How Can I Get Started in Cybersecurity?

okay can you give me now yes you get sorry my Mac had a bit of a heart attack when I asked to share the screen made me quit soon okay and you see my screen correct yeah well thank you sorry about that okay so I did a little title amendment and this will be sharing a resource list at the end of the talk which hopefully will be quite useful it's one of the questions I've been asked the most by people starting out of cybersecurity is where do I start how do i how do I begin or how do I take what I know so far and kind of tell in something it might be people in industry

who have been in IT support systems administration Chris and Kyle do a great job just now of talking about kind of coming from different fields and and some of the ways to communicate in cybersecurity effectively with different groups so it's kind of been a great lead-in for this start off with a little kind of background on me I started breaking things when I was a few years old there's about 14 when I became a Systems Administrator for a local startup and took that from two employees up to about 40 employees in the space of five six years and I've kind of just been dabbling since then I had a weird urge in my early 20s to do a PhD and

that almost sucked ten years of my life out I ended up spending about a year on it while going on working elsewhere and then eventually kind of came back and finished that off several years later led into a 10-year stint at BYU as a professor in cybersecurity where I created the cybersecurity program and several of the courses that are currently running there and late last year decided to move back into industry I did some consulting while at BYU and kind of thought it was the time to make the move back and have been loving that since then so I really enjoy the opportunity to mentor new people and kind of new talent in cybersecurity I found it very eye-opening to kind of

watch them go through the process where they go from asking the questions that there are answers for to the questions that they're not answers for and helping figure out how to how to answer those tougher questions involving different aspects of security so that's really kind of what led to the rename of the sly in the kind of shifting of the target audience from the pure noob so what's something I think will be helpful for all levels we you know have a kind of first time as a cybersecurity who have you know they might have been in the Equifax breach or some other kind of information leak they may have just heard about it from a friend they might

be watching the news there's a lot of people out there who are kind of hearing about this new cybersecurity thing and such a bit of research like hey this could make a ton of money sounds interesting and they start to move in we have the novice who has a lot of energy I just doesn't really know sometimes what to do with it but it will eventually figure out how to how to get good the student who is great at self learning the disciplines they're kind of can pick up books and understand them but they don't have much experience and then we have a lot of individuals who I've worked with professionally I would put into this kind of the experienced

category of they they've been an IT DevOps systems engineering for many years they have a lot of experience and they actually know a lot about security often without knowing that they do it often quite not aware that the way they do things is you know a fundamental part of security and if they've got some good habits and sometimes some bad habits but a lot of experience which can be very valuable you have the wizard which is the individual everyone goes to and I have a question you know they're the only known because they don't get much done themselves but they answer everyone else's questions and if any organization of any significant size has several people like that there and then you have

the master which is kind of what we aspire to be this unachievable kind of movie theater sized hacker who can who can break into anything who can investigate anything you can answer any question and and know and sees all knows all and does everything so broken this down before I kind of go through the resource list into five key things how to get started how to stay how to search how to organize and then why a little discussion on relationships and and how that works so one of the biggest challenges in getting started in cyber is is the confusion about where to go you know interested in cybersecurity where did where do we go from here

and so people jump on they start looking at jobs and opportunities and they see all these different job roles out there penetration tester forensic analysts Red Team a compliance officer and often it's kind of well how do we even get started in that and I step back from this a little bit and talk something about something that Carlotta just mentioned which is about risk everything here is about risk but if you think you know when you got out of bed this morning probably most of us a stuck at home because this Cove had 19 stuff and trying to do the social distancing so it may not be that everyone here has brushed their teeth yet but at some

point today hopefully we're all gonna do that and why do we do that spend a few minutes brushing our teeth because we want to avoid tooth decay we want to avoid smelling bad to people around us this is risk management the the threat is tooth decay the threat is people not wanting to be near us but not because of Kovach 19 but because of our breath smells like a sewage plant and so we brush our teeth we spend a few minutes doing this and it takes some time out where we could be doing other potentially more productive or more fun or interesting things but we stand in front of the mirror and we brush our

