Cybersecurity Career Master Plan E-Book

Cybersecurity Career Master Plan

Proven techniques and effective tips to help you advance in your cybersecurity career

Dr. Gerald Auger Jaclyn "Jax" Scott Jonathan Helmus Kim Nguyen

BIRMINGHAM—MUMBAI

Cybersecurity Career Master Plan

Copyright © 2021 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Wilson D'souza

Publishing Product Manager: Rahul Nair

Senior Editor: Shazeen Iqbal

Content Development Editor: Romy Dias

Technical Editor: Sarvesh Jaywant

Copy Editor: Safis Editing

Project Coordinator: Shagun Saini

Proofreader: Safis Editing

Indexer: Subalakshmi Govindhan

Production Designer: Shankar Kalbhor

First published: August 2021

Production reference: 1040821

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-80107-356-1

www.packt.com

No matter what path you've walked in life there is an opportunity for everyone in cybersecurity. – Dr. Gerald Auger

To my fellow military veterans, a transition isn't easy – we believe this book will help you with your transition into the cybersecurity field. – Jaclyn "Jax" Scott

To all the folks looking to get into cybersecurity – this book serves as proof that there is a place for everyone in cybersecurity. – Jonathan Helmus

To everyone who wishes to join the fields of cybersecurity and computer science, I have done it, and so can you! – Kim Nguyen

Foreword

We are living in a world where cybersecurity events are consistently front-page news. Events such as big-name organizations falling prey to ransomware attacks, popular websites and mobile applications leaking sensitive user data, operating systems getting hacked, and entire gas pipelines being shut down have all happened within the past 6 months, without any signs of these cyber attacks slowing down.

Now, more than ever, the cybersecurity industry desperately needs help. There are more job openings than qualified people to fill the roles and more corporations being attacked without the proper resources in place to defend themselves.

The good news is that many cybersecurity roles come with a slew of incredible perks, including high salaries, remote work, good benefits, and a good work-life balance. The even better news: there are more resources available nowadays for people to study cybersecurity than ever before. These resources are often free or cheap and can even involve self-study, without the need for college or university.

What is often lacking, however, is a clear roadmap in terms of the paths and resources available to break into the field of cybersecurity; a roadmap that is current, relevant, and can be trusted to navigate an individual through the different roles in cybersecurity, how to study for those roles, how to brand yourself, and how to eventually land a job. This book is that missing roadmap.

You are in good hands taking advice from Gerry, Jax, Jon, and Kim. I met Gerry and Jon when I was seeking cybersecurity education advice of my own. I was unsure of the next steps in my career when Jon reached out to me, introduced me to Gerry, and they both provided me with incredibly thoughtful advice. Consider that I was already a CEO of a cybersecurity company at this point in my career, and it truly drives home the fact that they can help anyone. Beginner, advanced, or anything in between.

Read this book, take good notes, study, and network with as many people as you can. I look forward to the opportunity of us working side by side in the cybersecurity field in the very near future.

Heath "The Cyber Mentor" Adams

CEO,

TCM Security

Contributors

About the authors

Dr. Gerald Auger has worked within information security since 2006 and holds a PhD in cyber operations. Gerald has helped tens of thousands of aspiring cybersecurity professionals through his "Simply Cyber" YouTube channel and is regularly interviewed for his thoughts on cybersecurity professional development.

Gerald is a full-time information security practitioner, adjunct faculty at The Citadel, The Military College of South Carolina; chief content creator for Simply Cyber; and managing director at Coastal Information Security Group.

I want to thank my family, especially my wonderful wife, for supporting my passion for pursuing all aspects of cybersecurity. I'd like to acknowledge all the practitioners I've had the distinguished pleasure of working with along the way who have expanded my knowledge and awareness of the nuances of this awesome field.

Jaclyn "Jax" Scott is a tenured Special Operations Warrant Officer with nearly 18 years of experience working in military cyber, electronic warfare, and intelligence operations. She is the founder and content creator of Beans and Bytes tech blog, co-host of the cybersecurity podcast Hackerz and Haecksen, and the president of Outpost Gray, a cybersecurity consulting firm. Jax is an expert in military cyber policy and has led global development operations in cyber countermeasures to mitigate near-peer attacks. She is currently pursuing her master's in Cyber Intelligence at Georgetown University.

