Welcome to Episode 1 of The Sweet Urchin Podcast. In this podcast, we will discuss the latest news, technology, food, wellness, and lifestyle while incorporating some ideas of humor, business moves, and personal growth.
The Sweet Urchin was chosen as a “play on word” for sea urchin. We know them as shells with spikes, but some of us also know them as a delicacy in sushi. That’s what makes a sea urchin… sweet.
how to start a career in cybersecurity
the cybersecurity domain
Cybersecurity is a broad range, with many components contributing to the overall idea, including:
- Network Security
- Incident Response
- Cyber Forensics
- Identity and Access Management
- Security Architecture
- Penetration Testing
- Red Teaming
- Cybersecurity Awareness
- Application Security
- Governance, Risk, and Compliance
- Threat Intelligence
- Cloud Security
- Data Security
- … and more
Companies may label these domains differently, but you’re ultimately doing the same work.
how to decide a cybersecurity niche
Research and understand the basics of the many cybersecurity domains. See what interests you. I enjoy performing hands-on activities, leading me to penetration testing.
Understand the fundamentals of technology. For example, if you want to dive into network security, you should understand the basics of networking; know the OSI model, what a firewall is, what typical insecure ports are, and so on.
how to start
College: Many colleges offer a Bachelor’s program for cybersecurity (can be labeled differently). I went to college for cybersecurity (known as information systems). My first job involved performing basic information technology duties, while incorporating basic security concepts such as security awareness (i.e. phishing emails). I accepted a full time position as a cybersecurity consultant straight out of college and eventually transitioned to an internal cybersecurity operations role.
Self-Taught/Bootcamps: Many universities and companies offer cybersecurity boot camps for 8-10 weeks without having to dedicate to a Bachelor’s program. I highly recommend playing cybersecurity capture the flag competitions and following cybersecurity influencers. Attend networking events to meet industry experts. If you can impress someone through a first conversation, they can refer you to someone they know who might be looking for cybersecurity staffing.
You can read different books. Here are some of my favorites*:
- Red Team Field Manual
- Blue Team Field Manual
- Security+ Training
- Certified Ethical Hacker Training
- Amazon Web Services Cloud Practitioner Courses
You can also watch prior talks from cybersecurity conferences, such as Defcon, where they release the latest and great tools and techniques.
cybersecurity individual contributor vs management
It’s okay if you want to end up being in cybersecurity management, especially if you’re interested in people management and tackling organizational challenges.
I enjoy being an individual contributor who is also a leader. I just finished a solo web application penetration test this past week (my first in YEARS).
You can be whatever you want, you do you.
It’s okay to start somewhere and transition to different domains. Knowing how different domains function is good, as there are dependencies. Don’t be the network penetration tester who doesn’t know what a domain administrator is.
podcast guest: cybersecurity professional
I welcomed my guest, Mario Perez, a cybersecurity professional specializing in Incident Response to the podcast.
This cybersecurity professional found his passion in cybersecurity when he was a senior in college, thanks to his placement as an analyst in a company’s cybersecurity program. It didn’t make sense for him to change his major, so he completed his Bachelor’s degree and learned about cybersecurity methodologies on his own time. He demonstrated ambition and passion in cybersecurity, and was given an opportunity to join the cybersecurity operations team. He learned a lot from labs, peers, and podcasts/videos.
He recommends majoring in cybersecurity (or related) in college, going through online labs, playing capture-the-flag competitions, and following cybersecurity professionals on Twitter/X. You can learn from other people’s cybersecurity projects. You don’t have to be the most technical person; you can be a great writer and do cybersecurity risk or cybersecurity awareness. He listens to the Detection: Challenging Paradigms Podcast.
It comes down to one thing: passion.
I asked what happens if an analyst submits the following query in Splunk: “index=*” Time: All Time?
This will take up all of the resources in the Splunk environment, and the cybersecurity engineer will be upset.
My workaround is that if you’re trying to understand the type of logs being ingested in a new environment, you can limit the time (i.e. last 24 hours) and query: “index=* | stats count by index”.
There are different ways to do it. Just don’t do All Time.
You will learn how to use the tools on the job. I learned how to use Splunk in my last job and a code security scanning tool during this job.
Splunk offers free training for Splunk Fundamentals 1, 2, and 3.
If you have any questions, please contact me, drop a question, etc. Don’t forget to subscribe. Thank you for watching/reading!
The commissions earned through affiliate links (at no additional cost to you) help support the maintenance and operation of this website. Please note that I only recommend products and services that I genuinely believe in and have personally used or extensively researched. Thank you for your continued support.