There are lots of posts out there that seem to be giving so many mixed messages as to what makes a good entry level “Cyber Security Analyst”.
So I thought I would just throw my thoughts into the mix as well. Hoping that having a simple 5 things as a set plan will help guide someone along the way if they are starting to get confused by all the advice and guidance that’s out there.
This is specifically aimed at the “Blue Team” however; it should really be the foundation of anyone wanting to get into the world of Cyber Security. I mentioned a key word “FOUNDATION“. You need to have a solid foundation and understanding of the “Basics”. Without this you will struggle to keep up in the fast paced world of Blue Teams.
5 Key Things
- Basic Networking Principles
- Operating System Fundamentals
- Basic Programming
- Enthusiasm (by the boat load)
- Investigative Mindset
Basic Networking Principles
To understand information flows on systems both Information Technology (IT) and Operational Technology (OT) a basic understanding of networking and the processes of how devices and systems communicate are key. If you do not understand how the communication works then it will make it very difficult for you to find the potential needle in the haystack when investigating packet flows or captures. Knowing the top ports and protocols and the OSI model, specifically how each layer interacts will give you a massive advantage.
Operating System Fundamentals
In the majority of businesses there will be multiple operating environments which may use multiple operating systems. Having a good understanding of Windows, Linux and MacOSX will mean you are versatile when approaching each new customer or organisation. A lot of Security Operations Centre (SOC) tool sets may be based on Linux so having a firm understanding of the Linux Command Line Interface (CLI) is a must. When investigating incidents having a good knowledge of different Operating Systems can allow you to understand all the information in the event logs and easily put together the pieces to work out what’s happened.
It is beneficial (but not always necessary) to have at least the understanding of a programming language. In most scenarios Python seems to be the entry level language that the majority of entry level candidates seem to learn. As I have said above any programming language and experience is good as its not the language but the structure and understanding of how the programming can affect applications that is key. If you have a base understanding of how the code is written then you can investigate and interpret that code a lot easier.
Enthusiasm (by the boat load)
Having passion and enthusiasm is a key requirement. Being able to demonstrate that you are going above and beyond in your own time will show that you have the drive and determination to succeed. One example is to have your own lab at home with virtual machines for testing and learning new concepts. If you have built your own Security Incident Event Management (SIEM) system and there are lots of Open Source (Free) ones out there (Wazuh is one example) , shows that you are eager to learn. Getting involved with different online forums and groups and keeping up to date with the latest threats and attacks will also show that you are ensuring you are up to date.
Being able to understand and investigate situations in a logical way using frameworks is a good way to set yourself out from the crowd. For example understanding and using the Kill Chain or Diamond models when conducting analysis and potentially liking this to the Mitre Att&ck framework will stand you out from the crowded potentials.
Questions / Advice
If you have any questions or would like some advice and guidance then please reach out to me via social media.