5 Entry Level Cyber Jobs You Need to Know About

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
there are so many great jobs within the cyber security field not just the obvious ones like penn tester or sock analyst and a lot of people don't know about them and more importantly they don't know about the pros and the cons of each of those jobs so this week i'm going to be showing you five different entry level jobs in the cyber security field that i'm going to explain what they are what is the best part about that job what's the worst part about that job and if any of them resonate with you i'm going to give you resources that are absolutely free that you can take advantage of to get the skills needed to go ahead and be able to target yourself for those specific jobs coming up [Music] hey everybody welcome to simply cyber youtube channel designed for helping you take your cyber security career further faster my name is jerry osier and every week i push out videos of cyber security education content for you all so special thanks to our sponsor coastal information security group really love the work they're doing and be sure to stay tuned to the end for our one cool thing segment but let's get into the content of today's show so as i mentioned in the in the teaser at the beginning you know there's tons and tons of different jobs within the cyber security field and a lot of people don't know about them or they think that there's only like one or two options and that's what they have to do and that's not true so this week i had given a talk just a couple weeks ago to the women in cyber security organization at the university of windsor up in canada and great great group of people excellent questions i had a fantastic time it was about an hour long uh presentation i gave but one section of it was diving deep into five different roles so i've i've cut that out of the lecture and i'm packaging it here so you can just draw drill right into that value so the way the format is going to work is i'm going to tell you the job i'm going to tell you the best part about it i'm going to tell you the worst part about it i've done most of these jobs okay and for the ones that i haven't done i've worked with people closely who have done them so this is informed opinion this isn't speculation on what's so great about it and what sucks about it okay so just know that and i hope um you can find something that resonates with you and you can find your passion and you can get into cyber security because it is an awesome awesome field all right so let's just jump right into the uh to the talk but there is so much in cyber and of course it pays well and there's tons of job opportunities and that's great but like if you can find passion in in something specific it'll be the best thing you ever did so let's take a closer look at actually five specific ones now i've selected these five because they are um i want to say there's a there's a wealth of opportunity uh these aren't super nichy super high you know 25 years of experience type jobs these are you know tailored for the zero to three and really like three to seven years um things uh just as a heads up on the legend for the five different jobs i'm going to talk about there'll be an infographic where the picture is that kind of explains it and everything you can go back and dig into that afterwards there's a lot of content on the right i'm going to provide on the top right i'm going to provide like one of the coolest things about that job and on the bottom i'm going to give you one of the worst things about that job because it doesn't matter what job you have it could be the best job in the world it there's got to be something downside about it right not everything is awesome all the time so i'm going to reveal that to you too so the very first one that i want to get into is incident responder now these graphics with the extra detail comes from um the nic erc which is a u.s government-based org they resolve now to cyber.org if you put in that url but basically it's it's a u.s government on agency that helps develop curriculum for cyber security uh programs they do a lot of k through 12 stuff uh but this content is fairly uh spot on the only thing i would argue is that the median salary is probably about 20 higher than what you will find in reality um okay so having said that incident responder this is the person who is like sec ops they're called blue team sometimes this this job is there's a lot of this job you either work at a managed systems a managed security um system provider solution provider whatever you want to call it and basically businesses send their network traffic to those mssps and you know people are working the desks manning and watching it and stuff like that and you know being alerted when there's intrusions and everything like that like a lot of hollywood movies you'll always see the person who's like you know like usually the good guys they're like oh no like they got past our firewall blah blah blah like those are the blue team people that's what this does um this is a really cool job like you will find a lot of uh job opportunity and stuff like this you get to solve kind of interesting puzzles and stuff like that you could see the pro of this job like that's a mountain biker doing an awesome jump you will get some really wild some really cool um things because it's you're defending from active attacks like someone is attacking your organization network your people whatever it is and you are the front line you're defending from live attack so it's very very cool um the one downside that about this is bad guys don't work on monday to friday nine to five and they don't take holidays off okay so in 2014 if some of you recall lazarus group or no not lazarus group excuse me lizard squad who's kind of like um akin to anonymous if you've heard of them lizard squad they actually denial a service attacked microsoft's uh network and playstation network so if anyone in here uh got a cool video game like call of duty or something for christmas that year they couldn't play it online because lizard squad denial of service attack both of those networks so the people with microsoft and playstation or sony who were working those desks had to leave and go to work that day on christmas morning and they didn't get off until um 2 a.m on the 26th so being a defender is