That's exactly where I may end up. Start off in the SOC, gain exposure and experience then move into a consultant or an Systems Engineer (SE) who would work on behalf of a security company selling and showcasing products.
Hi Grant, Good video, you covered off most of the areas for entry level positions and it is a big area to cover. There is always room for people who can understand “risks” from a conceptual side of Cyber yet lack hand on skills. What I see from people trying to get into the Cyber Security industry is that nearly all the younger people want to be pentesters, they see it as “hacking”. Most Business want Cyber Security people to protect systems, they do not want lots of pentesters who can highlight weakness. In reality, its way harder to secure systems than it is to break into systems, anyone who has been in the industry for a while will tell you this. Vulnerability Management rarely have to patch systems themselves, they provide the weakness of systems to the correct patching Teams and its IT who do the actual patching, Vulnerability Management is more to do with making the correct risk assessments and helping IT to understand what they need to do to fix it. You also have security awareness, not just teaching people how to spot phishing attacks or having good password, but also the appreciation on why security processes are in place, why people just can’t just copy data from here to there without any controls.
For sure! "hacking" is the glorified part of the industry. And I think it's not all about hacking. This is why I tried making the video to briefly outline some of the positions other than just penetration testing. Noted about vulnerability assessor / vulnerability assessment - I know that they weren't the ones you were necessarily patching the systems, but I am guessing it depends on the size of the organization? Security awareness is another big topic too! I have talked to "Security Analysts" who just focus on security awareness. There's so much to cybersecurity!! Thanks for your input as an industry professional, I have learned something new, I appreciate it!
The best way to start i feel is the basics. Which general IT. Why? Because in cyber you need to know the intricacies of operating systems, and networks. Like grant says all depends on what posituon you want. But the general understanding how everything works is still very crucial in ones career enhancement.
For sure!! Yes - I totally agree with you here. I actually did a video a while back about what you need to learn before pursuing cybersecurity and honestly, the "advice" I gave was a little bit to specific. I think it's great to start with the I.T. fundamentals.
If anyone wants to go into information security analyst field I would say go and read the NIST 800-53,60,37,18 and FIPS documents for selecting controls and working the SSP(system security plan). Mainly know your Risk management frameworks and risk assessments, vulnerability scanning and tools used to scan, POA&M and SAR. Do more research on that.
As an IT Security Analyst my main job is working security tickets, responding to alerts and answering emails. When I’m not doing that Im tuning alerts, reports and finding ways to make those tools better and more actionable. Also do risk assessments and dealing with security vendors. My goal is to work my way into a senior role preferably as a Network Security Engineer. So learning and getting certified on Splunk, AWS and Palo Alto. Tons of tools to learn.
Thank you Josh for your input. As someone in the industry, you have more of an understanding of the daily tasks, so thank you for sharing!! There's is always so much to learn
Grant Collins what your doing is great so keep it up. The information you are sharing is very accurate and current. The more people are encouraged to pursue self learning the better. We need more people to go into this important field. 👍
Hey bro, second year cyber undergraduate here in the U.K i just recently started the cyberhome lab , I personally feel as if im better suited to cloud security , i just got cloud security certification. The only reason why people struggle because sometimes hiring managers tend to generate randomized words and skills and then input them on to job role a and some of them are way too far fetched , like the junior roles require like a CISSP, GIAC or a CCNP. I personally think the best roles to go into is like cybersecurity and compliance (may seem a bit dull, but huge in demand rn as cooperate business fail to follow the laws and regulations due to a lack of security awareness which is not their faults!!) , digital forensics , cloud security , network engineer , data science, vulnerability analyst/threat intelligence (quite rare to find but a gem to do as a job) The requirements for these jobs mentioned above are not far fetched and anyone can land a job in these sectors which then can lead to higher ranked jobs** Let me know your insight on the jobs listed above, really interested on what you think about these jobs. you also planning to do your masters too ??
Grant you do an amazing job creating content for users who are pursuing this industry. I have gained a lot more confidence in tackling on every opportunity and challenges that comes my way. Especially, when I will be done with school this April with a bachelor's in IT with a specialization in cybersecurity knowing that there is still a lot to learn and experience to gain! Thank you!!
I really appreciate the kind regards Eddie. I am just a student myself who has similar aspirations as you. You have a great mindset in terms of being a self-learner and always knowing there is a ton of knowledge out there. I know it's a bit early, but congrats on the degree!!
One thing to know is that you should never stay at the same position your whole career go to diffrent fields and positions Ex Field-Cybersecurity Pos-Penetration Tester then you could go to Software Development or to Devops
I want to get a job in cyber security field but I don't know what should I learn and what is the fundamental knowledge to acquire. I know a little about the basics of programming but not that much. I was thinking maybe I could get some of your opinion to help me?
