What is Cyber Security?
Cybersecurity is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. It’s also known as information technology security or electronic information security. The term applies to a variety of contexts, from business to mobile computing, and can be divided into a few common categories.
Why Cyber Security?
Nowadays, we all know that cybercrime is increasing day by day. Many companies are facing huge losses due to this. So, to protect the company or organization, we need someone who can help them in securing their web application or network. At present, there is a massive gap between the ongoing demand and supply of Ethical Hackers, especially in India. India requires nearly 2 million ethical hackers by 2025. This brings a huge scope for fresh minds to build up a steady career with constant growth and a high paying salary.
Programming Languages to learn:-
You can learn about Python as it is a scripting language and it is used to make different tools that are used for hacking purposes. So you can learn that in order to make tools or to automate the tasks. Apart from that, you can also learn bash scripting as it is also used to make tools or to automate tasks. It is preferred to learn one or two programming languages and have a little bit of idea about other languages as well because many times you might have to find some vulnerabilities in some application that is made using some other programming language. So, to find bugs in it, you must understand how it works.
How to start with Cyber Security?
To start with cybersecurity, it is preferred to go to the basics first, like how computers work, the architecture of the computer, etc. Most of you must have learned this in the previous classes. But if you want to go in-depth, then you can follow the CompTIA A+ course. It makes it easy to understand everything about the system.
After you have completed the basic part, then you need to learn about networking, how computers communicate and how a packet is sent over a network, different ports and what services are running on that port, etc. You can follow the CompTIA Network+ course that is available on YouTube. You can learn networking from there.
After you have completed the networking part, then you need to learn about the operating system. You can learn about anyone OS, be it Windows or Linux. Usually, it is preferred to learn about Linux and how to use it because that can be used for various purposes. Many tools are available on Linux (Kali Linux or Parrot OS), that you won’t find in Windows operating system.
After completing this part, go with the basics of ethical hacking or cybersecurity. This will help you learn how to use different tools, what are the different commands, different attacks, how to perform an attack, and how to use Kali Linux or any other OS for hacking. Practice on Linux and get a hold of it.
After learning the basics, you can choose to learn about any domain that you are interested in. You can go with Website Penetration Testing if you are interested in knowing how to find bugs or vulnerabilities in a website or if you want to secure the websites. Similarly, you can learn Android Penetration Testing if you are interested in learning how to find the vulnerabilities in the android app, etc. There are many other domains like Hardware Hacking, Cyber Security Forensics, Network Penetration Testing, Server Penetration Testing, Cloud Security, etc. You can learn about these from online resources. You can also learn from Udemy, Cybrary, Pentester Academy, etc. There are some people or organizations that take live classes, you can learn from there as well if you are more comfortable with it.
If you are someone who learns by doing things practically, then you can learn from Try Hack Me, which is a good platform for beginners. There are different rooms present there and you need to select that room, deploy the machine and there would be different challenges that you need to solve. After solving each challenge, you will get some points and while doing that practically, you will learn a lot. Try to make notes so that you can refer to it whenever you want to.
Apart from it, there are Capture the Flags (CTF). Capture the Flag (CTF) is a special kind of information security competition. There are three common types of CTFs: Jeopardy, Attack-Defence, and mixed.
Jeopardy-style CTFs have a couple of questions (tasks) in a range of categories. For example, Web, Forensic, Crypto, Binary, or something else. A team can gain some points for every solved task. More points for more complicated tasks usually. The next task in the chain can be opened only after the team solves the previous task. Then the game time is over and the sum of points shows you a CTF winner. A famous example of such a CTF is Defcon CTF quals.
Well, attack-defense is another interesting kind of competition. Here, every team has its own network(or only one host) with vulnerable services. Your team has time for patching your services and developing exploits usually. So, the organizers connect participants of the competition, and the wargame starts! You should protect your own services for defense points and hack opponents for attack points. Historically, this is the first type of CTFs. Everybody knows about DEF CON CTF — something like a World Cup of all other competitions.
Mixed competitions may vary with possible formats. It may be something like a wargame with special time for task-based elements (e.g. UCSB iCTF).
CTF games often touch on many other aspects of information security: cryptography, stego, binary analysis, reverse engineering, mobile security, and others. Good teams generally have strong skills and experience in all these issues.
There are many companies that have their CTF Competition in order to choose the people who will work in their company in the cybersecurity domain. Companies like TCS and Deloitte conduct their CTF competition every year and the winner after qualifying some other tests as well gets that job.
In the future, if you want to make cybersecurity your career then there are a lot of options available for you.
You can work as Penetration Tester, SOC Analyst, Cyber Security Analyst, Cyber Forensics Analyst, Website Penetration Tester, Reverse Engineer, Malware Analyst, etc.
Apart from this, you can also work as a bug hunter in which you need to find bugs on the sites that have their vulnerability disclosure program and by reporting bugs on these sites, you are given some bounty (money) or if not bounty then you might get acknowledgment, swags or hall of fame.
Cyber Security is a very vast field, you need to constantly learn in this field. As everyday technology is changing, and with changing technology, security will also be at risk so you need to understand how it works in order to secure it.
Hope you enjoy reading it 😃
Follow me on twitter for more - Anishka Shukla