Baby Steps in Cybersecurity

[аплодисменти] So hello everyone my name ison an information security expert in many in speed for Chris DPD firstly thank you for the presentation from broken

rec nowads we are going to talk about AI about team computing about the penetration testing ethical hackers or I don't know the bad guys yeah but how the hell are we going to start in this field what is the steps because nowadays the people want to broke the cyber security more and more are trying to fight for example one place in HI company so it's more and more hard to start in the cyber security like when I have so I get export in many quotes I don't see myself like an expert still. I have many certificates and sadly it will continue to grow. Why the hell I have set my career because maybe my mother why the

hell you study information security what the hell was that I I was the IT guy that I want to work in the IT field but I don't know why and what and I was tell I going to start in the university as you know the professors in Bulgaria don't I don't know maybe they are going to tell you like yeah there is a hackers there is vulnerabilities but rather than that they don't passion you to to see what the hell is this field and etc. So for the cyber security

information with experi what the hell freak is that yeah it was the same for me and I was very desperate because for me yeah I wanted to break in the cyurity but Oh, nobody gives the ability to start the field. So, many of the experts in clothes can recommend you to start as an helpdk guy, system administrator or etc. The choose is of course yours. The thing that I can recommend you is before getting into the cyurity you need to know what the network is what active director is because going to work a lot with this shly. So I can I can resist to show you this sadly all of us.

Yes, I know

that works for many of you especially and for me networks is the most boring part of the cyber security and I don't hide it. subnet what is the thing how the internet how the computers communicate. So I can recommend you to start with this thing first pr then of course you can start with the fundamentals of the system what is the bits bit and etc because I can recommend you before for example from many of you that you want to be a penetration testers because nowadays this is many roles that everyone wants to seek first you need to know how the things is defens

River background in IT network administrator maybe this is the most boring role in the IT for for me for many maybe it's more interesting but you get basic knowledge what what is the thing you understand the networks what what is the crucial for the infrastructure how to protect it and etc for the second system administrator maybe this is the second step that you you can pursue it because as I have mention you you will actively patch the things. Yeah, I know that for the system administrators we are we are the hell because we see a vulnerabilities and we say them okay you need to patch it but after the the patch Tuesday there is hack Thursday

so it's it's not an easy task about the software developer for many of you that have interesting coding of course there is

for exops in the company that are going their job for example we have deployed a new application in organizations and everything have been followed as default for example frameworks etc have been leed on so it's not a good practice not to Ops about help desk support. I have started in IT as a help desk. Yeah, I know it's it's not the best job nowadays in it at all. Some angry granny is going to call you to fix her printer. But you will get the critical thinking here because in the cyber security need to think after all.

So what is this animal cycurity? I need focus because many of the peopleund information security and cyurity for information security protecting the information from access about the cy security

and

the buiness work cyurity

Окей. Pros and cons the cyber security field is how I can say constantly learning. Everything that I have learned in the cyber security I haven learned in the high school and university at all. So you need to be prepared to have constantly burn out because the flow is constantly learning. You need to be on the top of the wave to succeed because hackers are more than ethical ones. Of course there is a many roles to choose. It's amazing field because you want you can be a sock analy you can be governance and compliance. May after few years we are going to have cycurity terminator sky specialist about AI things the career grow yeah it has a

good career grow you can choose like a gym box in the field what you want to to work with because if I need to be a I in the field for about years and still I don't know [музика]

mind work and problem solving skills if you want to work in this field you need to have sharpen mind you need to think like a hacker not a mandatory to work as a penetration tester to think like a hacker because also if you are so analyst and want to defend something you need to know what is the pat of the hacker what what is the cyber kill chain what i going to do and etc about the cons stress I don't know not cyber security is maybe is I know I I don't know how to say

am not from and in the sphere can confirm that this field is really stressful because you can work weekends you can work at night I don't know if you at disco and your

and maybe the most from this field is email going to meeting. Yeah, that's why I recommend you to work as an helpdk because here you need to know how to tell for example the CEO at CTO etc. Why the hell do need to the hell do need more people etc in long short you need to know how to convince people how to with people how the people understand what are going to tell them so if I haven lost you yet we can continue with the things

