WEBINAR | A Deep-Dive into 2023 Cyber Threats
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
April 18, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
October was Cyber Security Awareness month, and as a follow-up, I thought it would be good to talk about careers in Information (or Cyber) Security.
I have often been asked about the best way for getting into the industry, and it always ends up with a many hours of conversation accompanied by many coffees (or beers depending on the time of day). This is a very close subject to me. I have taken the long path to be able to work in an area that I’m passionate about, and I wouldn’t change the journey for anything.
Cyber security is a challenging yet rewarding industry. There’s plenty of job security and opportunities out there for the right candidates (at least until the AI overlords make us obsolete, that is). Until then, however, we will continue to evolve our skills and grow our passions. Indeed, alongside persistence and patience, passion is one of my three principles of making a successful career in cyber security.
Three Ps of Making it in Cybersecurity
While you may have a job in the industry, a career takes time and dedication. Every day there is something new, whether that is a new vulnerability, piece of malware, a new breach report, or the latest “sophisticated” group on the block. We must adapt a lot in this industry, whether you are a defender, investigator, or a red team. I saw something recently that said you don’t pay me for the 30 minutes it takes to do the job, you pay me for the years it took me to do that job in 30 minutes. This is something I’m sure a lot of us live by.
In my experience, work-life commitments, like an 8 hour day and study after-hours (such as in the evening and on the weekend) threatens our ability to evolve. But with a little bit of perseverance and determination, putting in these extra hours will benefit you personally and professionally.
So, you want a career in the industry. While there are many paths to choose from, there are also some foundational skills that will always set you in good stead. When I officially made my entrance to the industry, I started on first line support/ticket logging for security and networking appliance support issues. This was quite eye-opening and the amount of information that was required to correctly diagnose an issue always seemed daunting. Over time you soon see that there are common techniques that recur no matter what device or processes you deal with. The ability to read a packet capture, for example, is something that has followed me throughout my career: From troubleshooting connectivity issues for a customer to grabbing plaintext credentials off the wire during a security assessment.
There’s a lot of debate about which skills or qualifications are most valuable for entry-level candidates. Obviously there are many routes into information security but, from my experience, here are some areas I would recommend honing your skills around.
1. Troubleshooting
What is DNS, and how does it work?
Why do we use NAT and how does it change the traffic?
How does traffic get from point A to point Z?
These are just a couple of the basics, but gaining an understanding of them will help you effectively troubleshoot issues or understand the flow of a packet capture.
2. Virtual Machines and Hypervisors
Unless you’re extremely lucky to have a couple 48U racks loaded with various pieces of tin where you can deploy and test all the platforms of your choosing, you are likely going to need to be familiar with Virtual Machines and various hypervisors.
Taking a spare piece of tin and installing VMware ESXi or Proxmox will give you a great starting point for a little lab environment where you can spin up, clone, and build new instances of whatever device you are testing. You can also create virtual networks to better understand the basics of networking in practice.
3. Compare Tools and Adapt
We all have our favorite tools that have followed us through the years. I still like to occasionally throw a pcap into Network Miner as an example of old school methods. One of the things in the industry we can see a lot is people avoiding testing the newest tools and techniques to see how they compare to others they currently use or have used in the past. I have seen and heard of so many people in the industry who become very set in their ways with tool usage and process. Being comfortable with your process is ok, but you need to be able to adapt to a situation. Maybe one tool doesn’t support multithreading, or you updated your machine and now you have Ruby dependency issues. You still have a job to do, so knowing alternatives and having an arsenal for backup or the situations where you are forced to adapt is key.
Whether you are an offensive tester, incident responder, defender or other, we all have our tools of the trade, but learn to adapt and push yourself out of your comfort zone.
4. Operating Systems
So, you are a Linux person and you like to curse the dreaded Windows users… That’s fair enough, Windows has had its issues in the past. But there are many situations where your work will benefit from having a detailed understanding on various operating systems, and how these are deployed, administered, and secured. I started the industry on the Windows side of the fence, and then I was soon forced to adapt into the world of *Nix. Now I use Linux environments for most things, whether that is a little bit of dev work, or some enumeration. If you want to be able to defend or attack an operating system effectively, you need to know how it works. Having deployed and gone through the process of securing it, you will get a much better understanding.
There are a lot of certification paths out there, depending on your career path. As I mentioned above, with the foundational areas such as Operating Systems, Networking, Virtualization, etc. you could spend your life just doing exams. I spent the first part of my career doing mountains of vendor certifications, and they do have their place. However, you can’t rely on them alone, and achieving a certification doesn’t mean you have all the skills required for a role.
Purely for introductory purposes, CompTIA certifications are not that bad, they give some good direction to learning non-vendor specific material. I wouldn’t expect to gain a job off the back of a CompTIA certification alone, but it’s definitely a step in the right direction.
