcome20” Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Also available in the Secure Style Store, download the Job Hunting Application Tracker  for FREE to keep track of all your job applications. Check out my latest book Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success  published June 1st, 2024 and winner of the 2024 Cybersecurity Excellence Awards.

What’s in this article? This article will discuss background specific tips for landing your first SOC Analyst role. The four targeted audiences are college graduates, career changers from IT, Veterans, and the Autodidact. Each one with their own nuance to make it worthwhile dedicating this article for your roadmap to success. Roadmap to Success This series has given you insight into what a SOC Analyst does on a day to day basis and general strategies for finding your first job in cybersecurity as a SOC Analyst. It was written targeting four key audiences: the recent college graduate, those career changing from other areas in IT, the transitioning military, and those who are self-taught. This article will give background specific tips on things you need to know that apply directly to you. I am going to repeat myself through these four sections driving home the idea that you have to prove your interest and back it up with examples and this is in addition to hard technical skills. Veterans have large networks of people and partnerships just waiting for them to plug into, the college graduate has career services with their school to leverage, people transitioning from other areas of IT already have real life experience often in domains that overlap with cybersecurity, and lastly, the auto didactic’s strongest selling point is their personal projects and involvement with the community at large. I recommend to students with all backgrounds that are worried they don’t have much to talk about in an interview to deploy The Modern Honey Network as a project to AWS with a few honeypots. Take the data from it and do analysis on it. In the article The SOC Analyst Method I explain how to analyze a security event. Practice this method on the attackers of the honeypot and find interesting things to discuss in the interview. One more plug. I will mention in this article how you should write your resume from your particular background. Give it your best shot to write your own resume but just starting out it can be difficult to highlight what you know. I have worked out a deal with Resume Raiders on your behalf to offer a 20% discount on services, just use coupon code SOCANALYSTNOW. I receive zero commissions or any discounts and it saves you about $60 for a full resume rewrite. Dave also offers services for a resume revision if only smaller changes are needed for a lesser price. He will share your resume on a Google Doc and you will collaborate back and forth as he asks you questions and you answer them in comments, then he pens your resume. I use him myself, that’s the only reason I recommend him. So let’s get started. Recent Graduate Congratulations! You have or are about to graduate from college. It’s a monumental achievement and I hope you’ve learned a lot. Maybe you had an internship and that’s great because what you’re fighting now is lack of experience. Getting experience with commercial tools is one of the most difficult things to do. They cost millions of dollars and work in highly complex enterprise environments. But the hiring manager knows that. What he’s looking for is experience with any projects that you may have had while in school, any personal projects that you’ve had and overall checking to make sure you’re not a commodity graduate that has zero interest in cybersecurity other than the paycheck. So many people graduate and don’t know a thing and have no real passion or interest in cybersecurity. That is the reputation that you are fighting against as it concerns recent college graduates. Your resume should reflect the projects that you’ve worked on during school. Resume Raiders is a professional resume writing service that I would recommend and have used before, but you have options. Explore your career services from your school to see if they have people who know how to write your resume in a way to highlight the experience you gained from your curriculum. This should be your first stop as they are familiar with what you’ve learned while in your program. And then maybe poke Resume Raiders for a revision if you’re not having any luck. You need a project to talk about. The question of why you like cybersecurity is inevitable and be fully prepared to give them examples of the projects you’ve been a part of that you truly enjoyed. It’s going to come up, eventually, what you want to do in cybersecurity. One thing that you have on your side from a formal education is experience with a variety of things and you probably already kinda know what you like and don’t like. So talk about the classes and projects you truly enjoyed and say you’d like to work in the SOC for a few years to get even more breadth of experience before deciding on a speciality. When you’re finally in the SOC, you’ll see how we do things in the real world. And it’s often much different than the Ivory Tower you’ve learned about in college. Sometimes it’s messy with lots of red tape and your dream isn’t what it pans out to be. That is what happened to me as a penetration tester. I absolutely loved hacking around and had been doing it for years, and I thought all through college that this is exactly what I wanted to do and I was so sure of myself. I started in the SOC, worked really hard, and became a pentester and then learned I absolutely hated it. It was the worst! Luckily, I was already qualified to be a SOC Analyst, so I regrouped, and then found my way into Security Engineering with nothing lost. I haven’t strayed too far from the SOC ever since. Your degree is not going