awesome but you don't get to pick and choose when you're defending right it's like you work a normal job but then there's a lot of burnout and stress because you have to deal with it when the problem happens right so just be aware of that if if what i just told you sounds exciting and this is for you like you you like the challenge of defending multiple doors and being that defender i've included and again this is for afterwards but i've included three good resources for you to check out this first one is amazing so this is um a youtube video by eric capuano who's the cto of uh recon infosec which is one of those mssps i mentioned he's like a wicked seasoned uh incident responder blue team guy but this is urgent i.t update he walks through it's probably 45 minutes he walks through an entire incident from we've detected something weird all the way you know booting the bad guy out doing the write-up and all that like the full span of what that job would entail so if you are remotely interested in and you have you're willing to invest 45 minutes in your future um i would recommend checking that out because that will tell you exactly what this job really looks like at the keyboard um and then i've included a couple of other things the last thick stack is a kind of a free um there's a this thing called elk step which is kind of how a sim tool ingests logs and how uh blue teamers would look at them you can get some free training on that and if you really want to go nuts like this is 45 minutes this one is a full semester-long course from nyu that gives you it's around cyber threat detection in real time so you can you can go real deep if you want uh i'd recommend doing the 45 minute course first and see if it's a good fit the next uh job is cyber forensics expert so now this is kind of part and parcel with the blue team of the cyber incident responder we just talked about uh except they typically the incident responder puts the fire out the forensics expert figures out who started the fire and if the person who started the fire or the group who started the fire is still somewhere in the network holding a pack of matches waiting um for you to go away so they can light another fire or if there's you know quietly leaving breadcrumbs or persistence mechanisms sometimes they're called to allow them back in afterwards so the forensics expert actually figures out what it was this is meticulous work um long hours uh interesting puzzles you gotta understand technology quite a bit uh that's why the rubik's cube's here um it's very involved you get to go on to like you know bits and bytes into the disk and dead disk analysis and stuff like that you can analyze malware in memory while it's actively running if it's a bit more complicated this is a really cool field these are the people who get interviewed in court cases on you know what happened or you know tell me why or whatever like this is what that is um so this is kind of fun um i i put the negative here is the clock like time like you could spend you know a long time doing an analysis and maybe not find anything because how do you prove a negative right you you don't know if you've completely exhausted all possibilities and you just or you just didn't actually uncover um something right so the uh that's what the clock is there so if this is for you you're big into the forensics and you like you know figuring out why i've put a couple um resources here uh this is um no bite which is you know kind of an online group that does some really really great cyber security tutorials but cali linux which is oftentimes associated with pen testing actually has a nice forensics meta package suite that you can install and do stuff with so you um they actually have a nice write up here on how to get that package installed and how to play with some of the different things if you'd like to get into it again i've got a formal course here on digital forensics if you want to go all in and really commit yourself and then i have a nist here on how to incorporate digital forensics into incident response uh and nist is like a think tank for the united states and they publish all sorts of great cyber security stuff the third one is the cyber security engineer now this is kind of like a catch-all one um usually like the generic terms in the field are analyst or engineer uh engineer is kind of hands-on very tech related they could be the person working the firewalls they could be the person working the mobile device management or the casvi solution um typically you will evolve from engineer like engineer you know junior engineer whatever middle senior and then architect because you have that that um background and awareness of like how the technology integrates and where the security weaknesses are and really how to understand um how to build these masterpieces as i i've put over here um which is you know pretty cool you can be involved with this like some really cool projects some really cool initiatives you will work with um this one this role works heavily with other um parts of the organization and especially especially like infrastructure like so the people were working the networking and end points like the the manage workstations or the servers you'll be working with them a lot because a lot of the solutions that the engineer builds uh will be integrated with those devices so you get to build some really cool stuff and work with some interesting people the downside this guy um he's trying to capture just frustration so i want to say that it's frustrating um because you can say like patch your stuff for example patch your stuff or the firewall is locked down you can't have access to it but then either like the business speaks and sometimes the business doesn't care right so like patch your systems well this system uh jerry can only go down for 15 minutes a month and we have to apply application patches that introduce new functionality that the customers want or that the product owner wants or whatever and we just don't have time to do your patches we'll do them next month and then next month comes and goes like any time you hear about these like data breaches because of patches like a couple months ago or last year maybe uh equifax was hit with the apache struts uh vulnerability had a external facing system that had a gross unpatched apache struts vulnerability where the patch had