[1] You should start to "explore" different domains within Cybersecurity, for instance in offensive side - red teaming, penetration testing, exploit development, and so on
Red teaming - you're against people, and processes, stealth, data exfiltration, lateral movement and
Red teaming - you're against people, and processes, stealth, data exfiltration, lateral movement and
https://twitter.com/Edirined/status/1459780216729980930
remaining undetected as long as possible is your attribute, your goals are almost same as what you do in penetration testing.
Now, penetration testing - you're against the technology stacks in place, that accounts to - web apps, mobile apps, various softwares, APIs
Now, penetration testing - you're against the technology stacks in place, that accounts to - web apps, mobile apps, various softwares, APIs
Cloud (AWS, Azure, GCP...), WiFi, Microservices, Containers, networks and systems, and so on.
In a nutshell - In penetration testing - you're against the defenses. And in Red Teaming you're against the "Defenders" . Those who are sitting behind systems and monitoring the logs
In a nutshell - In penetration testing - you're against the defenses. And in Red Teaming you're against the "Defenders" . Those who are sitting behind systems and monitoring the logs
This brings us to the "Defensive Side" - the blue teaming, it has lots of domains within it, just like offensive security one,
To name a few - cyber threat Intelligence, SOC analysts, Malware analyst, threat Hunting and incident response, digital forensics,
To name a few - cyber threat Intelligence, SOC analysts, Malware analyst, threat Hunting and incident response, digital forensics,
Then we have something called - Purple teaming - a neat concept of iterating over red and blue team exercises in such a way that it benefits the organisation's systems, hardening it. So it comprises - Adversary simulation, red-blue teaming, system Hardening and so on...
Then we have some domains which just apply everywhere in Cybersecurity, across the board - OSINT, Governance, Risk and Compliances, IT laws, and so on. So I'll suggest you to explore these subdomains and find what clicks for you.
To be honest, these days penetration testing is
To be honest, these days penetration testing is
Overrated. Statistically speaking there are 3-4 job openings in Defensive side for 1 in offensive side. You do the maths, do a simple job search on LinkedIn and other similar job hunting websites, you'll get the idea. Do this if you really want to weigh in the career choice.
[2] For programming languages - to be honest, its totally fine if you don't know how to code, but hear this out, you should at least read and understand what the code does, at a bare minimum. If you are in technical roles in Cybersecurity, then its much expected.
Pick up Python 3 , there's plenty of resources for that, and lots of people use it in infosec, python is "simple"
While Ruby is "natural"
If you're interacting with certain technology stack, you should get familiar with the languages behind it.
While Ruby is "natural"
If you're interacting with certain technology stack, you should get familiar with the languages behind it.
For active directory - PowerShell, same goes for cloud stack. If you're on linux, learn bash Scripting, if you're on windows learn native commands first, then PowerShell. Python is pretty much everything you can do with code, whatever you wish for, same goes for any other lang.
Learn C & Assembly language (IA-32 & IA-64) if you're into Reverse Engineering & exploit development. If you want to get familiar with defence evasion techniques then learn C#, much work has been done there.
If you're interacting with web applications, then learn HTML, css, javascript, php, ruby, then in frameworks - django, node.js, whichever you prefer. Now each programming language comes with its own perks over others, so "pick your poison"
I am on the Ruby language, because its natural rather than simple,
Then I also have keen interests in other languages like Go-lang,
For me I wanna level up my game, so I'm learning C# as well. Of course low level languages are lined up too.
But that's just me
Then I also have keen interests in other languages like Go-lang,
For me I wanna level up my game, so I'm learning C# as well. Of course low level languages are lined up too.
But that's just me
Please don't get motivated to learn just every programming language out there, same goes for different domains in Cybersecurity,
You have to specialize in something, and meanwhile you can have "taste" for rest of the things around you, so you're familiar with it,
You have to specialize in something, and meanwhile you can have "taste" for rest of the things around you, so you're familiar with it,
You need not to be expert or become "a developer" to sustain your coding competence when it comes to making your own tools or development of exploits, start with basics, define your goals and achieve them! Have faith and keep going. Be process oriented person.
I hope this thread clears your doubt.
And
I don't wanna be the smartest person in the room, so I've surrounded myself with several experts, your opinions are much appreciated as well!
#cybersecuritytips
And
I don't wanna be the smartest person in the room, so I've surrounded myself with several experts, your opinions are much appreciated as well!
#cybersecuritytips
• • •
Missing some Tweet in this thread? You can try to
force a refresh