teeth a few times each morning and each evening sometimes more this is that this is a basic step to mitigating the risk of tooth decay mitigating the risk of bad breath and we do this every day without really thinking about it because it's become habitual I saw a lot of security is about realizing the the good habits and the bad habits and becoming aware of those and then looking at the technical collections that we're passionate about or we're interested in the most um if you think about your life when you go out when you get in the car you know drivers insurance it's it's risk you know offsetting the risk of having a wreck or someone hitting you to

to another company that's going to pay for that's and pay for any expenses and medical costs that will involve so all these things are I related to that thank you so we naturally as human beings at fight-or-flight retake reflex we have a tendency or kind of natural ability to identify risks without even being aware that they are actually called risks and deal with those in our daily lives and everything insecurity is about relating or quantifying those risks to different aspects of maybe our personal lives or a business that were involved in or startup for us charity work whatever we're doing it it relates to that so step one I think is is realize that everything we do does pertain to

security in some way and then that makes it very easy to think about okay what are you passionate about in your life what are the things that really excite you will drive you to to discover to learn to become better at something and how do we evolve those and so finding our passion or kind of what interests us and how that relates to security tends to come from something that we do more naturally and the career that we want will align with that and and the exciting thing about this is this just on the latest stats there was a report last year and it's in the slide notes which I push out afterwards there's over

4 million unfilled cybersecurity positions right now today or 3 months ago probably more now there's next to zero unemployment and if you have an interest in cybersecurity I'm willing to put in the time to learn and develop that into a skill set that's saleable the jobs will come it is almost unheard of to be unemployed in cybersecurity it really is once you find what you're passionate about and people who are interviewing you will see that the jobs will just flow and if you're not a security professional but this is just kind of a sideline interest whatever you learn and this actually adds a lot of value to your tea or other technical careers systems administrators software

engineers etc all benefit from having this managers directors CEOs they benefit from this skill set as a as a kind of complementary skill

okay so what are the biggest obstacles to getting in cybersecurity and I seem to have left an arrow there as a spoiler but so the biggest obstacles I see and I've seen this unfortunately far too many times is people say okay this is this is good I'm interested in cybersecurity I learned something I practice I fail I learned snare practice I fail if I follow a guide that says step by step okay do this click here do this do this do this et cetera it works but otherwise it's a lot of failures and a lot of frustration and some people get really you know bothered about this and they they walk away and find a different career the the

trick of this and what the chart should look like is something more like this we learn we practice we fail if we fail we normally go back and we look at the scope and have a look in circuit what are we trying to learn is that too much for a map do I need to take smaller steps don't you to go find a mentor and I'll talk about that in just a minute but how how can we make that scope something and it I didn't put a diagram under this plea you kind of think of yourself standing the middle of a circle which is your comfort zone the idea of any kind of learning or any kind of

skill development so we're pushing that comfort zone a little bit by each thing we learn sometimes we get a little too ambitious more like I want to learn all the things and we rush out there and were like okay take a step back to think of water where are we at and where do we want to go once we went we figure that out it becomes a lot more natural that we'll start going on this kind of learn practice fails succeed path will have our failures we'll adjust the scope a little bit and we'll get somewhere I have a success the big thing here is really take some sense of accomplishment in those successes we do learn from our

failures and that's fine but the successes are important to teach us and this isn't a substitute this kind of general life philosophy the supposed successes help us realize that we can move past failure and over it with time and and experience the failures become less and the successes become more and the confidence that kind of grows with that big makes us really able to to take on some challenging things and show some real value now we don't at least I have never gotten to a point where it's all successes in those failures I still fail far more than I succeed but I know that if I persist long enough I can succeed and that's what I mean by

confidences yes I can I can go at this and it's gonna I'm gonna fail a lot of times but eventually I will find a way to to get to where and where I want to be or accomplish what he's doing and and when I say confidence it's not that the confidence you'll get it right first time every time if that happens to you great please contact me and tell me how you did it cuz I would like to just steal that from you but really it's about how do we measure those those small successes and how do we progress from that failure to success and do we have the confidence that if we give ourselves enough time assistance that we

