Cybersecurity is an overwhelming field that shaped the way how technology works in the 21st century. We no longer just think about how to create innovative industry approaches; we think how to make them secure by design. Academia and government have been doing their best to address an exponentially growing demand for cybersecurity experts. Computer Science Departments across the nation establish and push forward new initiatives that distinguish cybersecurity as a separate career path with its own curriculum and requirements.
Even though cybersecurity is considered to be a career by itself, it is tightly connected with both Information Technology (IT) and Computer Science (CS). One cannot become an experienced cybersecurity expert without getting his/her hands dirty and learning various aspects of technology, such as networking, operating systems, software development, and web. It does not necessarily mean that a cybersecurity expert has to be an expert in everything that IT and CS are to bring to the table. Rather, security professionals have to adapt to constantly changing technologies, becoming comfortable with understanding how business, IT, and CS work. At the end of the day, cybersecurity is about protecting confidentiality, integrity, availability, and privacy within already existing or newly created computing infrastructures. Therefore, when we talk about cybersecurity, the fulcrum of our discussion shifts to an intersection, where security meets current technology and provides a certain degree of assurance that the cyber threats are addressed.
Education and hands-on experiences play a vital role in nurturing a cybersecurity specialist. As algebra precedes linear algebra, cybersecurity should be approached after acquiring knowledge about the ways the underlying information systems and technologies work. The path of a security expert starts with learning basic concepts that may not be directly related to cybersecurity. It is crucial to stand on a solid ground based on fundamental IT and CS knowledge before proceeding towards learning advanced security concepts and techniques.
Alex Levinson, a senior security engineer at Uber, has recently presented a seminar at Tennessee Tech University about red- and blue-teaming. The centerpiece of his presentation was a notion of “how to become a security expert”. He drew a pyramid reflecting the steps one should take to achieve the final goal of becoming a cybersecurity professional.
As the ground floor of the pyramid, he mentioned Core skills that students need to learn before moving on. The Core skills include, but not limited to, IT, system administration, networking, Linux, Windows, software development, and databases.
The second stage in the pyramid is called Defense. That stage covers everything that relates to the defensive mechanisms of systems. For instance, cryptography, operating systems hardening, application security, incident response, forensics, and network security.
The third level of the pyramid leverages Offense through learning about audit, penetration testing, vulnerability research, exploit development, physical security, and social engineering. After walking through the first three levels of the pyramid, one can dive deeper into a specific area of defense or offense, becoming a cybersecurity specialist.
Learning is a long and perpetual process. To become a cybersecurity professional, one needs to understand how information systems work from both defensive and offensive perspectives. But do not stop there. Study, research, practice, network, repeat – a journey of mastering proficiency at your job.