One certification that is highly recommended, especially for any role looking for offensive skills, is OSCP (Offensive Security Certified Professional). The course can be tricky – even for someone with plenty of experience. A lot of dedication and commitment are needed to pursue this certification. This can be difficult with the mad hustle of life, but they do give you the option to extend you lab time and to “try harder”.
The common Offensive Security courses and certifications are considered your go-to if you are trying to get into pentesting/red teaming or anything related to offensive security. These are also great for defensive roles.
One of the biggest challenges for giving cyber security career advice is that it varies so much depending on what you want to focus on:
The list is endless, and some people don’t understand the extent of the industry. You only have to look on social media to see ads for “Cyber Security and ethical hacking” certs claiming huge salaries. While these may attract people who have a keen interest in the dark cyber arts, it also attracts people who think the career will be like it is shown by Hollywood. What they also don’t show you is the days spent camping out on the floor of a freezing datacenter, with Cat 5 and console cables wrapped around your legs like a boa constrictor.
Source: Cisco
One thing I have learnt is this industry has become less certificate, degree or higher education driven. If you can show dedication, passion and eagerness to learn, you are on the right track.
If you get into Red/Purple or any other form of security assessment work, yes you will have some fun and may be able to practice your celebratory dance when you achieve your goal, or even gain a privileged foothold.
No? Just me then?
Well, now your assessment is over and you have a weeks’ worth of reporting to do. Reading glasses are on and the headache tablets come out while you are sifting through your assessment data. It gets even more fun if you are doing the report and have received data from multiple other consultants. You can learn a lot from reviewing others’ results and processes, but it can also be difficult trying to combine work into a single report.
The media and Hollywood shows a lot of the glamour of cyber security, especially around offensive hacking work. But what they don’t highlight is the reporting, triage, knowledge handovers and everything else that goes with it. I’m not saying these are negatives to having a career in cyber security, just that they can be a steep learning curve on their own, and that it is not all popping shells.
Whether you are defensive, offensive, an incident responder or other, there is a constant stream of information at our fingertips. There is always a new breach report, vulnerability, patch Tuesday release or some kind of dumpster fire going on in the world of cyber security. One source that I have become reliant on is Twitter. By following the right people you can get a good insight into what’s relevant and what’s not.
There’s certainly a lot of filtering required with any publication or tweet: We see this most often with vulnerability disclosures, something I’ve touched on a few times before. The media will often interview the wrong people, who will blow an issue out of proportion, or attempt to interpret the issue themselves, leading to a lot of hype and confusion, like we have seen with cases like the recent Sudo vulnerability – CVE-2019-14287 and many others, just because there is a vulnerability doesn’t mean it is always exploitable under real world conditions.
Understanding where to get your information is a key part of a good security professional. I would highly recommend Twitter as a feed for current and relevant news. Podcasts, blogs and whitepapers are also a great way to get a high level overview or even a deep dive into some of the more recent news stories and research. On our very own ShadowTalk podcast and our blogs & research publications for example we regularly cover both technical and non technical aspects of the recent infosec related news, as well as our own research. There are plenty of other threat intelligence podcasts and organizations out there who regularly publish great work. One of our team’s favorite podcasts is Risky Business these guys always deliver great information, and the SANS Stormcast for a 5 minute overview everyday.
There is often the debate about degrees versus no degree routes. When I first started trying to get into the industry, it was difficult to get a break without having a degree. You certainly couldn’t jump straight into a technical role back then unless you had a heap of vendor-related certificates, a degree, or 10 years’ experience.
I took the University of Life route, and it was a long and challenging journey, but one I would not change for anything. This is something that everyone must decide for themselves. A Bachelors/Masters/PhD will likely get you into your desired field sooner, where you can begin to build out the skills required for you to level up.
As with any path, there are a lot of challenges, one is not becoming too comfortable. It can be difficult to find the right motivation and aspirations if you find a position early on in your career that doesn’t challenge you. This can lead to you settling too early, which can then lead to becoming stagnant, and not evolving your skills and becoming the cyber guru you always wanted to be. For me this was a difficult piece to overcome. Doing the same work repeatedly becomes second nature and easy, but not challenging. This is where having the drive and passion comes into play, having that need to push yourself, to continue learning, and to find the next challenge.
I have worked with people with Bachelors, Masters, and PhDs who are very talented and passionate about what they do. I have also worked with people who have also done PhDs and Masters, who are happy and comfortable and are just looking for that 9 to 5 and nothing more. Everyone has their own goals and priorities.
No matter which path you take, it is the perseverance and passion that will get you through in this industry. Finding mentors and colleagues who you look up to and can be inspired by can keep you focused, and keep your ambition going through the more challenging times. I have had the pleasure to work with a lot of very talented people in the industry, and have managed to keep the passion going.
Remember every day is a school day, there is always something new to learn.
To keep up on the latest threat intelligence, you can subscribe for our email newsletter below.