I want to thank my friends and mentors; I would not be here today if it wasn't for you believing in me and my dreams. Thank you to the Packt team for making this process seamless and enjoyable. A special thanks to our tech editor, Matthew Jones; you are meticulous in your reviews and generous in your feedback. Finally, to my co-authors, thank you for being the best!

Jonathan Helmus ("Moos1e") is a penetration tester and professor with over 10 years of experience in engineering, information security, and information technology. Jon resides in a small town right outside Seattle, Washington, where he and his family raise alpacas on their mini farm. Currently, Jon works as a freelance educator teaching topics such as pentesting, red teaming, cloud security, and vulnerability exploitation. He also works as a contract pentester and cloud security professional for clients all around the world.

To my wife, Kim, who never stops believing in me, even when I fail to believe in myself. Without her support, none of this would be possible for me. Big shout out to my kids for being the main driver for just about everything I do in my life—I hope this shows that you can do anything!I'd also like to thank Dr. Auger for allowing me to join the team and contribute to such a fantastic opportunity to give back to the community.

Kim Nguyen is a Software Engineer, with a broad background thanks to her B.S. in business administration and M.S. in computer science. Kim's day-to-day work focuses on software engineering of cloud-based technologies, while continuing her research into cybersecurity on the side. Kim is also an instructor at the City University of Seattle, where she teaches computer science courses. She is an active technical speaker and researcher at cybersecurity and computer science conferences. Kim holds several certificates, including AWS Certified Developer and CompTIA Linux+. Kim is the founder of Passion Sets Success, a platform that helps people identify their passion, to achieve the right career for them.

I want to thank my perfect mother Hai, for always supporting my dreams and passions – without you, I could never be where I am in life today. I'd also like to thank all my mentors and friends, who have been a remarkable part of my journey. Special shout out to Jax and all other co-authors, for allowing me to join this exciting ride; I couldn't have asked for a better team. Lastly, huge thanks to the incredible work from the whole Packt editing team and the technical reviewer.

About the reviewer

Matthew Jones is a veteran information security architect with one of the nation's top-ranked teaching hospitals. With over 23 years of industry experience, his career covers federal government, state government, and Fortune 500 consulting. Aside from his current architect duties, he focuses on certification and accreditation, vulnerability management, identity and access management, cloud security, and privacy.

While not balancing risk on the tip of a needle, Matt enjoys stand-up paddle-boarding and can often be found traversing the waterways and tidal creeks of his coastal home.

Table of Contents

Preface

Section 1: Getting Started with Cybersecurity

Chapter 1: New Career in Cyber… "Who Dis?"

Learning about the current state of the industry

Cyber laws and regulations

Exploring the foundations of cybersecurity

Asset, vulnerability, risk, and threat

What is the CIA Triad?

Different cybersecurity frameworks

Types of cyber attacks

Understanding the pros and cons of cyber careers

Flexible hours

Great salaries

Remote work life

Cultures vary

Large diversity of positions and specialties

Recruiters look for you

You can train yourself

Summary

Questions

Chapter 2: Which Career Field Is Best for You?

Introducing you to the cybersecurity roadmap

Understanding the top prominent cybersecurity domains

Risk Assessment and Offensive Security

Governance and GRC

Threat Intelligence – internal and external

Security Operation and Incident Response

Security Architecture and Cloud Security

Learning through education, training, and awareness

Guiding you on how to choose a career

Which cybersecurity field is the best for you?