will get there and that I found in people starting at a substitute is one of the hardest things to really get to get down so hang in there you got this okay third thing become a Google master so many things are findable and discoverable in cybersecurity by what I would call search refinement okay you go out you search how do I become a penetration test oh that's great you'll get some good articles giving some good resources and start but as as time goes on and you start to look for things very specifically let me try and think of an example of this I did have a couple when I was making this slide let's say you

are performing a security assessment of a network file server and you scan the server and you see that it's serving up Windows file shares SMB file shares so you go in search for exploits Windows File shares and you come up with a massive number of vulnerabilities and exploits and CB reports and everything and that just becomes an overwhelming amount of information so how do you then tune that down and find what is actually gonna be successful you start to put in okay what else is in there maybe I'm actually looking for a published Don ability on this so that's let's put in CD as a key word let's put in a couple of logical operators and connect those

with things that are in map scan or whatever we would we did before to discover that service is there as well and we refine and now the search down there's a few examples of this in in the resource list I'll give out at the end but this 99% of what we will be looking for will be out there somewhere it's just having the persistence and the kind of practice with Google to actually drill down and find Walker after and if it's not that's what we create and get ourselves known for in the community okay if there's if there's if you get right to the point and no one has actually done this in a way that works

for your system and your platform in this particular way there's your research project go share what you do come to be sighs next year and tell us about this one I was gonna start off with four things I added it to five because this this is this is the bane of my existence I am the organization for me is one of the biggest challenges of my professional and personal life physical digital whatever whatever works the fewer of these you have the better when I say here that I have used all apart from two of these I currently use so this is this is something that I talk the talk but I definitely don't walk the

walk yet I tend to grab whatever is nearest to me at the time I have spent I've used Macs and Windows systems in the past I spent the last half five six years pretty much exclusively on Windows systems I'm now at a company where a mac shop so I'm back onto Mac my home PC is Windows so now I'm like you know used to shortcuts to run up pull up notepad and and and other systems that I use on my home system and then having to find the equivalents on Mac which is a challenge so my notes right now are just all over the place but find a way to organize the information you find because there is a

firehose of security information out there and and can't with a structured way of organizing that you will if you get into that habit early it will make your life so much easier and lastly but definitely not least is a mentor because this is such a small community and because the knowledge is so fresh and so new and coming out so quickly effective mentors and peer mentoring a critical parts of being successful you'd have to find someone who has the skills you want necessarily but someone who has the same goals or ideals or learning methods that you found useful and someone you can relate to in terms of what those are if you can't find a mentor then learn what

you can and become a mentor and and and develop a peer mentoring relationship where you learn together and share what you've learned small study groups are great for this slack is free go make it a little slack server and invite you colleagues co-workers friends whoever else is interested in just form a little stealth study group each do your own thing and you kind of share your findings or what you're doing on there can be very motivational to to actually want to spend the time doing this especially when you start coming into those failure scenarios where you need you know a good friend or a good mentor to give you a kick at the backside and and you know

help you reaffirm yourself so I said I get to the QA and resource list no one spent kind of the majority of the time doing this because I think it'd be a lot more interesting to share this and have some feedback on it so I will drop this link into chat right now let me just grab this this is going to come out in yeah

okay so you now have access to this this deal actually people joining great so this they put together a few years ago I started this actually several years ago mainly for freshmen students when they come and say I want to learn about cybersecurity and at the time the program I was in the IT program anywhere you didn't really do much in security until the junior year and that was way too late for people who came in wanting to learn it and so this was a kind of resource set that together I've since used a summer camps youth have used it for experienced professionals who are looking to find new resources or or something to expand their knowledge into

if using Google Docs you definitely want to blow up this kind of index side at the left here there should be a little button here which will help you navigate through this is by no means complete there's a lot of information that is not that is out there that is not listed here I very much appreciate feedback anything you'd like to share on there I think yeah I will let sheriff either accounts I'll have to do that later I tried to log in here and I couldn't find my my two fa key I will share this out for comments update the sharing so has comments for non-us users later and people can give feedback on it other

suggestions let me pull up the Q&A okay what do we have current trend show attackers are breaching networks and stay in an undetected two sometimes four months where is a subsidiary learning how to detect intrusion are the certs careers or passive study that specialize in yes yes absolutely there are so this is this is a one of these areas that a lot like a lot of security takes multiple skillsets right network engineering systems administration the the big thing here is visibility getting visibility of your network and this platforms like Splunk elasticsearch log stash Cabana and sumo data as there's a lot of companies out there now that are doing these basically log aggregation platforms and what they do is they bring

