eBook - ePub
Cybersecurity: The Beginner's Guide
A comprehensive guide to getting started in cybersecurity
Dr. Erdal Ozkaya
This is a test
Share book
- 390 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Cybersecurity: The Beginner's Guide
A comprehensive guide to getting started in cybersecurity
Dr. Erdal Ozkaya
Book details
Book preview
Table of contents
Citations
About This Book
Understand the nitty-gritty of Cybersecurity with ease
Key Features
- Align your security knowledge with industry leading concepts and tools
- Acquire required skills and certifications to survive the ever changing market needs
- Learn from industry experts to analyse, implement, and maintain a robust environment
Book Description
It's not a secret that there is a huge talent gap in the cybersecurity industry. Everyone is talking about it including the prestigious Forbes Magazine, Tech Republic, CSO Online, DarkReading, and SC Magazine, among many others. Additionally, Fortune CEO's like Satya Nadella, McAfee's CEO Chris Young, Cisco's CIO Colin Seward along with organizations like ISSA, research firms like Gartner too shine light on it from time to time.
This book put together all the possible information with regards to cybersecurity, why you should choose it, the need for cyber security and how can you be part of it and fill the cybersecurity talent gap bit by bit. Starting with the essential understanding of security and its needs, we will move to security domain changes and how artificial intelligence and machine learning are helping to secure systems. Later, this book will walk you through all the skills and tools that everyone who wants to work as security personal need to be aware of. Then, this book will teach readers how to think like an attacker and explore some advanced security methodologies. Lastly, this book will deep dive into how to build practice labs, explore real-world use cases and get acquainted with various cybersecurity certifications.
By the end of this book, readers will be well-versed with the security domain and will be capable of making the right choices in the cybersecurity field.
What you will learn
- Get an overview of what cybersecurity is and learn about the various faces of cybersecurity as well as identify domain that suits you best
- Plan your transition into cybersecurity in an efficient and effective way
- Learn how to build upon your existing skills and experience in order to prepare for your career in cybersecurity
Who this book is for
This book is targeted to any IT professional who is looking to venture in to the world cyber attacks and threats. Anyone with some understanding or IT infrastructure workflow will benefit from this book. Cybersecurity experts interested in enhancing their skill set will also find this book useful.
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlegoâs features. The only differences are the price and subscription period: With the annual plan youâll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weâve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Cybersecurity: The Beginner's Guide an online PDF/ePUB?
Yes, you can access Cybersecurity: The Beginner's Guide by Dr. Erdal Ozkaya in PDF and/or ePUB format, as well as other popular books in Computer Science & System Administration. We have over one million books available in our catalogue for you to explore.
Information
Expert Opinions on Getting Started with Cybersecurity
To make this book more valuable and help you to excel on your cybersecurity journey, I reached out to some industry experts and asked them how they started their career in cybersecurity and what they would recommend to you to allow you to improve.
I spoke to industry experts from Fortune 500 companies such as Microsoft, Standard Chartered bank, SAP, and FireEye, and experts from Oxford University, Charles Sturt University, army veterans, active cybersecurity consultants, architects, hiring managers, speakers from Black Hat and other tier-1 security conferences, and cybersecurity firm owners, as well as law enforcement professionals. Hopefully, this chapter will help you in your career.
Ann Johnson
Corporate Vice President, Microsoft
"Our teams must be as diverse as the problems we are trying to solve."
The preceding statement is not an empty platitude, and it is not something that should be trivialized or over-hyped either. We are facing a battle against cybercrime that is impacting all aspects of our lives, including governments, financial systems, food supplies, water supplies, critical infrastructure, and healthcare. Large-scale cyber events, such as those witnessed in the past several years, threaten our very way of life. So, the question becomes, how did we get here? More importantly, where do we go from here? What can you, as a candidate, do to pursue a career in cybersecurity?
To explain, let me take you on my personal career journey. I graduated from college with a dual major in political science and communication, and an ambition to attend law school. I was accepted into law school and had obtained a scholarship for tuition and fees, but I was burdened financially from my undergraduate work and was also concerned about food, housing, healthcare, and so on. I made a decision to pursue a career rather than attend law school. Jobs in Northern Utah were scarce in the late 1980s for a graduate who didn't have a directly applicable degree, that is, one in accounting or medicine, and I ultimately moved to the Los Angeles area. I had one short-term position as an executive assistant in a medical firm, and then found my calling in technology.