Risk Assessment and Offensive Security

Governance and GRC

Threat Intelligence – internal and external

Security Operation and Incident Response

Security architecture and cloud security

Learning – education, training, and awareness

Career improvement opportunities

Extra resources that can help you find the right career

Summary

Questions

Section 2: Your Path into the Industry

Chapter 3: Different Strokes for Different Folks

Understanding cybersecurity pros and cons in several industry sectors

Financial services

Government (aka public sector)

Healthcare

Energy and manufacturing (cyber-physical systems/industrial control systems)

Working in the public sector versus the private sector

Introducing cloud platforms as an explosive cybersecurity opportunity growth area

Understanding the typical organizational hierarchy structures of an information security office

Summary

Further reading

Chapter 4: Exploring Certifications and College

General security certifications

CompTIA Security+

(ISC)² Certified Information Systems Security Professional (CISSP)

Hacking the planet – diving into the big red certifications

Exploring different vendors

Discovering each red certification

Alert! Checking out blue teaming certifications

Discovering each blue certification

Checking the box – auditing certifications

Certified Information Systems Auditor (CISA)

GRC/management certifications

CompTIA Project+

Project Management Professional (PMP)

Certified Information Security Manager (CISM)

College of knowledge – discovering the benefits of a cyber degree

Exploring different programs

Summary

Further reading

Chapter 5: Getting Hands-On Experience with No Experience

Technical requirements

Hacking all the things

Ingredients

Recipe

Guarding all the doors

More Wireshark

Blazing your own trail

Conferences – more than just talks

Hacking an internship

Insider opportunities

Looking in the mirror

Summary

Chapter 6: Time to Brand Yourself – Not the Burning Type

Determining your brand and story

Determining your passion

Writing like an expert

What is your why? Create a why statement!

Leveraging social media like it's your personal marketing team

Exploring the different social media platforms

Twitter

Discord

Instagram

LinkedIn

YouTube

Clubhouse

Summary of the primary social media platforms

Considering a blog versus a podcast

Blog

Podcasts

Engaging your audience to grow brand awareness

Summary

Questions

Chapter 7: How to Land a Jay-Oh-Bee!

When and why to pivot

Understanding the cybersecurity job market

Employment platforms

Searching techniques

Ranking the searches

More searching

Preparing your résumé – tips and tricks

Keep the résumé short

Include only relevant and important information

Sometimes, unrelated work experience is acceptable

Utilize keywords

Prepare several versions of the résumé

Quantify and qualify your achievements

Be honest

Soft skills are important

Less is more

6-second test

Cover letter

Landing an interview (and acing it)

Preparing for the phone interview

Preparing for the technical interview

Preparing for the behavioral interview

Extra resources

Employment platform

Résumé preparation

Interview preparation

Job hunting

Referral services

Salary guide

Entry-level myth busting

Summary

Section 3: Now You're in; Time to Level Up!

Chapter 8: Giving Back to Others and Yourself

The "How-To" of public speaking

Introducing different conferences

Discovering topics

During the talk

What to expect after your talk

What burnout is and how to avoid it

Avoiding burnout 

Indicators of a toxic environment

Exclusion and gossip 

Toxic leadership

Recognizing lazy co-workers

High turnover – employees quitting often!

Lack of work/life balance

Summary

Further reading

Chapter 9: Trusting the Process

Understanding the SMART goalsetting framework

Specific

Measurable

Achievable

Relevant

Time-based

Learning about the mentor and mentee relationship

Relationships defined

Be accountable

Put in the work

Objective and constructive conversations

Find a mentor

Exploring different ways to network with impact

Tip #1 – find common ground

Tip #2 – it's about them, not you

Tip #3 – create depth, not width

Tip #4 – be smart when networking

Tip #5 – taking networking virtual

Tip #6 – leverage social media and brands

Tip #7 – follow up after a first meet

Summary

Assessments

Other Books You May Enjoy

Preface

Cybersecurity is an incredibly dynamic field that is in the news nearly daily. An eternal cat-and-mouse struggle rages between threat actors and cybersecurity practitioners as vulnerabilities are discovered and attack strategies are refined as quickly as patches are deployed and awareness is heightened.

Now is the golden age of getting into cybersecurity. Many resources you can use to develop yourself are free or reasonably priced, and the ability to engage in community discussion through social media has led to massive networking opportunities.

This book is a complete plan to help you decode the field and understand a direction to head in, the tools and supplies to take on your journey, and how to achieve your destination.

