Which cyber security area should you work in?

If only someone had made a list of pros and cons for 8 different roles…

Oh, wait 👀 👇

(Roadmaps included at the end) The right path is different for everyone and what you want may change over time.

These paths are for all - technically inclined, technically curious, and anti-technical.

Note: Just because you’re good at something now doesn’t mean you should do it. You can learn something new.

How to get cyber security experience for $0

(Even if you’re a beginner)

Here’s 3 security projects you can do and how to add it to your CV: Hands on cyber security experience is critical to break into the space and land that first role.

Every project here is free to do assuming you have a computer and a connection (and if you haven’t already done a Coursera free trial)

Do you work in Cloud Security or hope to?

There are 7 frameworks you NEED to know about (inc. vendor specific and agnostic)

Here they are 👇 AWS:

Whitepaper:

Security Perspective: aws.amazon.com/cloud-adoption…
docs.aws.amazon.com/whitepapers/la…

YOU NEED TO CHOOSE A PATH

I've created 12 cybersecurity career paths.

They include everything you need to know to get started and how to get the skills required.

Comment your path below 👇 Note: this is not a complete list.

This is simply a source of information and inspiration to help you figure out your path.

If there is an area you're interested in that isn't listed, comment below.

How to become a SOC Analyst 🚨

Cyber Security teams need better SOC Analysts.

Here's how you can become one 👇 Working in a SOC is about actively defending the organisation.

A SOC Analyst is responsible for monitoring systems 24/7 for suspicious activity, threats, or breaches.

It's your job to investigate and determine if something is a real threat or just a false alarm.

Prompt Injection Attacks 🚨

They are the 'holy grail' of attacks on LLM-based apps.

Here's a breakdown of:
- What it is
- Types of attacks
- How risky they are
- What we can do about them

1/12 What is Prompt Injection?

It's any prompt where attackers manipulate a large language model (LLM) through carefully crafted inputs to make it behave outside of its desired behaviour.

This "jailbreaking" tricks the LLM into executing the attacker's intentions.

2/12

6 open-source AI security tools 🛠️

How useful these tools are depends on your organisation’s unique needs.

As always with open-source tooling, be wary of potential maintenance and support short falls.

Here they are (links included) 👇 1/ NB Defense:

JupyterLab extension and CLI tool for AI vulnerability management, offered by Protect AI.

Useful for detecting vulnerabilities early by providing contextual guidance and automated repo scanning.

nbdefense.ai

What is MLSecOps?

MLSecOps, or AISecOps, is an emerging discipline aiming to secure ML and AI pipelines at scale.

It blends SecOps and MLOps to address unique challenges in AI security.

Here’s a simple, high-level, introductory breakdown 👇 1/ MLSecOps is still in its infancy, but communities like @MLSecOps are driving efforts to define its core areas.

These include:

Mastering networking is the key to getting more opportunities!

After 5 years of intentionally working on my networking skills, I found it comes down to 8 things 👇

Bookmark for later 🔖 1/ Quality > Quantity

Most people go to events, meet-ups, or join communities with a passive approach.

They hope others will approach them and fix their problems.

They also don’t know who they should be talking to, so they leave having spoken to 3 people just like them.

Here's some advice for anyone negotiating a job offer 👇

These are my 9 rules to get a better offer 🔖 Rule 1: Try your best to not tell recruiters your target salary.

Ask for the range:

“Can you tell me the salary range for this role? Happy to let you know if it’s within my range. We can discuss specifics later when I’ve met the team and learn more about the role.”

[UPDATED] Free AI Security Learning Resources 🚨 👇

Podcasts, blogs, resource hubs, frameworks, charts, etc.

Bookmark for later 🔖 1/ New Reddit Community that has burst onto the scene...

It's dedicated to the intersection of Cybersecurity & AI

reddit.com/r/cybersecurit…

If you're applying for a cyber security role, or have an interview coming up, this is for you.

Here's 10 interview tips to help you smash it on the day 👇 1/ Research:

Thoroughly investigate the company's background, culture, values, and recent achievements.

Adapt your responses to demonstrate alignment with their mission and to show you've done your homework.

Interested in the intersection of Blockchain & Cyber Security?

Here’s 9 steps you can take to get started in this area.

I’ve included lots of free learning resources:
- Courses
- Best practices
- Capture the flag challenges
- and more!

Bookmark for later 🔖 1/ Understand the Basics of Blockchain Technology:

Before diving into security, make sure you understand how blockchain works. This includes the basics of cryptography, consensus mechanisms, and the structure of blocks and transactions.

3 free resources 👇

Do you want to build a home lab for cyber security?

Here’s 9 FREE resources covering:

- What is a home lab?
- How to build a basic one
- SOC engineer lab
- Reverse engineer lab
- Digital forensics lab
- Pentester lab What is it?

A home lab is an essential asset for security practitioners, offering a platform to sharpen skills. It functions as a dynamic arena for hands-on learning, experimentation, and readiness for tackling genuine cybersecurity scenarios.

Free Learning Resources for AWS Security - 2024

(Beginner to advanced resources)

Including: AWS Security Engineer Roadmap 👇 1/ Beginner guide to AWS Cloudtrail:

2/ AWS Security Specialty - 0xd4y: cybr.com/courses/beginn…
0xd4y.com/2022/03/15/AWS…

Do you understand Zero Trust Security?

In short: Zero Trust is all about reducing your attack surface, securing your data, and keeping the bad actors out.

Image source: @cyberpro_club

More info below 👇 @cyberpro_club Five pillars underpin the entire zero-trust framework:

Data, Identity, Endpoints, Networks, Infrastructure and Applications.

Here’s your 2024 High-Level Cyber Security Career Roadmap for:

Identity & Access Management

I’ll cover:
- What is IAM?
- IAM 101
- Roles
- Coding?
- Certifications
- IAM Tools
- Learning resources

Bookmark for later 🔖 What is IAM?

https://twitter.com/1592442419974389760/status/1698985746151931998

10 reasons to start a career in cybersecurity 👨‍💻

It has never been easier to get the knowledge and skills to break into cybersecurity.

Allow me to give you 10 reasons why you should join us and build a career / life in this crazy industry 👇 1/ Skills shortages: I’m sure you’ve seen the headlines. We’re short of highly skilled, qualified people to help us defend organisations. It’s a tough journey, but the destination is worth it.

Do you want a remote cybersecurity job from another country?

I know that Remote, or Hybrid working is the goal of most people (me included)

Here’s my advice: If you’re trying to land your first job AND you want it to be remote from another country, it is possible, but it’s very tough.

I know you see posts of people doing it online, but they are not the majority.

Do you understand how IAM Security works?

Here’s a high-level overview:

- What is IAM?
- Mechanics of IAM security
- Authentication and authorisation
- Best practices

Let’s dive in 👇 What is IAM Security?

Policies, controls and procedures that ensure only the authorised gain access to the relevant resources.

It balances accessibility with protection to make sure that users only have the necessary permissions to perform a specific role.

Do you want to be a Cyber Security Leader?

You might dream of becoming a CISO, or a team leader...

Whatever your ambition may be, you need to build the skills to rise to the occasion.

Here are 6 FREE leadership courses (beginner to advanced) 👇 Before we dive in, help me spread these free courses!

Repost to your network or share with a friend 🔁