We continuously hear the terms “Cyber”, Cyber Security”, Secured developments”, “Network forensics” and many other terms and subjects that raise our interest. The questions that we ask ourselves are usually what are they? are they really interesting for us? Will it worth it expertising in one of these areas? In which one? On what level? As working in these areas for more than thirty years, I would like to share some thoughts about them and try to provide some guidance for students and new-comers to this area.
First, we will get to the technical details, that is about attacks and protection measures, then we get to the expertise level you can get into, and finally we talk about certifications. For you who are about to decide about getting into this amazing area, the most important thing is choose something …..
The technical details
First, before we come to get to what you should learn, let see what can be attacked, and what are the measures we take to protect against it. As you will see, it is not just the Antivirus, Firewall ad Web-filtering. It is much, much more.
Let’s look at the following illustration, that gives us a general view of the very basic design of an enterprise network.
When we look at the figure, we first see the Data Center network, that is the network that holds the organization servers, usually Virtual Machines (VMs) running Windows or Linux on general purpose hardware. The organization servers are usually protected with Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) softwar’s, that are the new generation of the traditional anti-malware’s. these software does not only discover malwares, but also detect suspicious behavior of processes running on the servers, and monitors traffic coming in and going out of the servers, identifying suspicious traffic that might be due to a malware (virus, work, trojan …). Vendor’s in this category are for example are https://www.sentinelone.com/, https://www.cybereason.com/, https://www.cynet.com/, Firewalls vendor’s like https://www.checkpoint.com/, https://www.paloaltonetworks.com/ the traditional anti-virus vendor’s and many others.
After the servers we get to the Firewall. This is the very basic security device that is used not only for connecting to the Internet but also for dividing between organization zones – trusted zones that we trust that the users will not harm the network and untrusted zones in which we can have users that we don’t trust. There is of course the Zero-Trust approach that trust no one, but let’s live something for our coming articles. In the firewalls arena the leaders are considered to be companies like Checkpoint and Palo Alto networks that we mentioned earlier, along with https://www.fortinet.com/, https://www.cisco.com/ and some others. Here it is important to distinguish between the leading large-scale Firewalls vendor’s and the home firewalls, is it a completely different world.
For software protection it’s a whole world by itself. For protecting the web servers, we have Web Application Firewalls (WAF) identifying web breaches with companies like www.imperva.com, www.f5.com, www.radware.com and others, along with the cloud vendor’s that provides the web services. For secure development we have companies like www.snyk.io, www.bearer.com and www.cybertest.com with code scanners, security scanners for Kubernetes, threat analysis, posture management with companies like www.aquasec.com, secure financial applications (“fintech” companies), fraud detection and more. About the latest we will talk in another article.
For protecting the networks, inside the data center, in the Wide Area Network (WAN) that connects us to the remote offices and to the network to the Internet there are also various solutions. First, hardening of the communications equipment’s – www.cisco.com, www.juniper.net, www.extremenetworks.com and others. here we have potential risks like Denial of Service (DoS) and Distributed DoS attacks that can block the network and server’s resources, and network-based attacks that comes to confuse routing protocols, scanners and packet generators, Wi-Fi hacking tools and others. How to protect against them we will talk in another article.
The last issue to talk about is the Internet of Things (IoT). IoT devices – sensors that sense the environment and actuators that activate them. The main issue here is that you cannot install a software on a few cents’ sensors, to in order to protect it you sense the traffic on the network, and analyze the traffic for suspicious patterns. Here we have companies like www.armos.com, www.trustwave.com and other.
What to learn
There are several learning tracks that you can take for entering the cyber security world – these are Research and Development (R&D), engineering and technical support, and the management tracks.
For R&D, you need to have a deep knowledge in the relevant software’s along with a deep knowledge in the security protocols and algorithms. An advantage here is knowing networking, authentication, and encryption protocols and so on. Here you should get to the “bits and bytes” and you will use this knowledge to develop products with it. Artificial Intelligence (AI) is also an advantage – it is an inherent part of every solution that you will participate in its development.
For engineering and technical support your knowledge should be slightly different. You need to have a deep understanding of networking, cloud structure and services, Windows and/or Linux operating systems and hoe they all work together. You cannot of course know it all, but you need to understand it, and get to the details at list in some of these areas. You will use your knowledge for the design, analyze and troubleshoot enterprise and service provider networks.
In the management area you will prepare yourself for managing secured environment. Here you need less technical knowledge, but you must be familiar with business processes and regulations.
Certifications
Now, lets get to the certifications that can assist you, both in getting a job and later in your work.
For the first field of expertise, R&D, certifications are nice to have, but not critical. You to be a good programmer, to have a deep knowledge in the protocols, and to be familiar with secure code development.
For engineering and technical support, you will need vendor’s certifications – Cisco CCNA, CCNP and later CCIE, Checkpoint CCSA/CCSE, Palo Alto Networks certifications and other. In the last years many vendors came out i hundreds of certifications – how to configure their devices, pen-testing, DevOps and SecOps and many others that you will never have the time to path. Strong foundation and theoretical knowledge are the most important – when you understand wat you are doing, to configure a firewall or to secure the network will be easier.
For the management track, here you have a jungle of certifications. There are various certifications from ISACA (Information Systems Audit and Control Association) – Certified Information Security Manager (CISM) for Certified Information Security Officer (CISO) position, CSX-P (CSX Cyber Security Practitioner), CISA (Certified Information Security Auditor), CISSP/(ISC)2 from ANSI ISO/IEC and many other certifications you can find on www.isaca.org. A good place to start here are the ISACA basic certifications and move forward from here.
Summary
In this article we talked about the areas of expertise in the cyber world that a student should consider getting into this works. We brought some vendor’s examples so you can get to learn more about the market, and we summarize the areas that you might be interested to work on.
For further information….
