Originally published on: https://medium.com/codestory/so-you-want-to-get-into-cybersecurity-this-year-heres-what-you-should-learn-75cddc19aa1c
As we welcome the New Year with a 3rd national lockdown in the UK, it, unfortunately, means some of us have had to cross off going to the gym as part of our new year’s resolutions. For those who may be interested in adding cybersecurity as a replacement, I wanted to highlight some skills worth learning this year which will definitely help kickstart your career in cyber. It’s not the same as deadlifting your first 100kg, but doesn’t the thrill of learning how to protect the internet sound equally amazing?
As we have been plunged into remote working, for many organisations, it has created a skills gap. Across the country, we have seen companies continue to recruit for roles in cybersecurity and cloud infrastructure. They are many roles this covers, this can be from Security Analysts monitoring the cloud estate to Site Reliability Engineers ensuring web services are coping with the huge surge in demand. As we have seen, even on the first day back of work AWS and Slack had minor outages due to the surge in users. What was interesting about the AWS outage was the knock-on effect as many companies rely on AWS. This was also seen in December when the majority of Google services went down.
1. Learn Cloud
It’s not too late! There are currently 3 mainstream cloud providers which many organisations seem to prefer, each offering different solutions, but skills are usually interchangeable. Each also offers a cybersecurity pathway and once certified, it will make seeking roles in this field much easier as the industry is gearing towards specialists.
A popular choice for beginners as they offer the AZ-900 Microsoft Azure Fundamentals certification. This is an entry-level certificate with a learning path provided by Microsoft that walks you through what the Cloud is and how to navigate Microsoft’s offering. As many organisations are currently tied into Microsofts architecture (Windows Active Directory etc and many other legacy offerings) you will find this tends to be a popular option in the public sector. So opportunities for work will be available and even firms looking for consultants and cloud security experts, will be looking for those with skills in Azure.
Azure Certifications 🙇🏾♀️
The certifications below are entry-level certifications which require the use of Azure. This can be obtained via lab environments when studying or using Azure resources on projects. It is worth utilising your £150 credits on trying out some projects so you get a feel of deploying and managing Azure instances. An example project using your credits to run deploy a T-Pot honeypot cluster utilizing Docker on Azure.
- Microsoft Certified Azure Fundamentals — AZ-900
- Microsoft Certified Azure Administrator Associate — AZ-104
- Microsoft Security Engineer Associate — AZ-500
Microsoft offers pathway learning content which is a great place to start off learning their platform. The content is in-depth and often gives you a fair idea of the concepts but it doesn’t necessarily offer enough to get you through the exams. Practise exams and lab sessions should be a key thing to look for when looking for content to study for these exams. As you go further into the Microsoft certification route, exams start shifting more towards scenario and use cases which test your application skills to problems rather than your memory. This is where access to labs becomes important.
It is wholly possible to learn some of these with free resources, if you already work around infrastructure and cloud, some of these concepts won’t be new so the free resources can be backed up by preexisting knowledge, but if it’s your first time using the cloud, it may be worth looking to access paid subscription services like Pluralsight, ACloud Guru or finding a great deal on Udemy.
Resources to get you going 🚀
Google Cloud Platform (GCP)
Google Cloud Platform (GCP) is an alternative to Azure and popular with startups and a wide variety of fields. In my opinion, it is the most user-friendly interface and easiest to learn and GCP, as it’s commonly known, does not currently offer an entry-level certification similar to AZ-900 Fundamentals from Microsoft. For cybersecurity, GCP does offer the following:
Both exams are 2 hours long and occasionally Google does offer discounts and for new users, they can redeem $300 worth of Cloud credits which can be used to build test environments. You can see what I have been able to build with the credits here.
It is worth having a look at the marketplace as well and you can be able to deploy the likes of managed Elasticsearch instances, Firewalls and run servers running the likes of Kali and other security tools. It is also worth understanding how access and keys work and setting up these securely by getting familiar with the documentation.
Google does offer learning material which is very comprehensive for the exams, it is sufficient to pass the exam but as people learn via different methods, it is worth also looking at alternative learning providers. I have listed resources below from Google going into depth the skills they expect from Cloud Engineers and then Security Engineers.