Great question! In my opinion, it's all about starting. I always recommend courses on StationX, but don't feel like you are limited to those. If I go back, I would start out with introducing myself to the I.T. basics (still doing that myself today) and introducing myself to basic cybersecurity concepts.
If you wanna go into information security analyst field I would say go and read the NIST 800-53,60,37,18 and FIPS documents for selecting controls and working the SSP(system security plan). Mainly know your Risk management frameworks and risk assessments, vulnerability scanning and tools used to scan, POA&M and SAR. Do more research on that.
Hey Grant, thanks for another great video. I'm also an undergrad in Cyber Sec, currently working part time as a SOC analyst. Outside of work and uni I love doing low level stuff like bin exploitation and RE, what do you think about the career prospect of working with binaries and reversing (which has a really small market demand imo)?
Wow! That's awesome, being a SOC Analyst outside of school - you should really be proud of that accomplishment. I have a personal contact who is really into what you are talking about. If you want to I can put you in touch with him, he would know more than I do. I personally think it's still pursuing what you really enjoy in the cybersecurity industry, there's always a market for almost anything.
Analyst is not entry level, and yet we speak of "Pentester" and "Ethical Hacker" and six figure salaries as if you could walk off the street and sit down be 'trained.' "Oh, I had no experience in IT, but I could diagnose malware reading Python Script and "manually test" anything from Git Hub, but I'm so totally ignorant of "IT" I'm just an empty headed newbie!" What is the disconnect here?
What types of role are you trying to pursue?
I would be happy with an analyst role for the beginning
Security analyst or pen tester
SOC analyst to get started but becoming a Security Engineer or Researcherwould be great after a few years of experience.
That's exactly where I may end up. Start off in the SOC, gain exposure and experience then move into a consultant or an Systems Engineer (SE) who would work on behalf of a security company selling and showcasing products.
Good choices! Even both of these roles have many "sub roles" or specific niches.
I am learning more from you than what i learn in the college
Hi rishabh how are you. Which program are you pursuing?
@@swarajdhami4537 cyber security
@@rishabhsovani9427 from where?
@@swarajdhami4537 why may I ask ?
@@rishabhsovani9427 just I wanna learn more with you
Hi Grant,
Good video, you covered off most of the areas for entry level positions and it is a big area to cover.
There is always room for people who can understand “risks” from a conceptual side of Cyber yet lack hand on skills.
What I see from people trying to get into the Cyber Security industry is that nearly all the younger people want to be pentesters, they see it as “hacking”.
Most Business want Cyber Security people to protect systems, they do not want lots of pentesters who can highlight weakness. In reality, its way harder to secure systems than it is to break into systems, anyone who has been in the industry for a while will tell you this.
Vulnerability Management rarely have to patch systems themselves, they provide the weakness of systems to the correct patching Teams and its IT who do the actual patching, Vulnerability Management is more to do with making the correct risk assessments and helping IT to understand what they need to do to fix it.
You also have security awareness, not just teaching people how to spot phishing attacks or having good password, but also the appreciation on why security processes are in place, why people just can’t just copy data from here to there without any controls.
For sure! "hacking" is the glorified part of the industry. And I think it's not all about hacking. This is why I tried making the video to briefly outline some of the positions other than just penetration testing.
Noted about vulnerability assessor / vulnerability assessment - I know that they weren't the ones you were necessarily patching the systems, but I am guessing it depends on the size of the organization?
Security awareness is another big topic too! I have talked to "Security Analysts" who just focus on security awareness. There's so much to cybersecurity!!
Thanks for your input as an industry professional, I have learned something new, I appreciate it!
The best way to start i feel is the basics. Which general IT. Why? Because in cyber you need to know the intricacies of operating systems, and networks. Like grant says all depends on what posituon you want. But the general understanding how everything works is still very crucial in ones career enhancement.
For sure!! Yes - I totally agree with you here. I actually did a video a while back about what you need to learn before pursuing cybersecurity and honestly, the "advice" I gave was a little bit to specific. I think it's great to start with the I.T. fundamentals.
If anyone wants to go into information security analyst field I would say go and read the NIST 800-53,60,37,18 and FIPS documents for selecting controls and working the SSP(system security plan). Mainly know your Risk management frameworks and risk assessments, vulnerability scanning and tools used to scan, POA&M and SAR. Do more research on that.