been out for a while and it looks like negligence but in reality the cyber security team does not manage those endpoints they don't manage the infrastructure the infrastructure team does so it can be very frustrating when you know what needs to be done and you're getting um either stonewalled or you're just getting no response or crickets and no support from from leadership so be aware of that uh if if this sounds good for you even though i feel like i just painted a horrible story um if this sounds good to you um you can use miter attack framework which is mitre is another think tank in the united states and they actually put this miter attack framework which basically fully encapsulates every possible way that uh threat actors can kind of affect your systems uh from infection to persistence exploitation and stuff like that this is a great resource to kind of give you some exposure again the idea is that you would grow into someone who's like architecting and engineering solutions i've got a fortinet free free access all this stuff is free by the way i should have told you that all the resources i recommend are free this is just specific training on a specific technology uh and then i added aws cloud security here so they aws is obviously incentivized for you whoops whoops they're obviously incentivized for you to understand how aws works so then you can go work somewhere and implement aws right so they're incentivized so they give training away for free which is great i will point out there's aws google cloud and microsoft azure aws owns about 64 of the overall global cloud market so two-thirds of the entire market is amazon aws so learning how to do security if you're gonna pick one cloud platform i'd pick aws and as a you know anecdotal note i i see a lot of web applications that are built in aws now like i do a lot of stuff at my day job as an information security architect at a large academic medical center and i'm seeing aws stuff all the time so understanding how to secure that stuff is going to get you a job okay so just be aware of that that's a great one great recommendation if you're not sure of course you want you got to want to be the engineer all right cyber operator now this is code for pen tester ethical hacker the the official title in the field is cyber operator or just an operator these are the people who typically um you're you're breaking into stuff you're doing recon uh this is like the sexiest job in the field because it's a lot of fun and you get to pretend to be a criminal basically um it's it's uh there's tons and tons of tools people are doing all sorts of open source tools people integrate there's a huge community um that supports you know this red team type work this penetration testing type work there's definitely a career path in this as i mentioned before web apps are like blowing up as kind of an area um within industry and being able to pen test those by the way you can do it remotely because it's a web application right it's supposed to be accessible from the internet um by pen testing those you're giving that assurance to uh the vendors that their product or to the developer software engineer that that is their um uh their product is secure right because no one wants to be on the front page the best thing about this job is you get to be the cool hacker person right like it's awesome right it's cool uh you know the hoodie whatever you want um you get to do a lot of cool stuff and when you pop a shell on someone's machine that you're not supposed to be in it's very exhilarating because you basically have broken in right the downside in any pen tester will tell you this is whatever you do in this phase whatever successes you have whatever you find you have to write it all down in a report and a lot of people in this job don't like writing period they like working hacking on a keyboard and breaking stuff they don't like writing reports and that i mean so that's the downside but if you don't have a problem writing reports you're good to go um so it's an acquired taste i've been told uh this one median salary 100 grand maybe in the pacific northwest but this job does get you paid um and there's you know some certifications and stuff like that so if this is what you're into uh i called out medisplate training so metasploit is a framework that you can use it's got a bunch of tools built into it um it's mostly for exploitation but um it's a great great tool you should learn it it comes built in with cali typically uh hacker split is a youtube content creator and he's got a great series uh covering it really really well i've watched it and i recommend it again free hack the box is actually a site that has different vms that you can like basically harness and hone your pen testing operator type skills they have their machines at like different levels too and they're community rated so like the community will say this is a hard machine or an easy machine or whatever that way it's not just one person how difficult it is or is not uh this is really cool in fact it's so cool that like you can't register on the site you literally have to hack the registration portal to be able to get it in a user account to log into the site um so you know it's kind of it's kind of fun um and it's just a great resource in general to start hacking away and understanding how to really do the job um hacking 101 which is basically um a six hours of training um again it's just training and then this is i want to call this out this is coming up on october 14th so you can still register for this uh but it's a explain development fundamentals course so like um exploiting is basically compromising a vulnerability to allow you to do something that you should be able to whether it's elevate your privileges um or break into a box like get access to a system or or turn something off whatever um these uh people are doing a very um introductory fundamentals course on how to write exploits so if i've got some people in the crowd who are like this sounds interesting from an operator perspective and you like uh coding stuff uh check this out because they're gonna teach you how to write exploits which is sick all right and then i think this is my final one vulnerability assess assessment right so vulnerabilities these are you know apply your patches there's great tools at the enterprise level where you can scan