Now more than ever, cybersecurity and infosec careers are in great demand; and this industry is broad with a variety of skills needed. In addition, cybercrime never stops, technology changes rapidly, and this industry is never boring.
This also means practically every industry out there needs professionals like you. Not only will you have plenty of work but also a sense of accomplishment to know you are part of a greater good.
We asked several cyber professionals, including some of our SANS Instructors to give us the most important steps to get into cyber. From an extensive list, we are providing the top five. And side-note, there’s a lot of information here, so take your time to read and start one step at a time.
Take the time to watch webcasts and YouTube videos, read blogs, and start googling when something piques your interest.
- sans.org/webcasts, In particular, The 14 Absolute Truths of Security & Security Essentials Core Concepts
- Your 5-year path – John Strand from Black Hills InfoSec
- CAREERS IN CYBERSECURITY - ADVICE FROM DEFCON 24
- sans.org/blog In particular, So You Wanna Be a Pen Tester? 3 Paths To Consider
- Reading Room – The SANS Reading Room features over 3,010 original computer security white papers.
- This Week in 4n6: A weekly blog all DFIR
- Newsbites - SANS NewsBites is a semiweekly high-level summary of the most important news articles on computer security during the last week.
- Brian Krebs – His website will expose you to a whole new world.
- HECFBlog – David Cowen dives deep into Digital Forensics
- Trust Me. I’m Certified – brought to you by GIAC Certifications, a podcast exploring how to conquer imposter syndrome.
- Security Weekly – Connecting the Security Industry with the Security Community
SANS instructors produce thousands of free content-rich resources for the information security community annually. Find them at sans.org/free
It’s important to learn the core concepts and get hands-on. Familiarize yourself with Windows, Linux, Coding Languages, and Networking. How?
Webcasts on Topic:
- Learn Coding & Networking - So many free resources, just start googling
- Learn Linux Basics – Watch Intro to Linux and other free resources
- Holiday Hack Challenge – You can go through the past 5 years challenges, just be careful of spoilers online
- Participate in Cyber Ranges - NetWars and Security Innovations are both great.
- Download Free Tools – Play around with open source tools like SIFT Workstation. SANS Faculty has created over 150 free tools. Find them here.
- Check out Aman Hardikar’s Mind Map to practice InfoSec skills online
- CyberStart – Geared toward finding the next leaders in cybersecurity
Industry Experts and mentors can open a world of tools, topics, and events that you wouldn’t otherwise be aware of.
SANS Instructors are very active on Twitter and a great place to start. Here are some of our most active:
James Lyne | Eric Zimmerman | Lenny Zeltser | Katie Nickels | Josh Wright | Larry Pesce | Chad Tilbury | Ed Skoudis | Rob Lee | Tim Medin | Heather Mahalik | Stephen Sims | Chris Crowley | Phil Hagen | Mark Baggett | Eric Conrad | Robert M Lee | Jeff McJunkin | Micah Hoffman | Lance Spitzner | Johannes Ullrich |Alissa Torres | Sarah Edwards
And some other favorites:
And don’t forget SANS Twitter accounts:
Hearing the choices that others have made during their career and how those choices worked out for them can be very beneficial for you. SANS Instructors Ismael Valenzuela and Justin Henderson are launching a new free Infosec Community Mentor Sessions starting on 6/29. We will release info on how to register soon. Help us identify which topics are the most needed by filling out this form
There are so many great IT Security conferences, and many of them post their content online afterward.
BSides – Countless dates and locations
Wild West Hackin’ Fest – Welcome to both seasoned experts and those new to industry
RSA Conference – 2020 content is available free online
Get involved with groups, MeetUps, Lists, Forums, and LinkedIn Communities:
- SANS DFIR LinkedIn Community: Keep up with the latest of Digital Forensics & Incident Response, look for jobs, training and more
- SANS DFIR Discussion list - This list is intended to provide SANS Alumni with access to a forum to ask questions related to Digital Forensics, Incident Response, and Reverse Engineering Malware. SANS is dedicated to helping build communities. The digital forensics community is a growing field and it is useful to help grow your knowledge that you invested so much of your time into.
- SANS Industrial Control Systems Community Forum: Participate in the SANS ICS Community Forum where ICS professionals discuss current security events, share tips, ask questions, and connect with others passionate about securing the critical infrastructure
- AFCEA Chapters - AFCEA provides a forum for military, government, and industry communities to collaborate so that technology and strategy align with the needs of those who serve.
- InfraGard Local Chapters - The InfraGard program provides a vehicle for seamless public-private collaboration with the government that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of Critical Infrastructure.
- ISACA Local Chapters - ISACA offers access to resources and a community of experts committed to lifetime learning and career progression to help you stay up to date.
- ISSA Chapter Directory - ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk, and protecting critical information and infrastructure.
- OWASP Chapters Program- The OWASP Foundation works to improve the security of software through its community-led open-source software projects, hundreds of chapters worldwide, tens of thousands of members, and by hosting local and global conferences.
Ok – there’s a #6 as a bonus
SANS Security Essentials courses are designed to help you grasp foundations quickly and provide a range of topics geared towards filling knowledge gaps. Certifications provide assurance to employers their people and prospective hires can actually do the job. Below is a list of SANS foundational courses and certifications, with supporting resources that can help you get started and might give you a taste to decide the path that interest you the most:
SEC301: Introduction to Cyber Security will teach you real-world cybersecurity fundamentals to serve as the foundation of your career skills and knowledge for years to come.