to get you a job alone. It’s an important step in any career, but it’s significantly less important today than it was a while ago. Most big companies have removed the requirement to have a college degree but there are still some that require it. Those that require it, they should be your first applications while applying for jobs. Less people have college degrees so there might be less competition. From IT So you want to join the exciting world of cybersecurity. As you might know already a SOC Analyst might be a temporary pay cut depending on your seniority in IT. You’re looking at around $80-$100k starting out. But you might be considering it because you’ve hit the glass ceiling in IT and you’ve done your research and know the glass ceiling is higher in cybersecurity. You might just be more interested in a domain in cybersecurity and need the SOC Analyst to get there. Whatever the reason, you’re reading this book and being a SOC Analyst is on your mind. There’s a few things you need to know. It’s a lot like IT. The same exact problems you’re having in IT you’re going to have in cybersecurity. On-call is typical, it changes rapidly, there is a glass ceiling you’re inevitably going to hit, and after a while you realize it’s a glorified customer service position. You might already have certifications that apply to cybersecurity, like any networking or Microsoft certifications are a plus, any CompTia is good too. In general you’re familiar with the certification game. You may be past the certification game in your career in IT but be prepared to start it all over starting as a SOC Analyst. It almost sounds like I’m discouraging you from becoming a SOC Analyst but I’m not. I know how important it is for us to do stuff we like to do. The only reason I’m writing a book is because I enjoy writing. It’s so difficult to be stuck doing work you don’t like and to make it worse, you probably won’t be really good at it. I would only suggest this path to someone from IT only if they like cybersecurity. It doesn’t matter the reason, just be prepared to discuss that in an interview. I recommend going to the ISC2 website and finding the domains of cybersecurity and writing your resume with skills and experience you gained at your previous employers in those domains. There will be a lot of overlap. Anyone that has a significant amount of experience in IT is qualified for a SOC Analyst job, and since you picked up this book you already know why you’re interested. Out of all the backgrounds this book applies to, your background will be the easiest to find work in cybersecurity. Experience trumps everything. Auto didactics Calling all hackers. You only really end up in this category if you’ve been hacking around at things for years and are sitting around thinking how it’d be great to do this for a living. Well good news, it happens all the time but there’s some things to think about. How do you quantify experience with something you’re not supposed to be doing? First off, congratulations for staying out of jail and I say that assuming you’ve kept your nose clean. If you haven’t, there aren’t many people that will hire you. It does happen and there are companies that will hire extremely talented felons but it’s rare and what happens is they create their own companies and other companies hire them as a contractor. But that’s so rare I’m not going to cover it in detail. Here’s what you do for those hacking away out there on your own. You play things like TryHackMe and place in the top percentages. When asked what experience you have you tell them you set up labs and give the spill about your lab environment before they can even ask. You go out and get a bug bounty and put it on your resume. You contribute to a community project or improve on a common tool. You write your own blog, and publish articles about your research. It’s significantly more difficult for you to get a call back from a job posting and compete with all the other applicants with your resume alone. The tips described in the article Job Hunting for going out to conferences, hackerspaces and makerspaces, and meetups are absolutely critical. You need to be at every single one and start contributing. Pick a topic and give presentations or just make the coffee. Get on LinkedIn and add SOC Analysts, joining a group and contributing. You need a resume, but you also need to know someone on the inside to pick your resume from the pile and give you an interview. Out of all the backgrounds this book covers, this is the most difficult to land a job in cybersecurity because you need twice the skill as the college graduate and good luck. However, you’re most likely to succeed in the long run because you can’t teach passion. You’re going to have to do a lot of work for free before you build the reputation to get paid to do it. Veterans Veterans have the opportunity to access complimentary cybersecurity training and scholarships, enabling them to acquire the necessary knowledge, skills, and abilities (KSAs) for entry into the cybersecurity sector. The CyberCorps®: Scholarship for Service (SFS) initiative, a collaboration between the Department of Homeland Security (DHS) and the National Science Foundation (NSF), extends cybersecurity scholarships to exceptional undergraduate, graduate, and doctoral students. Eligible individuals can currently receive financial support ranging from $27,000 to $37,000 for their studies at participating institutions. SFS scholarships cover the typical expenses incurred by full-time students at participating institutions, encompassing tuition and related fees for a maximum of two years. When combined with the Post-9/11 GI Bill, which provides up to 36 months of financial assistance for education and training in various fields, including cybersecurity, veterans may have the opportunity to earn a cybersecurity degree without incurring costs. The