Cyber Security Career Path?

Completely ignorant in wanting to pursue such a path five years down the road.

Is this just a specialized field within IT?

How would I go about down this career path?

Find more posts tagged with

Comments

Kalabaster

-Blue vs. Red Team careers: https://tisiphone.net/2015/11/08/starting-an-infosec-career-the-megamix-chapters-4-5/
-SANS Career Roadmap: https://www.sans.org/media/security-training/roadmap.pdf
-https://www.securitywizardry.com/index.php/home/cnd-ltd/recruitment/security-roles-defined.html
-https://zeltser.com/information-security-job-titles-popularity/

Daneil3144

So, Cyber Security is just a 'title'? Got it....

Reason I ask, cause I had a relative state that 'yes I need IT and information systems but if I specialize in cyber security, doors will open up more.'

Kalabaster

"Cyber Security" is a broad term that covers an entire field that was previously referred to as Information Security, or Infosec for short. It isn't too dissimilar to saying you want to pursue a path in "computers." The links I posted are there for you to read and get a better idea of various broad paths within infosec that you can pursue and give you a better idea of what you are getting yourself into. So... read the links.

Daneil3144

Gotcha so they didnt know what they were talking about....understood

cyberguypr

Whoever put those four links together knows his stuff

If you are a purist and like to reference frameworks, you can look at the NIST definitions:

Cybersecurity: The ability to protect or defend the use of cyberspace from cyber attacks.

Information Security (1): The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.

Information Security (2): Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide:

1) integrity, which means guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity;

2) confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and

3) availability, which means ensuring timely and reliable access to and use of information.
Having said that, some people use the terms interchangeably.

Let it be InfoSec or CyberSec, what your relative is saying is important. A person that has an IT background will generally be a better security asset than someone who does not have the background. For example, I've worked with security analysts that lack an IT background sop they have trouble connecting the dots and seeing more than what a log shows. In a perfect world I want security professionals who have techniocal backgrounds and have had exposure no networks, servers, endpoints, etc.

jjones2016

Kalabaster wrote: »

-Blue vs. Red Team careers: https://tisiphone.net/2015/11/08/starting-an-infosec-career-the-megamix-chapters-4-5/
-SANS Career Roadmap: https://www.sans.org/media/security-training/roadmap.pdf
-https://www.securitywizardry.com/index.php/home/cnd-ltd/recruitment/security-roles-defined.html
-https://zeltser.com/information-security-job-titles-popularity/

I noticed you have your OSCP, I had the training but just didn't have enough time for the lab because of work commitments at the time. Would you be able to recommend a training course/materials prior to attempting the OSCP exam? i.e. eCPPT/eWPT Thank you!

Kalabaster

eCPPT or GPEN if you want to take a course pre OSCP. The eCPPT will more directly prepare you and is cheaper, but the cert you receive from it isn't very recognized. YMMV.

Also, I don't have the OSCP yet, I just realized that my signature isn't color-blind friendly. From GPEN and onwards are certifications that I have planned for the near future.

*EDIT*
A lot of people have good things to say about pentester acedemy. Maybe look into that as well, it looks incredibly affordable and is a steal if it works out. Maybe pair it with Cybrary's advanced pentest course, which is free, for ultimate preparedness.

OmegaNuller

I would recommend to start with eCPPT then take OSCP, but in my case I started with eWPT.

Kalabaster

OmegaNuller wrote: »

I would recommend to start with eCPPT then take OSCP, but in my case I started with eWPT.

I actually did that too, I got their 2k package that included both the eWPT and the eCPPT. Did the eWPT first because I got a position as a web app pen tester so thought it would help out.