a free open source one is called openvos vas if you want to try one for free um but this one is kind of like the engineer except uh on the analyst side where you are um being aware of what the organizational risk posture is you work with compliance and governance quite a bit um to kind of have this um moving uh value of what your current posture is because as new vulnerabilities are released new technology uh becomes vulnerable or or exploits come out or uh legacy end of life stuff so if people are running windows xp or windows 7 one end of life in january uh for example so like it's it's a moving thing and it requires attention and a focused resource if not multiple resources depending on how large the organization is to manage that stuff and report metrics and do a whole bunch of other stuff so this one this one's great i feel like this one's a fairly uh not easy but like this one's a good entry level one because a lot of the tools are very mature within this particular vertical so you can you can get spun up very quick and there's a lot of education out there um i i put the the pro of this one is that you get like a you know 25 000 foot view of the organization you have a tool that scans everything right so you know exactly where everything is and what everything is you know what's in the dmz and what's not you know what traffic's allowed to pass and what's not so like you really have uh you're sitting at the control panel right and you can see everything so it's very very cool uh from that perspective um the the downside is it's the same frustrated guy right again patch your stuff okay like crickets like we're not gonna patch it like move along and then you gotta like run it up the chain and all this stuff so it can be frustrating to know that that you know apache struts vulnerability is right there or blue keep comes out a couple uh last year and uh you don't you have a rdp listening on the dmz and it's just you you want it to be shut off and you can't convey enough you can't scream loud enough into the void to get it fixed so that can be frustrating right if this is something uh that kind of interests you i put nessus here nessus is a uh a legit uh there's like three main players in the vulnerability scanning space nessus is one of them you can go get free education from them uh they also will allow you to download and use their tool i think you get like 17 ips so you could scan your home network and play with it and see how it works and stuff like that and then by the way put it on your resume that you know how to use that tool and that you've got experience using it uh also in this document on patch management and then us cert actually provides if you go to usartsista.gov you can get like real-time threat awareness stuff because understanding vulnerabilities is one thing but like a vulnerability they're not all equal right so like a vulnerability that allows um remote code execution with no authentication on uh you know some some in like obvious external service is like the worst right so that means anyone in the world can touch this and you've got it out there so they can be touched and they can walk right through the door without any knowledge of your infrastructure or any passwords or user accounts and stuff like that that's the worst that same vulnerability on a nearly air gap system that uh isn't really connected to anything is a way lower risk and it's not a big deal right so if you're staying kind of up to date on your threat awareness you might know that um you know this threat actor is is starting to look for these type of services or these type of systems on the internet so you can kind of um constantly be updating whatever your calculus is for understanding what your you know risk is basically okay so i've been mentioned several different uh you know two or three resources per job that i've covered here uh but i do manage this um github repo it's a free again i can't emphasize enough how important it is for me to share only free content with people in our community because i don't want money or finance or opportunity to be a impediment for anyone to be success okay well i hope that resonated with some of you i hope you found the job that makes you passionate for cyber security and please take advantage of those free resources um absolutely so but now it's time for our one cool thing okay so this week's one cool thing is bringatrailer.com now this has nothing to do with cyber security this has nothing to do with technology but bringatrailer.com it's an auction site for cars but you know i'm not a big car hound or anything like that but i you know when you grow up um you have some you know nostalgic cars from when you were young and it's basically like an ebay for cars but you can go and there's tons of different cars there and i'm a big fan of uh the datsun 280z series and you can get one for like three thousand dollars which is not cheap but it's not ridiculous right it's not like 75 000 or something like that so it's a fun site to poke around on and see what's going on there so if you uh want to take a trip down memory lane maybe pull up the first car that you got when you got your license and you're all pumped about your you know 1987 chevy beretta or whatever um you could take a look at that so check out bringthetrailer.com i have no affiliations with them it's just a fun site that one of my friends sent me and i've been uh kind of checking out and getting whimsically uh nostalgic about so that's gonna do it for our episode this week um thanks as always and be sure to leave a comment maybe hit subscribe uh bell for notification and until next week stay secure [Music] you
Info
Channel: Gerald Auger - Simply Cyber
Views: 38,244
Rating: undefined out of 5
Keywords: cybersecurity, information security, career, cyber, infosec, cyber security, cyber for beginners, blue team, college graduate, cyber job, cybersecurity jobs, entry level cybersecurity, entry level, no degree, cyber careers, simplycyber, simply cyber, cyber security for beginners, get into cyber security, careers in cybersecurity, how to start a career in cybersecurity, soc analyst, ethical hacker, jobs in cyber security, cyber security analyst, cybersecurity for beginners
Id: iW5UitULXLY
Channel Id: undefined
Length: 25min 17sec (1517 seconds)
Published: Mon Sep 28 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.