DHS facilitates training through the Federal Virtual Training Environment (FedVTE) platform, an online, on-demand training resource accessible to government employees and veterans. FedVTE offers over 800 hours of free training on cybersecurity and IT topics, ranging from beginner to advanced levels. The courses cover diverse areas such as ethical hacking, risk management, surveillance, and malware analysis. Additionally, they align with certifications like Network+, Security+, and Certified Information Systems Security Professional (CISSP). The SANS Institute’s VetSuccess Academy is tailored to support veterans in their cybersecurity endeavors however it has been mentioned that this SANS program should be viewed as more of a lottery ticket because they rarely see anyone get picked for any particular cohort. However, there is a good success rate to have the GI bill pay for a SANS degree which bundles individual certifications into a degree program. The certifications themselves are highly regarded in cybersecurity, and very expensive. One problem that is common with military folks is they focus heavily on certifications, but don’t get the hands-on experience and deep theory that they need for entry level technical positions. And to make matters worse, the people I’ve talked with don’t feel that cybersecurity degree programs prepare the transitioning military well either as they focus on high level policy. The military trains you to look for qualifications and meet requirements for service ribbons/medals. And since certifications don’t matter as much as practical hands-on project work, this leads to veterans falling prey to predator bootcamps at an above average rate leaving them still unqualified to actually do the work or pass the interview. Note: They recommend a general computer science degree program at a brick and mortar college if you choose to go the degree route. Before you transition, be aware of Skillbridge . Essentially it allows for military members on active duty to spend the last 180 days of their time on active duty to work (for free to the business) for a company as an intern. They maintain their military pay and benefits. The company gets a free intern. This often can pivot into a full time offer upon separation from the service but if not, it will give you a little experience and someone to vouch for you. Furthermore, VeteranSec serves as an online community for military veterans engaged in or interested in information technology and cybersecurity. The platform provides a private networking channel of over 7000 veterans, free training videos, partnerships with companies to take advantage of, and an informative cybersecurity blog with tutorials to aid veterans in their professional development. Summary I hope this article has provided you with a few additional useful strategies for your road to success. Each one of these backgrounds presents an opportunity for us to provide insights into the challenges, even reputations, that you are fighting against and that you need to be aware of as you trudge the road ahead. Use the tools given to you in this book, with the additional insight from this article to form a plan of attacking your job search and if you’re lucky, interviews. Not everyone is going to have the same experience with their journey to success. Some will be more difficult than others. We’re not all on the same playing field. I know that may not be what you want to hear but corporate America, and capitalism in general, is a game. Once you learn the rules and what moves you forward, you can strategize on what makes you desirable to employers. You build a brand for yourself. For me, it was certifications and education to start with, but after some years I fail to even mention it during interviews and I’m never asked about it because we’re too busy talking about experience. If you have experience, it trumps everything. If you don’t yet, you need a formal school, the community, your friends, any internships, former employers, and even yourself to vouch for you and provide examples to show your potential value. And for the lone hackers, the autodidacts, the self-taught, let’s all remember that for whatever the case they are the underdogs but they are the few and the proud. Be nice to them and make friends, you’ll thank me later. ARTICLE QUIZ (ANSWERS FOLLOW) Which audience is not specifically targeted by the chapter on achieving success as a SOC analyst? Ⓐ Career changers from healthcare Ⓑ College graduates Ⓒ Veterans Ⓓ The Autodidact What is a recommended project for interview preparation mentioned in the chapter? Ⓐ Creating a personal blog Ⓑ Deploying The Modern Honey Network on AWS Ⓒ Developing a new cybersecurity tool Ⓓ Writing a thesis on cybersecurity trends Which service offers a 20% discount on resume services specifically for aspiring SOC analysts? Ⓐ LinkedIn Premium Ⓑ Resume Raiders Ⓒ Indeed Resume Review Ⓓ Monster Resume Writing Service What is identified as the strongest selling point for autodidacts seeking a SOC Analyst role? Ⓐ Their formal education Ⓑ Their professional network Ⓒ Their personal projects and community involvement Ⓓ Their military background For recent college graduates, what is considered a significant challenge when applying for SOC Analyst roles? Ⓐ Overqualification Ⓑ Lack of real-world experience Ⓒ Too many certifications Ⓓ Excessive specialization What is a common misconception about certifications according to the veteran’s section? Ⓐ They guarantee a job in cybersecurity Ⓑ They are not valued by employers Ⓒ They replace the need for a college degree Ⓓ They are more important than hands-on experience Which online platform is mentioned as a resource for veterans interested in cybersecurity? Ⓐ Coursera Ⓑ VeteranSec Ⓒ Udemy Ⓓ Khan Academy What advice is given to those transitioning from IT to cybersecurity regarding their resume? Ⓐ Highlight all previous