I to be lefter the same for if doctor etc. Yeah. Cyber security is a cool industry. work whatever but the burn here is real so you need to think is it going to work for me or not because the struggle as mentioned here will be very this for now maybe for me the cyber security are going to convert to hunger games because nows everyone to work in cyber security. So that's why I want to focus on the thing. Ok. May for this inter cyurity

specialistorilsemails meetingcking thecking the is the vulnerabilities what company have been compromised is there something for our company in the dark deep weapon etc etc. Second file checking the network detection and response and detection response vulnerability scanning checking the quarantine for the mails fishing I am information security specialist but in the I have doing more jobs so you need to be aware that you going to pay for one thing but going to work for you going to work for example one3

more in the field after this thing for example yeah why not many more meetings for the products or for the vulnerabilities and etc as you know this don't seem very interesting for some of you for some of you maybe. the whole journey for joke because I don't I was to start in the in the field because I was seeing cyber security as a very not strange but very hard field so many people like hacking and etc and I was not going to but here I am so if I was going If I was going to do ind so I Yes, I'm aware that there is a GRC not going to talk about the GRC because not I don't have information not

competent for are bullshit most common field in the world is a blue team analist red team or just penetration testers what have boot doing for the boot team you also can include defensive response investigation incident response forensics etc in the red team of from penetration testers you also can have maybe red security awareness or a red team which are going to try to evate edrare reverse engineers and etc. So why the heck the sock analyst because as you may know is the entry level of the field plants so many requirements to get you in. Sadly, nobody are going to tell you that you eager to get in the field but you need to have a little knowledge

because the field is growing very fast. If you don't have anything in your mind, you're going not to to be the for the company. So you need to have basic knowledge. What is cyber kill chain? What is OCI model? What is fishing etc. For the penetration testing, I talking this because I was in the same pool. I wanted to start penetration test to hack things. But firstly, I was not aware how the things are defensed. So if you don't know what how the analy are thinking, you not going to make it and to evr and etc. So for many of you that to start penetration testers I know some

sking defens how is def etc if you want to start the blue teamer I can recommend you this three laps which I have done.

me so analist penetration testers the good thing is that you don't need to spend lot of money to get certificates or just to have a knowledge for it so truly recomend you let's defend is the second one there is a sock pat and incident response which is ind sock

and teams is not popular one laps are more advance I can recommend it for the people that have started in the field and to sharp the reminds which is I have I'm going to repeat myself again. You don't need to spend much time or money to going on the field. About the red team. Hack the box is the mostly the most amazing side that you can start your career because as you know try to start and try to test something in the s of NASA it won be a good advice to do it. So there is a vulnerable machines that are eventually with some open ports just to try to sharp your skills. And of

course there is also a patent a free version for it. The second one is machines. There is so much so many I can also recommend you metable which you get hands on how to deploy virtual machines because this is also think of the cyber security virtualization and cyber mentor which is maybe the best resource that you can get in the YouTube for videos they have also certificates which are paid of course videos for beginners. [музика]

Оке can recomend the CCO introdu cyber security also team eical hacker for the IBM cyber security fundamentals not like a certificate most likely a bch but it also do the case just to introduce you to the field and to know if it's if it's the thing for you or not for the Google cyber security certificate because I have I have been in a mentor

I can recommend you also the Google but you need to know that paid maybe the most important thing that I I don't see many people talk about. Yeah, I know that everyone of you including mine want to to get a bit check of the end of the note this field is really really going forward straight for I don't know how to say it and here you need to know where and how to pause because burnout is real. You need to learn to take because talking for the real scenario certificates killer and mind killer but exhaust myself and maybe or six months the recovery for this thing. So the second eror mistake journey not cyurity experts to have many more Pok AK

certificates but that's not how the thing works you need to visualize

J motivation motivation but at some point disappear and after that you tell yourself what's going on. I have motivation at the start but now I just don't want to do it anymore. It's it's really frustrating for me. Here the key discipline. Do you want really to succeed in this area? How do you visualize yourself? Like Arnold Schwarzenegger said, "When I see myself in the mirror, I visualize myself that I'm going to win Mr. Olympia. So that's why he win it and I have said not everything is a money yeah money is the thing that keep the world alive but not everything is a money you need to not to know your word to have a

time for your loved ones and to I don't know maybe to to go on vacation etc because here the break is really important you need to know

[аплодисменти]