Choose the right path & training to start your career in cybersecurity
The main motive of this blog is to understand the different cybersecurity fields and how you can join cybersecurity for career perspective.
As per the beginner’s point of view, it is important to understand the right path to start anything in his/her life.
So how do you kick start your career in this field whether you are an IT student or a Non-IT student ( at least have a basic understanding of internet and networks)?
So let’s make it simple because it is necessary to understand what type of knowledge you must have before joining this field.
So let’s divide your knowledge into some categories:-
- A good programmer and good command in networking.
- Good programmer but not good in networking
- Good command over networks but not good in programming
- Basic understanding of programming and networking
- A general idea about web and network.
- Not good in network and programming but wants to join cybersecurity.
So choose a category in which you are good, now I will be explaining all of the mazer fields so choose any as per your knowledge base.
- IT Risk, Governance & Compliance: – Every organization is based on three pillars (i).people (ii) process (iii) Technology.
According to webopedia
Governance, Risk and Compliance, or GRC for short, refers to a company’s coordinated strategy for managing the broad issues of corporate governance, enterprise risk management (ERM) and corporate compliance with regard to regulatory requirements.
Specifically, the three pillars of GRC are:
- Governance – The effective, ethical management of a company by its executives and managerial levels.
- Risk – The ability to effectively and cost-efficiently mitigate risks that can hinder an organization’s operations or ability to remain competitive in its market.
- Compliance – A company’s conformance with regulatory requirements for business operations, data retention and other business practices
I know these particular definitions looks like very much overblown.
So in simple words IT Risk, Governance & Compliance the main role of a Security auditor is to make the policies, procedures, and rules that everybody need to follow as per standards like ISO 31000, ISO 27001, PCI-DSS, HIPAA, ITIL etc. These particular policies, procedure & procedures will help an organization to minimize the business risks like loss of data, loss of reputation, loss of trust from people, etc.
So if you are not a core technical person and you have a business mind then this will be one of the best fields for everyone.
Recommended Certifications: ISO 27001 LA /L I, CISA, CISA, CISM, CISSP
2. Security Operational Center – A SOC will handle, on behalf of a company, any threatening IT incident, and will ensure that it is properly identified, analyzed, communicated, investigated and reported. The SOC also monitors applications to identify a possible cyber-attack or intrusion (event) and determines if it is a genuine malicious threat (incident) and if it could affect business.
So a person should not need to sound too much technical, a basic understanding of web and network is sufficient in order to join this domain.
Responsibilities of a person is to handle the security incidents, collect log from each and every EIS systems like websites, application, databases, data centres, servers, systems, firewalls, endpoints, Networks & desktops, etc ) & protect an organization through many of SIEM tools like HP ArcSight, IBM Qradar, Logrhythm, Alianvault, Splunk, etc. A person just needs to learn these tools and their working flow and can join any organization as a SOC analyst.
Recommended Certifications:- EC -Council ECIH, Certcube – SOC, Splunk administrator, IBM Qradar, Hp ArcSight, ISO 22301.
3. Cyber Forensics: – A Forensics Expert is a digital investigator, collecting and examining evidence from computers, networks and other forms of data storage devices.
For this field person should have knowledge of programming language in malware analysis & reverse engineering. Also fluent in Networking for the network forensics, knowledge of operating system like Windows, Linux, Mac, also a lot of patience is required.
Recommended Certifications -EC -Council CHFI, GCFE, Certcube forensics professional
4. Network Security & Configuration Review, Baseline security – So the main aim of network Security is to Pentest the organizations Internal & Networks like LAN, Wireless, VLAN, Servers and to find out loopholes in these platforms.
Configuration Review & Baseline security assure that all of the systems are up-to-date with latest patches, Configurations of networks, servers, active directories, Database are well configured and proper policies are implemented for enterprise security.
For this field, a Good Knowledge of Networks is required in order to join this field.
Recommended Certifications: – EC -Council -CEH, OSCP, Certcube – NSP, Offensive CTF
5. Web Application Security: – In Web application security field, Security analyst’s responsibilities is to secure the web application, Web services, API from outside attackers. A good understanding of programming & Networking is required in order to join this domain. you need to perform static analysis and dynamic analysis of web applications in short.
Recommended Certifications:- EC-Council – CASE, Certcube – WSP & BBH, elearnsecurity WASPT
6. Mobile Application Security: – Mobile Applications are more trending as compared to websites in today’s era if you have good knowledge about programming language and have an extraordinary mind in order to find out loopholes in the mobile apps then go for this field.
Recommended Certifications: – Certcube – Android and IOS security professional
7. IoT security testing: — As per wiki “The Internet of things (IoT) is the extension of Internet connectivity into physical devices and everyday objects. Embedded with electronics, Internet connectivity, and other forms of hardware (such as sensors), these devices can communicate and interact with others over the Internet, and they can be remotely monitored and controlled”
So if you really have a good understanding of programming like machine learning, Python & Networking concepts then join this field as per career perspective.
Recommended Certifications:- certcube – IOT professional, Attify- IOT exploitation
So now which training is more suitable to start your career in the cybersecurity domain Lets Discuss in a short summery .
If you are a newbie and not have any idea about cybersecurity domain then Certified ethical hacker is the best program to start your career & also for personal cybersecurity awareness.
If you have a basic understanding of Cybersecurity or you are a certified ethical hacker then join Network security Or Web Application security or both.
We are providing career-oriented diploma programs training’s in which we are covering all of the security domains in one course called CISP and CCSP.
Mobile Application Security & IoT security are for those who need to enhance their skills in a more practical way and wants to update their skills from an existing level.
GRC, SOC, Forensics are for those who wanna start their career in management, Identity & access management and forensics.
Join Certcube Labs for online, One to One, Customized training’s on next-gen cyber security training courses.