in lot computer logs from you know login events from using wireless networks yes I'll post is in the chat they've been all these events all these different types of systems what's the network and they ingest those allow you to see those centrally and then perform correlations and events through there so that gives you the visibility to be able to see if if people in your network after that it's it's investigative skills forensics instant response reverse engineering which is this this top setup here are very useful kind of platforms and tools to start looking at some of those things and but I will post some resources in the chat I will do that after the AH if there's no other

questions I shall do that right now

how do you go about finding asking someone to be a mentor Twitter was mentioned as a great way of connecting so this doesn't have to be someone you actually know personally there's gonna be someone you kind of reach out and ask some questions to or to start connecting with LinkedIn is a great place to find people you know grow your network their local groups organizations wasp chapters the b-sides Def Con a lot of these groups have local local chapters that will have kind of periodic events or monthly get-togethers and you know people just meet and give workshops or kind of share things with each other I will update I mean yeah I just make sure

I grab these questions because these may disappear after the after that session ends you in fact what I does but I'll actually answer these in the document the Google Doc that is being shared so they'll be there after the sounds for you for you as well once you found someone a lot of most obscure people we're all incredibly busy so you don't be afraid of persistence most of us will tell you if you're being overly assertive or kind of a little too too pushy but a little bit of pushin is never hurts in this and I've frequently told people here if I don't get back to you quickly you know I'm not going to be

annoyed if you start kind of poking me in fact if you're doing it too much of a sale say something be like hey just give me something give me man I'm in the middle of something here but ask someone you know hey I'm getting starts and this had the only thing you'd advise any recommendations I'm looking for a mentor or someone to kind of help me help me get through this so I help me understand this and most most of us are pretty willing to do that if we have capacity to do that okay next question if you have a passion for information security and experience and IT that you are not interested in programming and scripting

even though you have that knowledge and how it works what paths and roles and security do you recommend for the situation any we need so many people it really doesn't matter that much I mean obviously not probably not software you know security engineer or software security software engineer if you're not interested in a day job of programming and scripting a lot of the other roles would would work just fine I I'm kind of in that boat I have spent a lot of time programming in the past I can program in a lot of different languages but it's not what I want to spend my life doing that being said I enjoy doing you know kind of going in deep a few days here

and there and building out some some systems or helping helping solve some interesting problems if you really want to stay completely away that away from that forensics since the response would be great areas to look at right at the top here there is actually a link this cyber seek this cyber pathway let me show you this from this this is actually really good answer - I think so this actually and again this is not exhaustive but this is one organizations kind of take on the different careers that are out there and you can go down and kind of say what your background is a kiss and lots of engineering that say you want to do you know networking or

secure systems engineering you can go through and it kind of highlights which ones would work for that but I would say almost all the roles apart from the ones that specifically are software engineering a developer roles where would work well with that your question

okay great we have another three minutes probably before we need to get started ready for the next speaker so if there's any other questions why big a security position for someone who can spot patterns that I mean there's a lot in big data the security analyst positions people who are going through looking at the logs aggregating that information filling out what information is relevant to correlating that together that would definitely be their intrusion detection systems working on IDs platforms brows or a cutter or now Zeke I guess is the platform is a great tool for monitoring network traffic and kind of spotting things that are going on and trying to find patterns but there's a you know big

day to slash security roles not necessarily so the question was what scripting be recommended for this I mean the scripting would definitely be useful query languages would be a lot better so both tools such as Splunk and elastic search they have their own query languages where you can write correlations or queries across data machine learning platforms are Studio that kind of that kind of platform will be useful so I would say more queries than scripting but don't definitely don't dismiss scripting it would it would be helpful I'm going to take that question and put some more information in the document about that after after the session

other questions

great well thank you got a few minutes for the next speaker I will make some updates the document and answer some of these questions with some of the other links and resources there and I'll add the permissions to comment and check back on that now again to see if there's any things to add to it I'm sure there will be