• Derek Scheller Jr

Careers in Cyber Security

In the world of cyber security there are various career paths that one may pursue. I fully believe that no matter which of the following routes you decide to take, you have a long hard road ahead especially if you are just entering the field. Cyber security is not something that you should get into just for the money that can be earned; rather because it is a passion and something you love. At the rate which computers, software, and technology changes you need to love what you do and the field you have chosen so that you may constantly be alert and studying those changes. Not only are degrees beneficial in the pursuit of your goals but certifications can give you a baseline for where you may be at. Companies such as CompTIA, SANS, EC-Council, IACRB, ISC2, and Cisco offer certifications that start at the bottom and even become more advanced to show you are experienced. The following are fields that you may study when considering Cyber Security:

  • Application Security/Secure Coding

  • Web Application Security

  • Malware Development/Reverse Engineering

  • Network Security

  • Information Security Analyst/Engineer

Application Security/Secure Coding

Application Security is a field that has been around for a while but not to the extent at which it is being looked at now. You have several areas that you can look into but the basis begins with learning Computer Programming. There are three levels of computer language that people study. Probably one of the hardest and the lowest level of programming is Assembly, this language interacts directly with the hardware of the computer and one step away from machine code. Following that you have the mid-level languages, i.e. C, C++, Java, and so on. C is more of a low-mid level language since it allows you to utilize Assembly in-line and as such can interact directly with the hardware of the computer as well. C++, C#, and Java are also called object oriented programming languages and allow you to use classes. The next level of computer languages are considered high level or rather scripting languages. Examples of these are Python, Ruby, PowerShell, Swift, and Perl. Scripting languages require the interpreter to already be installed for that particular language. Finally, we have the highest of languages or rather declarative languages. The most common of this area is SQL.

Though the above image isn't exact it is a decent representation of where the languages fall into place. To excel in this field, you would be best served to find a language you want to learn and become proficient. I believe learning either C or an object oriented language like C++ would probably be one of the best places to start. Those who have majored in Computer Science would most likely excel in this field, with the added bonus if they have learned secure coding practices and how to prevent buffer overflows. SANS also offers several courses and GIAC certifications to help demonstrate your proficiency. Some of the courses are DEV534: Secure DevOPS: A Practical Introduction, DEV543: Secure Coding in C and C++, and DEV522: Defending Web Applications Security Essentials which includes the certification GWEB.

Web Application Security

Web Application Security is a concentration in high level languages as well as declarative languages. In order to become proficient or even an expert in this field a major in computer science with a concentration of web development would be beneficial. The ability to write websites that do not allow for Cross-Site Scripting, SQL Injection, and other vulnerabilities is in high demand in today’s world. When you learn secure development of web apps you are able to work within any industry to help secure their online presence and backend network. Languages that it helps to know in this field are HTML (Hypertext Markup Language) and variants like HTML5 or XHTML, Java, JavaScript, SQL, and Flash. To further your education you continue down the DEVOPS track through SANS and even better work through the OWASP site. OWASP offers lab environments, Process lists, and cheat sheets of what to look for when pen testing your web app.

As a side note many of the qualities that suit a Secure Coding expert can work within web application security. The only difference between the two fields really being the languages that you work with and its environment.

Malware Development/Reverse Engineering

Like the previous two areas of cyber security this area relies heavily on computer programming as an area of emphasis. In this area, you must also be able to understand the complex operations of all operating systems so that you can evaluate how certain programming constructs can be used to exploit different systems. Being able to reverse engineer malware as well as discover 0-days in operating systems and other software would prove to be invaluable in the bug bounty industry as well as many other Cyber Security firms such as FireEye.

Network Security

Network security is one of the few areas that does not require knowledge of computer languages. This area of study would rely heavily on majors such as Computer Information Systems or Networking. Some of the major companies that offer certifications to help would be CISCO, Novell, Juniper, SANS, CompTIA, and EC-Council. When starting out it may be best to pursue your CompTIA Network+ and Security+. This can get you in the door at the ground level for a lot of places. Following that you should have worked towards your CCNA and CCNA-Security, or the equivalent for the hardware you have been working with. Knowledge of firewalls, IDS, and IPS is a must in this field. A lot of persons that have worked their way into network security have begun their path by starting in network administration as a junior administrator. This usually helps to give a base level knowledge of networks, and network administration. The biggest advantage to this field of study is that you can work almost anywhere as just about every company has a network that requires a network administrator.

Information Security Analyst/Engineer

The final field of study for a cyber security professional would be information security analyst and information security engineer. As an analyst you are relied upon to be able to analyze and view logs from networking equipment and operating systems. Some of the best ways to parse through logs is with SIEM hardware/software such as Splunk or ArcSight. As an engineer you should have a solid foundation in operating systems and operating system security, SIEM hardware/software configuration, and network security.

In closing I understand that I didn't really touch on the management and senior level positions as this was mainly for those who are just breaking into the field or possibly mid-level in their career. I will leave you with two closing remarks. Never stop learning, and Do what you love and love what you do.

  • Black Twitter Icon
  • Black YouTube Icon

Pittsburgh, PA, USA

©2017 Scheller Cyber Security | Proudly created with Wix.com