As an IT Security Analyst my main job is working security tickets, responding to alerts and answering emails. When I’m not doing that Im tuning alerts, reports and finding ways to make those tools better and more actionable. Also do risk assessments and dealing with security vendors. My goal is to work my way into a senior role preferably as a Network Security Engineer. So learning and getting certified on Splunk, AWS and Palo Alto. Tons of tools to learn.
Thank you Josh for your input. As someone in the industry, you have more of an understanding of the daily tasks, so thank you for sharing!! There's is always so much to learn
Grant Collins what your doing is great so keep it up. The information you are sharing is very accurate and current. The more people are encouraged to pursue self learning the better. We need more people to go into this important field. 👍
Hey bro, second year cyber undergraduate here in the U.K i just recently started the cyberhome lab , I personally feel as if im better suited to cloud security , i just got cloud security certification. The only reason why people struggle because sometimes hiring managers tend to generate randomized words and skills and then input them on to job role a and some of them are way too far fetched , like the junior roles require like a CISSP, GIAC or a CCNP. I personally think the best roles to go into is like cybersecurity and compliance (may seem a bit dull, but huge in demand rn as cooperate business fail to follow the laws and regulations due to a lack of security awareness which is not their faults!!) , digital forensics , cloud security , network engineer , data science, vulnerability analyst/threat intelligence (quite rare to find but a gem to do as a job) The requirements for these jobs mentioned above are not far fetched and anyone can land a job in these sectors which then can lead to higher ranked jobs**
Let me know your insight on the jobs listed above, really interested on what you think about these jobs. you also planning to do your masters too ??
Grant you do an amazing job creating content for users who are pursuing this industry. I have gained a lot more confidence in tackling on every opportunity and challenges that comes my way. Especially, when I will be done with school this April with a bachelor's in IT with a specialization in cybersecurity knowing that there is still a lot to learn and experience to gain! Thank you!!
I really appreciate the kind regards Eddie. I am just a student myself who has similar aspirations as you. You have a great mindset in terms of being a self-learner and always knowing there is a ton of knowledge out there. I know it's a bit early, but congrats on the degree!!
One thing to know is that you should never stay at the same position your whole career go to diffrent fields and positions Ex Field-Cybersecurity Pos-Penetration Tester then you could go to Software Development or to Devops
Hi Grant, Love the channel and have been following since you started. Keep pushing, and thanks for the content!
Thank you bro! Great video!
Love your videos. I'm currently studying cyber security as well ;D
I'm looking to become a security analyst in the future
Where you studying?
Thank you! Security Analyst is one of the most common positions when first starting out, probably where I will end up too.
I want to get a job in cyber security field but I don't know what should I learn and what is the fundamental knowledge to acquire. I know a little about the basics of programming but not that much. I was thinking maybe I could get some of your opinion to help me?
learn pythob, then dive into ethical hacking, writing scripts. learn kali linux. etc.
Great question! In my opinion, it's all about starting. I always recommend courses on StationX, but don't feel like you are limited to those. If I go back, I would start out with introducing myself to the I.T. basics (still doing that myself today) and introducing myself to basic cybersecurity concepts.
Yes to the The Cyber Mentor suggestion!
If you wanna go into information security analyst field I would say go and read the NIST 800-53,60,37,18 and FIPS documents for selecting controls and working the SSP(system security plan). Mainly know your Risk management frameworks and risk assessments, vulnerability scanning and tools used to scan, POA&M and SAR. Do more research on that.
What is the scope of an AI major Master's student who has a diploma in cyber security in field of IT security?
great job! keep going!
Thanks for this !
Can you do pleas a PDF about Hacking or Cybersecurity: i know you have one but i am done with that xD
Hey Grant, thanks for another great video. I'm also an undergrad in Cyber Sec, currently working part time as a SOC analyst. Outside of work and uni I love doing low level stuff like bin exploitation and RE, what do you think about the career prospect of working with binaries and reversing (which has a really small market demand imo)?
Wow! That's awesome, being a SOC Analyst outside of school - you should really be proud of that accomplishment. I have a personal contact who is really into what you are talking about. If you want to I can put you in touch with him, he would know more than I do. I personally think it's still pursuing what you really enjoy in the cybersecurity industry, there's always a market for almost anything.
it support and system admin are good entry feeder roles
Analyst is not entry level, and yet we speak of "Pentester" and "Ethical Hacker" and six figure salaries as if you could walk off the street and sit down be 'trained.' "Oh, I had no experience in IT, but I could diagnose malware reading Python Script and "manually test" anything from Git Hub, but I'm so totally ignorant of "IT" I'm just an empty headed newbie!" What is the disconnect here?
Put salary entry level salary with cyber security degree ?
De Boo Daa
C++ antivirus engine developer