- Practise Exams for GCP Professional Cloud Security — Free
- Exams, Labs and Learning content for GCP Associate Cloud on ACloud Guru — (Paid Membership)
- Preparing for the GCP Cloud Associate Cloud Engineer Exam — Free Course by Coursera
- Google Cloud Security Professional Course — Free Course by Coursera
- Recently came across this series on Medium by Bekah Lundy where she documented her journey into GCP coming from an AWS background. Her notes are very detailed and are a good resource if you need a refresher on GCP concepts:
Google Developers Codelabs provide a guided, tutorial, hands-on coding experience. Most codelabs will step you through the process of building a small application or adding a new feature to an existing application. They cover a wide range of topics such as Android Wear, Google Compute Engine, Project Tango, and Google APIs on iOS. I highly recommend becoming familiar with code labs. A lot of learning about Cloud involves hands-on trying things out, and where you can utilize resources by the provider in the form of labs to give you experience. A combination of Youtube + other free resources will help prepare you for any exam.
Amazon Web Services (AWS)
Amazon Web Services (AWS) is possibly by far the biggest in terms of Cloud Provider services but also the most expensive in terms of certifications. It is however widely more used than GCP for example. So opportunities for work will not be as hard to come by. In terms of security, AWS offers the Security Speciality certification. It costs $300 USD to take the exam with practice exams available for $40 USD. As the cost of the exam is so high, it is recommended you have 2 years of working experience on AWS to take this exam. Views Mate recently published his experience on taking the exam and what to expect. For entry-level, they do offer the AWS Cloud Practitioner certification which they recommend you have 6 months of usage on AWS with.
For learning these, I recommend starting off with the Cloud Practitioner and follow the learnings provided by Amazon as the base before indulging in 3rd party content from the likes of Coursera, Pluralsight, Youtube and Udemy. As AWS is more popular, you will find it easy to find free resources, but it’s also worth remembering that sometimes they may not cover everything, so going through a wide range content not only exposes you to different teachers (you might find one who doesn’t annoy you after 9 hours of videos) but also helps you see the difference in quality with each platform as you look to tackle the next certificate.
- AWS Certified Cloud Practitioner: 6 Full Practice Exams 2021 — Available on Udemy
- 3 Steps to becoming an AWS Security Specialist — Medium Post by Stuart Scott which details most of the domains you have to learn and prepare you for the exam. It’s worth searching on Medium to see how others have taken on this challenge and what ways of learning helped them.
- AWS Security Speciality labs, exams and learning content — A Cloud Guru (Paid Membership)
For all 3 Cloud providers, they offer a variety of pathways and certifications and eventually all lead to architecture status. A combination of learning, practical use, and continuous development will get you there. It’s also worth noting that it may require some investment in paid content. Whilst Youtube can be a good resource, often the course material is updated faster than some Youtubers can keep up with. It is worth subscribing and following Google Cloud, Build Azure and AWS on socials as usually, they offer free webinars on different security tools, which is really helpful and offers an insight into what they are planning.
During this pandemic, as many organisations have been forced to utilize Cloud resources and add new tools to aid in remote work, so has the need for security solutions such as Elasticsearch by Elastic. A quick search on job recruitment boards for just the word Elasticsearch shows the sheer amount of roles available where organizations are looking for people to assist in monitoring, managing, building, and maintaining their Elasticsearch instances. With so many different use cases for the open-source tool, we will be focusing on the Elasticsearch as a SIEM option and the certifications you could take on this year.
What is Elasticsearch?
Elasticsearch is a distributed, open-source search and analytics engine for all types of data, including textual, numerical, geospatial, structured, and unstructured. Elasticsearch is built on Apache Lucene and was first released in 2010. Known for its simple REST APIs, distributed nature, speed, and scalability, Elasticsearch is the central component of the Elastic Stack, a set of open-source tools for data ingestion, enrichment, storage, analysis, and visualization. Commonly referred to as the ELK Stack (after Elasticsearch, Logstash, and Kibana), the Elastic Stack now includes a rich collection of lightweight shipping agents known as Beats for sending data to Elasticsearch.
How does it fit into cybersecurity?
What people love about Elasticsearch is the ability to ingest anything, from logs from a firewall to logs from Azure. As many organisations have opted for using Elastic as a SIEM to ingest security data, it’s meant that the software has evolved and as such so has their offering. With certification now aimed at security users and engineers instead of just architects who build the cluster.
- Elastic Certified Engineer — (Cost $400 USD to sit the exam) — This certification is designed for versatile Elasticsearch experts who can install and manage Elasticsearch clusters, as well as develop solutions for searching and analyzing their indexed data.
- Elastic Certified Analyst — (Cost $300 USD to sit the exam) — Certified analysts are experts at using Kibana for both data visualization and analysis. From creating powerful dashboards to analyzing time-series data to developing machine learning jobs, they can do it all.
Resources and learning 📖🙇🏾♀️
My first time using Elasticsearch was when I worked in a Security Operations Centre. My training was as hands-on as it gets. I was tasked with building an Elasticsearch cluster running on Ubuntu, and then configure a SNORT machine which would send out logfiles and Logstash could filter out the logs and build an index. The graduate in me was screaming as I had no idea what any of this meant but the company I was at were very supportive and allowed me the time to study, research and then build, fail and try again till I got it right. It was during this process I was able to understand the configuration element of Elasticsearch, how it ticks, what makes it break and how to fix it. I recommend building out the stack on virtual machines before attempting the cloud offering and also the container offering.
- How To Build and Configure an Elasticsearch Cluster — via DigitalOcean
- Installing Elasticsearch on Docker — via Elastic
Upon building a cluster, it is worth then moving to the learnings and Elastic offers regular discounts on training and webinars about different use cases. As it’s open source, there is a great community of engineers also offering content about different use cases for Elastic.
- Complete Elasticsearch masterclass covering Logstash and Kibana — Udemy (Paid)
- Running and deploying Elasticsearch on Kubernetes by Adnan Rahić in The Startup — A comprehensive guide on installing Elasticsearch in a different environment if Kubernetes is where your skillset sits.
- Using Elasticsearch and Kibana containers while learning Elasticsearch by Selin Unal — Containerization is a popular method to deploy and learn Elastic if your machine isn’t powerful enough to host virtual machines, this guide helps you set up that environment.
Python is the language I highly recommend users learn as part of their cybersecurity skillset this year. It ties in perfectly with the first 2 skills above as Python is great for automation and can be used to make your life easier in the field and to also utilize some of the tools people love connecting with Elasticsearch. There are currently many boot camps and training providers offering free Python courses. The best way to learn any language is to put it to practical use.
But, first of, what is Python?
Python is an interpreted, object-oriented, high-level programming language with dynamic semantics. Its high-level built-in data structures, combined with dynamic typing and dynamic binding, make it very attractive for Rapid Application Development, as well as for use as a scripting or glue language to connect existing components together. Python’s simple, easy to learn syntax emphasizes readability and therefore reduces the cost of program maintenance. Python supports modules and packages, which encourages program modularity and code reuse.
- It’s worth starting with the Documentation from Python, they offer a brief tutorial on setting up and learning Python. This is the perfect starting point.
- DataCamp Team offer a free Introduction to Python Course
- Code Academy offer great resources to learn how to code. They have a Python option which is initially free but you can pay to get access to more resources and they regularly offer discounts.
- Coursera is another great option to learning Python, you can search their extensive course list on the Python framework.
Learning coding this year?
Here are 15 Sites where you can learn Coding for free:
– Khan Academy
– Evanto tuts +
– Code Avengers
— ‘Tunde Omotoye (@TundeTASH) January 9, 2021
It’s worth noting that some of the resources listed aren’t free. Whilst free options do exist, at times during my journey I have realised that not all that is free is great. Materials can often be outdated and they aren’t a requirement for some of these great free resources to update at the rate paid providers can. Elasticsearch is regularly updated, for example, when aiming for certifications, they often include the new features as well so ensuring you’re watching the latest content and learning and utilizing the resources by the provider is a sure way to make you aren’t surprised in the exams. If you’re new to cybersecurity and are also looking for support during your journey, it’s worth joining a community. A place where you can ask questions, share resources and also get help. I have listed some communities below where you will be able to find support:
- Xuntos — They building the largest community of bright, ambitious and talented individuals from underrepresented groups in the technology industry. They also have a Whatsapp Community you can join, ask questions in, and also get resources and support on your journey.
- Arkisites — They are dedicated to bridging the access gap between the tech sector and minority ethnic groups. They also have a Slack community where you can join and join part of the conversation. With channels dedicated to sharing resources and developers, if you’re learning Python and need support, this would be a good place to start.
- Seidea — A community dedicated to upskilling the underrepresented for Careers in Cybersecurity with a focus on getting more women into cybersecurity. They often hold events with senior cybersecurity professionals and have a newsletter where great resources are shared.
- Cylon Go — An initiative by CyLon to increase diversity in cybersecurity by providing grants for training courses to those looking to enter the cybersecurity workforce. More info here: https://cylonlab.medium.com/announcing-cylon-go-84f120b9fdc0
If you have any questions you can reach me on Twitter: @StevenChap and I will be happy to answer.