Network Security/defense- What should I learn this summer?

Hi guys,

I've been fixin' to get into cyber security (specifically, network security/defense) for the past year. I'm currently a junior in college, but I have a project management internship lined up for the summer. I might be able to do some technical stuff to work in that role during the summer, but not like I would have wanted.

I want to know what I need to focus on between now and the end of the summer so that I am competitive for for entry level positions in network security/defense when I apply for full time positions in the fall. I'll do whatever I have to do, I just need the right advice.

I've attached a copy of my resume just so you guys can see where I am at. Specifics in terms of certs or programming languages would be particularly appreciated.

Thanks.

Attachment not found.

Resume.pdf

Find more posts tagged with

Comments

NetworkNewb

CCNA:R&S would look good imo. Teaching the basics of how networks put together and work together.

Maybe setup Security Onion at home.

dmoore44

As a defender, being familiar with pcap, netflow, bro logs, OS logs, AV events, and NIDS events are going to be your bread and butter. Some of these data sets are easier to come by than others... Unless you have an Enterprise AV client, you probably aren't going to be able to get those logs off your box, which is annoying.

However, some great references for pcaps are:
Malware don't need Coffee
Malware-Traffic-Analysis.net
contagio
Public PCAP files for download

Some neat ways to analyze those pcaps would include converting them to bro-like output following this example (or this one), or converting them in to a SQLite DB, or using Moloch to index them, or converting them to JSON and sending the output to Splunk. If you wind up converting them to bro, it might also be interesting to send that output to Splunk.

If you set up a Splunk server, you can forward your OS logs to it and analyze them there. If you do that, make sure you set up some VMs and forward those logs off too. This talk from the Splunk .conf16 conference is a great primer on using Windows logs effectively. Additionally, your home firewall/router should also be capable of syslogging it's logs off to Splunk, and that could prove interesting.

Alternatively, Tripwire has a great blog post about setting up Bro and Logstash on a rpi - I've been wanting to do this at home, but haven't had the time. It's definitely worth a look. If you go this route, be sure to send additional logs to the Logstash instance.

To get experience with the other data sets (flow and NIDS), your best bet is to set up Security Onion - it has most of the tools pre-packaged. If you have a bit of extra cash, buy a few rpi's and install Security Onion on them, and use them as sensors on your home network.

Finally, to get experience with a SIEM, you could try setting up an OSSIM instance, but that might be a little complicated. It's hardware requirements are a bit steeper than using a rpi...