job titles, regardless of relevance Ⓑ Focus exclusively on cybersecurity certifications Ⓒ Write about skills and experience in domains overlapping with cybersecurity Ⓓ Downplay any ITexperience to avoid being overqualified ARTICLE QUIZ SOLUTIONS Which audience is not specifically targeted by the chapter on achieving success as a SOC analyst? Ⓐ Career changers from healthcare The chapter specifically targets college graduates, career changers from IT, veterans, and the autodidact, not those transitioning from healthcare. This highlights the tailored advice for individuals with different backgrounds moving into cybersecurity. What is a recommended project for interview preparation mentioned in the chapter? Ⓑ Deploying The Modern Honey Network on AWS Deploying The Modern Honey Network on AWS with a few honeypots and analyzing the data is recommended as a project to prepare for interviews. This hands-on project demonstrates a candidate’s practical skills and ability to analyze security events, making it a valuable talking point during interviews. Which service offers a 20% discount on resume services specifically for aspiring SOC analysts? Ⓑ Resume Raiders Resume Raiders is mentioned as offering a 20% discount on resume services for aspiring SOC analysts with the use of a specific coupon code. This service helps candidates tailor their resumes for the cybersecurity field, enhancing their job application process. What is identified as the strongest selling point for autodidacts seeking a SOC Analyst role? Ⓒ Their personal projects and community involvement For autodidacts, their strongest selling point is their personal projects and involvement with the community at large. This demonstrates their passion and self-motivated learning in the field of cybersecurity, which is highly valued by employers. For recent college graduates, what is considered a significant challenge when applying for SOC Analyst roles? Ⓑ Lack of real-world experience Recent college graduates often face the challenge of lack of real-world experience, especially with commercial tools and complex enterprise environments. Employers look for any projects or personal initiatives that show a candidate’s interest and practical skills in cybersecurity beyond academic achievements. What is a common misconception about certifications according to the veteran’s section? Ⓓ They are more important than hands-on experience. A common misconception addressed in the chapter is the overemphasis on certifications over practical hands-on experience, especially for veterans. While certifications are valuable, the chapter underscores that practical experience and the ability to apply knowledge in real-world situations are more critical for entry-level technical positions. Which online platform is mentioned as a resource for veterans interested in cybersecurity? Ⓑ VeteranSec VeteranSec is mentioned as an online platform providing a private networking channel, free training videos, partnerships, and a cybersecurity blog specifically for military veterans interested in transitioning to cybersecurity. It’s a resource for veterans to connect, learn, and advance in their cybersecurity careers. What advice is given to those transitioning from IT to cybersecurity regarding their resume? Ⓒ Write about skills and experience in domains overlapping with cybersecurity Those transitioning from IT to cybersecurity are advised to write their resumes highlighting skills and experience in domains that overlap with cybersecurity. This strategy leverages their existing IT background, showcasing their relevant skills and making them appealing candidates for SOC Analyst roles. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University, and also CISSP, CCSK, CFSR, CEH, Sec+, Net+, A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, four online courses, and regularly holds webinars for new cybersecurity talent. You can connect with him on LinkedIn . Get 20% off all courses in our On-Demand catalog  with coupon code “Welcome20” Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Also available in the Secure Style Store, download the Job Hunting Application Tracker  for FREE to keep track of all your job applications. Check out my latest book Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success  published June 1st, 2024 and winner of the 2024 Cybersecurity Excellence Awards.

“We congratulate on being recognized as an award recipient in the Best Cybersecurity Book category of the 2024 Cybersecurity Excellence Awards,” said Holger Schulze , founder of Cybersecurity Insiders and the 600,000-member Information Security Community on LinkedIn, which organizes the 9th annual Cybersecurity Excellence Awards. “With over 600 entries across more than 300 categories, the awards are highly competitive. Your achievement reflects outstanding commitment to the core principles of excellence, innovation, and leadership in cybersecurity.” — — — — — — — — — — — — — We couldn’t be happier to receive this award for our dedication in bringing a high-quality SOC analyst book to the community in an accessible way. Thank you for your votes and helping to bring this vision to life. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University, and also CISSP, CCSK, CFSR, CEH, Sec+, Net+, A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, four online courses, and regularly holds webinars for new cybersecurity talent. You can connect with him on LinkedIn . Get 20% off all courses in our On-Demand catalog  with coupon code “Welcome20” Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Also available in the Secure Style Store, download the Job Hunting Application Tracker  for FREE to keep track of all your job applications. Check out my latest book Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success  published June 1st, 2024 and winner of the 2024 Cybersecurity Excellence Awards.