Futaba _ Webs πΈπΈππΈπΈ
How NOT to get into Cyber Security πΈπΈππΈπΈ
Today, I wanna go over an important topic about how NOT to get into Cyber Security. Today is the opposite day, so do the OPPOSITE of what I say! Building a personal brand allows you to network and find the RIGHT people that will take a chance on you! It's what got me where I am today and is what is allowing me to expand my opportunities! You'll learn a lot of key stuff that could help you on your Cyber Security journey!
π Article π Glossary π Catalog π Home π Search Modeπ Article Glossary
πΈ Synopsis πΈ
Today, I wanna go over an important topic about how NOT to get into Cyber Security. Today is the opposite day, so do the OPPOSITE of what I say! One of the most common and most illogical misconceptions about trying to break into Cybersecurity Iβve seen is the notion that you donβt have to be technical in order to pursue this field, on top of many other things that Iβm going to discuss in this article today. I want you to be mindful, NONE OF THIS IS GATEKEEPING. You need to hear the TRUTH in order to pursue Cyber Security.
πΈ Article Topics πΈ
I'll be discussing the following topics in order: π Ignore All Things Technical π YoU DoNt NeEd PrOgRAmMiNg FoR cYBeR sEcUrItY π Networking and Building your brand π Say No to Self-Development π Communication Skills Are Over Hyped You can click on any of the topics to simply check that one out if it interests you! NOTE: Articles are read from LEFT to RIGHT via 2 columns! Read the first column all the way down and then move to the next one!
πΈ Key Links πΈ
Here's a quick run down on all the main links that are in the article in case you want to check them out first. π LinkedIn Version π Ricki Burke π CyberSec People π Futaba's Playground π Why Programming is important for Cyber Security π My LinkTree π Mentorship Program
π How NOT to get into Cyber Security
Ignore All Things Technical πΈπΈππΈπΈ
There is a common misconception going around lately that you donβt need to be technical to be in Cyber Security, a lot of which comes from faulty marketing schemes and training programs that prey on those that desperately wish to enter the field, selling them this false mindset that they can learn Cyber and land a job in a matter of 24 weeks with no technical background or formal training: IT, networking, programming, etc, all in order to make a profit.
This is highly unethical and NOT true, and sets people up for failure in the long run, which leads to a lot of missing talent that is needed in Cyber Security right now. This also leads to a lot of people taking a lot of shortcuts that set them back in the long run, making them underprepared to enter the field.
Regardless of what side you are on: red team, blue team, purple team, or the type of technology you help secure, you NEED to have a deep understanding of it if you truly wish to secure it.
If you are a red teamer, you need to understand how various core technologies work in order to exploit them. This allows you to find critical flaws in the system you are testing against so it can be properly secured. How can you exploit something when you donβt understand how it works? Yes there are tons of tools, SQLmap for example, that can help red teamers pinpoint SQL injection vulnerabilities, but you still need to understand how SQL injection works on a fundamental level to use it properly. The tool is only as good as your fundamental understanding of the vulnerability it was designed to exploit. Not understanding how to find this type of vulnerability, even with the tool could cause you to miss critical vulnerabilities that did in fact exist, which can cause A LOT OF real world damage to an infrastructure if left unchecked.
If you are a blue teamer, you need to understand how core technologies work on a fundamental level so you can properly secure them. How can you secure something when you donβt understand how it works? Take the CTF server I made for example, "Futaba's Playground". It requires me to understand proper secure coding principles, as well as Linux system administration and configurations in order to properly secure the server. This prevents the player from bypassing any security for any and all challenges in unintended ways. I secured the server as if it were a real system from real threats, YOU, the player. If I wanted to take it a step further I can combine it with already pre-made tools and frameworks like SIEM and SOAR for example, that upgrade and smoothen the process for me depending on what I need it for. See where Iβm going with this?
YoU DoNt NeEd PrOgRAmMiNg FoR cYBeR sEcUrItY πΈπΈππΈπΈ
I wrote an article a while back on why programming is crucial for Cyber Security. You can check that out here if you would like to. For now, Iβm going to talk a bit about forensics, one of the main fields in Cyber that people want to get into but REFUSE to learn how to code for. A lot of this is due to what I mentioned earlier, about people being sold the false notion they donβt need to be technical to work in Cyber. You do need to be technical if you want to get into forensics. Forensics is crucial in that it stops the spread of malware should it pose a real worldwide threat.
