¶ Technical Skills to Acquire Before Getting Into Cybersecurity
While you do not have to be an expert in all these areas it is important to have a firm grasp of the following topics
¶ 1. Youtube channels about basic IT
IT Career Questions: Zach Hill’s goal is to help you find answers your questions about anything and everything Information Technology Career-Related and set your mind at ease.
Professor Messer: Professor Messer is the Internet’s most comprehensive choice for CompTIA A+, Network+, Security+, and other IT certifications
¶ 2. Networking Fundamentals
¶ Why It’s Important
- Understanding how data flows through networks is essential for identifying and mitigating threats. Many attacks exploit network vulnerabilities, so a solid grasp of networking helps you detect, prevent, and respond effectively.
¶ Topics to Learn
- OSI and TCP/IP Models
- IP Addressing and Subnetting
- DNS, DHCP, and NAT
- Firewalls, VPNs, and Proxies
- Common Protocols (HTTP, HTTPS, FTP, SSH)
¶ Resources
- Computer Networking: A Top-Down Approach by Kurose and Ross
- Cisco Networking Basics
- Hands-on labs with Cisco Packet Tracer.
- Professor Messer Youtube channel
- Cisco packet tracer labs
¶ 3. Operating Systems (Windows, Linux, macOS)
¶ Why It’s Important
- Cybersecurity professionals need to secure and troubleshoot different operating systems. Linux is particularly important in cybersecurity tools, while Windows dominates enterprise environments.
¶ Topics to Learn
- File Systems and Permissions
- Command-Line Interfaces (CLI)
- System Logs and Auditing
- Process and Service Management
- Basic Scripting (e.g., Bash, PowerShell)
¶ Resources
- The Linux Command Line by William Shotts
- Learn PowerShell
- Practice with VMs using VirtualBox or VMware.
- CLI practice Overthewire
¶ 4. Cybersecurity Basics
¶ Why It’s Important
- Familiarity with foundational cybersecurity concepts helps you understand how attacks work and how to protect against them.
¶ Topics to Learn
- CIA Triad (Confidentiality, Integrity, Availability)
- Common Attack Vectors (Phishing, Malware, DoS, SQL Injection)
- Threat Modeling
- Vulnerability Scanning and Penetration Testing
- Security Policies and Compliance Standards (e.g., ISO 27001, GDPR)
¶ Resources
- Cybersecurity Essentials by Charles J. Brooks
- Practice with TryHackMe and Hack The Box.
¶ 5. Programming and Scripting
¶ Why It’s Important
- Writing scripts and understanding code is crucial for automating tasks, analyzing malware, and performing penetration tests.
¶ Languages to Learn
- Python: For automation and scripting.
- JavaScript: Understanding web vulnerabilities like XSS.
- SQL: Recognizing database-related vulnerabilities like SQL Injection.
- C/C++: For understanding memory management and low-level exploits.
¶ Resources
- Automate the Boring Stuff with Python by Al Sweigart
- Codecademy Course
- Free Code Camp
- SQLZoo for SQL basics.
¶ 6. Networking and Security Tools
¶ Why It’s Important
- Mastery of tools allows you to monitor, analyze, and secure networks and systems effectively.
¶ Tools to Learn
- Wireshark: Packet analysis and traffic monitoring.
- Nmap: Network scanning and vulnerability assessment.
- Metasploit: Exploit testing.
- Burp Suite: Web application security.
- Snort: Intrusion detection.
¶ Resources
- Wireshark Beginner Guide
- Nmap in Kali Linux
- Labs on Pentester Academy.
- To learn Burp Suite Portswigger Academy
¶ 7. Cloud Security Basics
¶ Why It’s Important
- As businesses move to the cloud, securing cloud environments becomes critical for protecting sensitive data and services.
¶ Topics to Learn
- Cloud Service Models (IaaS, PaaS, SaaS)
- Major Providers (AWS, Azure, GCP)
- Identity and Access Management (IAM)
- Cloud Security Tools (AWS Security Hub, Azure Sentinel)
¶ Resources
- AWS Free Tier for hands-on practice.
- Cloud Security for dummieshttps://amzn.to/3C1o7dQ) by Ted Coombs.
- Azure Fundamentals Learning Path.
¶ 8. Incident Response and Monitoring
¶ Why It’s Important
- Detecting and responding to incidents quickly minimizes damage and ensures continuity.
¶ Topics to Learn
- SIEM Tools (Splunk, ELK Stack)
- Log Analysis and Monitoring
- Incident Response Processes (Preparation, Detection, Containment, Recovery)
- Threat Hunting Basics
¶ Resources
- Splunk Fundamentals
- The Blue Team Handbook: Incident Response Edition by Don Murdoch
- Hands-on labs with CyberDefenders.
¶ 9. Cryptography Basics
¶ Why It’s Important
- Encryption is fundamental to protecting data. Understanding cryptography helps in securing communication, storage, and transactions.
¶ Topics to Learn
- Symmetric vs. Asymmetric Encryption
- Hashing Algorithms (SHA, MD5)
- PKI (Public Key Infrastructure)
- SSL/TLS Basics
¶ Resources
- Cryptography and Network Security by William Stallings
- Cryptography Basics (Udemy)
- Practice encrypting/decrypting with OpenSSL.
- Cyber Chef
¶ 10. Penetration Testing and Ethical Hacking
¶ Why It’s Important
- Learning how attackers think and act allows you to strengthen defenses against real-world threats.
¶ Topics to Learn
- Reconnaissance and Enumeration
- Exploitation Techniques
- Social Engineering
- Post-Exploitation Tactics
¶ Resources
- The Hacker Playbook by Peter Kim
- TCM Academy Practical Ethical Hacker
- Practice on Kali Linux and OWASP Juice Shop.
¶ 11. Virtualization and Containerization
¶ Why It’s Important
- Many organizations use virtualized environments and containers. Knowing how to secure them is crucial.
¶ Topics to Learn
- Virtual Machines (VMs) and Hypervisors
- Docker Basics
- Kubernetes Security
- Virtualization Security Best Practices
¶ Resources
- Docker for Beginners
- Container Security: Fundamental Technology Concepts that Protect Containerized Applications by Liz Rice
- Practice with Vagrant and Proxmox.
¶ Additional Resources