Free resources to introduce you to Cybersecurity:
Webcast - The 14 Absolute Truths of Security
“Coming from a non-cybersecurity background, this course was perfect for setting my cyber foundation.” – Marco Godinez, Discover Financial
“The best parts of this class are the real-world examples and historical events, which illustrate how these course topics are applicable and why they are important to learn/understand.” – Gia M.
Brand New Course - FOR308: Digital Forensics Essentials will teach you fundamentals of DFIR including what digital data is, how to find it, acquire it, preserve it, and most importantly, how to understand it and explain findings.
Free resources to help your digital forensics skills:
Webcast: Securing your future in DFIR
SEC401: Security Essentials Bootcamp Style teaches you the essential information security skills and techniques you need to protect and secure your organization's critical information assets and business systems.
Free resources to support IT Security Core Concepts:
Webcast: Security Essentials Core Concepts
Whitepapers: Over 90 papers on Security Basics
"SEC401 took what I thought I knew and truly explained everything to me. Now, I also UNDERSTAND the security essentials fundamentals and how/why we apply them. Loved the training, cannot wait to come back for more." - Nicholas Blanton, ManTech International
"SEC401 provides an excellent overview of security fundamentals delivered by experienced industry professionals." - Jathan Watso, Department of Finance
SEC402: Cybersecurity Writing: Hack the Reader will teach you a reader-centered approach that can help you stand out in the eyes of your peers, colleagues, managers, and clients. This course will help you communicate your insights, requests, and recommendations persuasively and professionally.
Free resources to support writing:
Blog & Cheat Sheet: Writing Tips for IT Professionals
“Outstanding course. Provides a writing framework/rubric to evaluate and guide future writing.” – Jordan Whitley, New York Life
"This course made me think from other people's point of view. Made me think of what users would want to read." - Khushbu Patel, Comcast
ICS410: ICS/SCADA Security Essentials provides a foundational set of standardized skills and knowledge for industrial cybersecurity professionals. The course is designed to ensure that the workforce involved in supporting and defending industrial control systems is trained to keep the operational environment safe, secure, and resilient against current and emerging cyber threats.
Free Resources Associated with ICS410:
ICS Poster: Control Systems are a Target
Webcast: A Sneak Peek at the New ICS410
“ICS410 is an eye-opener for Industrial Operators moving toward a career in Operational Technology.” – James Ingram, Fusion ICS
“I have gained a large amount of knowledge that I will use for the rest of my career in ICS. I would recommend ICS410 to anyone who is in the OT space and wants to gain more cybersecurity knowledge.” – Maceo Stroud, P&G
SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling will enable you to turn the tables on computer attackers by helping you understand their tactics and strategies in detail, giving you hands-on experience in finding security vulnerabilities and discovering intrusions, and equipping you with a comprehensive incident handling plan.
Free resources to help your offensive skills:
Video: Introduction to Linux
“In-depth coverage of a large number of topics. This enables anyone, even those with little to no coding background, to understand multiple attack methods.” – Matthew A
“Outstanding intro into the world of attackers. Gives me perspective on what I'm looking for when I am defending my enterprise.” – Renn Shaver
Brand New Course - SEC488: Cloud Security Essentials will prepare you to advise and speak about a wide range of topics and help your organization successfully navigate both the security challenges as well as the opportunities presented by cloud services
Free resources to support your Cloud Security skills:
Webcast: What To Do When Moving to The Cloud
"Labs were solid and definitely brought home the objectives. I learned of many features we can implement to make our cloud environments more secure." Bob Hewitt, Stellar Technology Solutions
SANS MGT512: Security Leadership Essentials for Managers will teach you the technical knowledge and management skills to understand what your security team does and help them succeed.
Free resource to help your Management skills:
Tabletop Exercise: Cyber42 Security Leadership Simulation
"SANS MGT512 course has been instrumental in bridging the gaps in my knowledge & has prepared me to take on bigger responsibilities." - Mir Shajee, Accenture
"This course is 100% applicable to my work every day. Could not have designed a better course for someone in my situation; a new manager in cybersecurity risk." - Charlotte Ware, USPS
SEC522: Defending Web Applications Security Essentials will introduce you to the nature of each vulnerability to help you understand why it happens, then we'll show you how to identify the vulnerability and provide options to mitigate it.
Free Resources to sharpen your Application Security skills:
"Not only does DEV522 teach the defenses for securing web apps, it also shows how common and easy the attacks are and thus the need to secure the apps." - Brandon Hardin, ITC
"I think DEV522 is absolutely necessary to all techies who work on web applications. I don't think developers understand the great necessity of web security and why it is so important." - Mahesh Kandru, Cabela's
Lastly, SANS has an accredited College Certificate – the Undergraduate Certificate in Applied Cybersecurity from the SANS Technology Institute guides you through a sequence of 4 courses (an introductory course plus 3 SANS courses leading to GIAC certifications) that provide the foundational knowledge and hands-on skills needed to launch a cybersecurity career — and a pathway to the SANS.edu master’s degree program and job-specific graduate certificate programs. A 100% online option is available. Applications are accepted monthly.
“I was having a hard time getting a job in information security due to my lack of hands-on experience. SANS gave me extraordinary training and the opportunity to rise to the top of the résumé pile.” – AJ Langlois, BB&T
Hope this information and resources help you in your quest to become the next cybersecurity professional!