Forensics, most of which involves a lot of reverse engineering and malware analysis, does in fact require you to know how to code, as well as be able to read it regardless of what programming language it might be in. Does it require you to understand how to program in every language and framework under the sun? No! But you do need to understand how code works, as well as the technology behind it under the hood. This also requires in depth technical knowledge about stuff like a debugger which allows you to trace binary code flow.
You need to understand how to write code so that you can replicate and/ or tamper with strains of malware you find. This allows you to cross test and find mitigations to secure against future malware infections.
You need to understand how to read code, regardless of whether or not it might be a language youβre familiar with in order to dissect it. Sure, stick to malware in languages that you are familiar with, but often in the realm of Cyber Security, hackers are creative, and youβll often find unicorn-like malware or techniques that you didnβt know about. You need to be able to adapt, and interpret it. Reading code is hard due to the nature of how sloppy and undocumented most code is written. You need to get comfortable with that and understand how to read and follow along core programming logic to understand how malware works.
Networking and Building your brand πΈπΈππΈπΈ
BUILD YOUR BRAND! BUILD YOUR BRAAANNND! I Canβt stress this enough. The market for Cyber Security is HIGHLY competitive right now. You need to stand out. Even if you are a skilled professional, people need to know who you are. Remember, itβs not about what you know (even though it is in Cyber), itβs about WHO, you know. Even if you are a skilled professional, if no one is able to see what you can do, and itβs not interactive then NOBODY CARES!!! Get used to that. Would you hire the nobody, or the somebody that has shown what they can do? Remember, this is a HIGH paying COMPETITIVE field, where places are looking to hire the best of the best. They are investing in YOU, to secure their systems, so donβt disappoint! There are tons of skilled people, but not many that show off what they can do, and lose out to many that are unqualified due to poor marketing. All brain and no aim.
Take for example, my brand Futaba_Webs. Iβve been in the dark for a while now about my skill sets and was just mindlessly applying to jobs and hoping for the best. I wasnβt networking or marketing myself so that professionals could engage with me and see my skill sets. This HURT me a lot, especially as someone that is self taught and cannot easily afford certifications. I have a lot of skill, most of which is βabnormalβ from the level I should be at professionally in case you havenβt noticed. Despite what my resume says, Iβve been in tech for YEARS, and in each role, if you read closely, I was ALWAYS involved in some form of Cyber Security in each one.
The results I got? Constant connections flooding in, my brand going in the right direction, being asked to provide MORE mentorship and when I'll be doing it with a program I plan to announce soon here, as well as being on the radar of high ranking and high level well established Cyber Security professionals. The results have been insane, and the support that has followed with it has been amazing as well. Iβve also been tagged in regards to large scale conferences and asked to speak at them, one I plan to do soon.
Even all of my articles and tutorials have been clever strategies to help advertise and sell my brand and get people to support my work so that they feel comfortable supporting my product I plan to launch soon which people have been asking for more of. People want to support you and aid you, but you have to PROVE you are legit. GET YOUR NAME OUT THERE NOW!!!!
Say No to Self-Development πΈπΈππΈπΈ
If you donβt like having to constantly learn and adapt, then maybe this isnβt the field for you. In case you havenβt noticed, Cyber Security is an ever evolving landscape, where threats are constantly evolving. You need to stay in the loop on new technologies and methods hackers use to breach systems. This information alone allows us to improve our overall security infrastructures and keep them safe. Refusing to adapt is like refusing to update from Windows XP to the latest firmware. You pick up what Iβm putting down?
Communication Skills Are Over Hyped πΈπΈππΈπΈ
Trying to sell CyberSecurity products and spread security awareness? Part of the reason no one takes their security practices seriously is due to the lack of understanding of it, and how itβs explained. Notice how ALL of my articles I go into FULL detail and break technical concepts down to their simplest form, with examples that are easy to understand while still retaining their core technical aspects. Notice how this entire article Iβve essentially done the same thing, while still being technical but not TOO technical. You understand? Good!
You need to be mindful that not everyone is technical and some people need it to be explained to them in simpler terms. COMMUNICATION IS KEY!
If you enjoyed this post give it a thumbs up! Iβll be keeping track of whose reacting from now on as there is a βspecialβ reason for it. Just know the more you support my content the more there is in stored!
- The Hacker Who Laughs πΈπΈππΈπΈ