This book is broken down into nine chapters across three logical sections aligned with a career chronology. Section 1 shapes the space of cybersecurity and helps you answer the question, "Is a job in cybersecurity right for me, and if so, which?"

Section 2 takes the velocity from section 1 and throws fuel on the fire, showing you how to apply your knowledge, skills, and abilities in the field and how to showcase yourself to potential hiring managers.

Section 3 finishes strong by showing you how to level up your career once you're in the field and how to manage the process of setting actionable goals and accomplishing them.

Who this book is for

Cybersecurity careers are hyper-inclusive. You can be a recent college graduate, a transitioning service member, a mid-career professional looking for a different challenge, a stay-at-home parent who is ready to return to the workforce, a high school drop out, and many other unique situations. All of these backgrounds have the potential for a successful experience in the cybersecurity field.

This book makes no assumptions of your technical acumen, your prior work experience, or any socio-economic factors. If you are slightly curious or ferociously hungry about a career in cybersecurity, then this book is for you.

What this book covers

Chapter 1, New Career in Cyber... "Who Dis?", explores the current state of the cybersecurity industry and security frameworks, as well as the pros and cons of entering the industry.

Chapter 2, Which Career Field Is Best for You?, guides you in helping you to understand which area in the extensive field of cybersecurity is right for you.

Chapter 3, Different Strokes for Different Folks, explains how it's not just what role you want but also what industry and environment you want to work in. We explore multiple sectors, such as finance, healthcare, and energy, to highlight the pros and cons of each.

Chapter 4, Exploring Certifications and College, explores various approaches to certifications and their value in the field and examines the benefits of a college education.

Chapter 5, Getting Hands-On Experience with No Experience, covers how hands-on experience is a key differentiator for hiring managers when evaluating candidates to hire. It can be tough to get experience without the job first, and we explore precisely how to earn that experience through labs for various roles in the industry.

Chapter 6, Time to Brand Yourself – Not the Burning Type, explains how to best position yourself as a member of the cybersecurity community through engagement and contributions that will help you differentiate yourself.

Chapter 7, How to Land a Jay-Oh-Bee!, dives headfirst into how to find cybersecurity employment opportunities to get you excited. This is only half the battle, as we also explore tips to refine your résumé to stand out from the crowd and how to ace your interviews.

Chapter 8, Giving Back to Others and Yourself, covers how, given that the cybersecurity industry is constantly changing, threat actors are refining their craft, and Big Tech is constantly innovating market solutions, to stay on top of your game through knowledge-sharing and mentoring, and how to manage a mentally healthy balance between work and life.

Chapter 9, Trusting the Process, explores how to establish actionable goals and milestones as you embark on your cybersecurity career journey.

To get the most out of this book

To perform the hands-on exercise in Chapter 5, Getting Hands-On Experience with No Experience, you will need the following prerequisites:

Code in Action

The Code in Action videos for this book can be viewed at https://bit.ly/3BMDv8X.

Download the color images

We also provide a PDF file that has color images of the screenshots and diagrams used in this book. You can download it here: http://www.packtpub.com/sites/default/files/downloads/9781801073561_ColorImages.pdf.

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "In this text field, input ip.addr==10.11.11.94 and hit Enter."

Any command-line input or output is written as follows:

sudo apt-get update && sudo apt-get upgrade

Bold: Indicates a new term, an important word, or words that you see on screen. For instance, words in menus or dialog boxes appear in bold. Here is an example: "You will have to use the Register new user option to begin."

Tips or important notes

Appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, email us at [email protected] and mention the book title in the subject of your message.

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata and fill in the form.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Share Your Thoughts

Once you've read Cybersecurity Career Master Plan, we'd love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.

Your review is important to us and the tech community and will help us make sure we're delivering excellent quality content.

Section 1: Getting Started with Cybersecurity

In this section, you will gain a high-level understanding of the cybersecurity industry including niche areas, specialties, and growth fields, while also understanding that satisfaction and passion are key to long-term growth.

The following chapters will be covered under this section: