How to Get Started in Cybersecurity: Learning Some Tools
If you read our last blog and covered the basics, you’re off to a great start. However, NOTHING stays the same in cyberspace… and that’s why you need to keep learning and evolving. Here’s the next level of things you can learn for free, including offensive security, cloud security, and other tools that are usually at the heart of a security stack.
Offensive Security
Penetration testing is a very difficult specialty to penetrate. However, there are many, many resources for learning offensive security. Even if you don’t intend to study penetration testing as a specialty, you can learn a lot by practicing ethical hacking with some of the resources below.
Kali Linux
An operating system (such as Mac OS or Windows) used for penetration testing. Simply put, you MUST know Kali Linux to get into offensive security. Install it as a VM on your home computer and start practicing. There is also Parrot Security, an alternative operating system to Kali Linux. However, if you’re unfamiliar with Kali, that’s where you should start instead of Parrot.
Damn Vulnerable Web Application (DVWA)
This is an excellent tool that you can use to practice many of the basic skills covered in the first part of this document. Download the DVWA, install it on a VM on your network, then attack it! It’s fun and the installation part alone will get you working with Github, the Linux terminal, databases and web servers.
Try HackMe
This is a great site to learn about many different areas of cyber security. Originally designed to teach penetration testing, it now offers numerous training paths to learn about networking, forensics, security operations, and more. There is a free account that provides some beginner rooms, but there is also a pro account for a small monthly fee.
HackTheBox
A more advanced training platform with free boxes to hack into – they change frequently. If you are serious about doing penetration testing, this is the site for you. You have to hack yourself just to get an account. Like TryHackMe, HackTheBox offers both a free account and a professional account.
Internet Expert (INE)
A complete training site that offers a free account for those who want to complete the basics of security.
Popular attack tools you should know about
- Burp suite
- Hydra
- metasplit
- mimic cat
- nmap
- Hydra
- John the Ripper
- Wireshark
Cloud security
At the very least, you should understand what the cloud is and how it has different security implications than traditional on-premises architecture. Be sure to understand the differences between Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS). There are three main players in the cloud industry:
- Amazon Web Services (AWS): AWS offers many different learning opportunities, including free live training via Twitch and several free digital courses to get you started. You can also sign up for a free AWS account and work through Well-Architected Labs.
- Microsoft Azure: Microsoft offers free basic training for Azure. You can take a certification exam at a relatively low price (compared to other certifications), but it is not required.
- Google Cloud Platform (GCP): Google offers free cloud training to learn about its cloud platform. Google also offers free, interactive training events as part of its Cloud OnBoard initiative.
Additional security tools
You don’t have to learn them all, but it helps to know one or two thoroughly. This will help you move into a specialty.
- Security Information and Event Management (SIEM): If you’re not sure, start with a SIEM, one of the most popular tools in a security operations center (SOC). These tools are used to aggregate and analyze data from many different sources – and for threat detection, analysis and response.
- Security Orchestration, Automation and Response (SOAR): Another common SOC tool is a Security Orchestration, Automation, and Response (SOAR) platform used to automate security actions such as a playbook. These often require an understanding of JSON, Python, and APIs.
- Intrusion detection/security systems: There are open-source tools that offer IDS capabilities and more – and give you great opportunities to practice threat detection on a home network.
- Vulnerability Scanning: Vulnerability scanning can be a precursor to penetration testing, or it can serve as a standalone capability for information security teams.
Understand certifications
Cybersecurity is an industry that places a high value on certifications. In fact, some organizations find more value in certifications than in a college degree. Additionally, if you want to work in government or defense, you may need to have some of these certifications before you can get permissions on a computer. Technical certifications can be divided into two types:
- Manufacturer-independent: These certifications are managed and recorded by a central party such as CompTIA, EC-Council, Cloud Security Alliance and (ISC).2 . Vendor-independent certifications are a great way to show you have the foundational skills needed to learn a specific job role.
- Manufacturer specific: Many cybersecurity vendors offer their own certifications to prove you understand a particular vendor’s product. These will usually help you embark on a specialization path and take an advanced step in your career.
In my recent blog on getting started with cybersecurity, we take a look at different roles to consider along the way.