My calling came by way of a newspaper ad for a floor salesperson at a wage of $17,000 USD per annum. I knew a bit about computersâas in, I could use oneâand I knew I could talk to people, so a career was born. I attended every vendor training available and was diligent in studying and developing my skills. I was fortunate to have two early career mentors who encouraged my success and taught me everything they knew. I took on assignments related to operations, sales, network architecture and installation, computer repair, storage, partner engagement, customer engagement, and so on. I learned and absorbed all I could. At the time, mainframes and mini-computers dominated the industry, and PCs and client-servers were becoming a thing. Storage systems were massive near-line devices, and the biggest concern for a CIO was a rogue phone line in a data center. There were very few formal CISO positions, and security folks were generally of two types: investigators and network professionals. I entered security somewhat accidentally, but according to a plan.
In 1999, I was based in Chicago and working as a healthcare specialist for Data General. Data General was acquired by the EMC Corporation. I explored my options post acquisition and decided to make a change. The change was inspired by the hardware token I carried for authentication. I was fascinated by the technology, and I pursued a company called RSA Security and was ultimately hired as a PKI specialist. I not only had to look up the term, I had to study and develop an understanding of PKI, which I did. So, in 2000, a new career beganâI was still in tech but in a highly specialized, but very nascent, field called cybersecurity (InfoSec at the time). CISOs were a thing by thenâin very large organizationsâand 2FA was used by about 20% of corporate employees (yes, that was all).
Since 2000, I have once again committed myself to self-study, learning, and growthâdeveloping a deep understanding of the underlying technology of cybersecurity and the methods, modes, and motives of threat actors. I have also come to an understanding that there are simply too few people in cybersecurity roles. We used to joke, circa 2000, that people spent more on their annual coffee budgets than on their IT security budgets. If they had a firewall, a router, and an antivirus solution, and high-value users were using 2FA, everything was covered as far as most organizations were concerned. They were not prepared or adequately budgeted for the hyper growth in anytime, anywhere connected devices; the explosion of mobile devices that are as powerful as legacy servers; cloud-based technologies; the explosion of nation-state funded threat actors; or the explosion of malware and cybercrime as an industry. Universities and colleges were delayed in offering a cybersecurity-based curriculum, relying on a lot of network-based courses to cover the topic. Cybersecurity professionals were largely still from network or investigative backgrounds, and the industry was collapsing under the weight of too many disparate tools and too-many-point solutions.
By any measure, there are currently about 1 million open cybersecurity roles globally that all say something akin to "must have 10 years' experience, STEM degree...." We are becoming a self-fulfilling prophecy as an industry. We claim we want diverse backgrounds and skills, and we have too many job openings; we want to reduce complexity, but we continue to hire the same profiles, bemoan the lack of talent, and choose a single-point solution to add to our growing list of solutions because it solves a specific problem.
This group thinking, as an industry, has limited our options for hiring a diverse set of talent and for deploying the required solutions and technology to solve problems. For example, research shows us that diverse teams make better and faster decisions 78% of the time. Yet, we ignore this in the interest of quickly filling roles and a fundamental lack of desire to train the next generation of cybersecurity professionals due to our immediate need to protect our infrastructure.
As a self-taught infrastructure professional, who also taught myself cybersecurity via vendor and industry training immersion, I am a strong advocate for bringing in new voices from a wide range of backgrounds and different perspectives to drive meaningful change in the industry and to stay one step ahead of the bad actors. In addition, our tooling must modernize. We must fully realize the capabilities of tools such as machine learning to get a handle on the trillions of threats we see daily. We must also operate in partnership with public organizations, private companies, peers, and competitors. We must act like a community; an industry. We must also account for the stress of being a defender who is often working extraordinarily long hours in an understaffed environment.
So, where does this all leave us? It leaves us with an industry that has some opportunities to improve. We have the tools, we have the technology, we have available pools of talent, but we must have the will. We must have the will to take risks; we must have the will to accept that change is needed. We must have the will to hire a wide variety of people from diverse educational and societal backgrounds. We must create a community that takes care of its members and empowers people to be their absolute best. We don't actually have a choice; cybercrime is here to stay. What is needed now is a cybersecurity industry that acts as a community to bring the best tools, people, and partnering together as a robust solution. We can do this through investment in education programs at the grade school-level through to the high-school level, by investing in organizations that fund scholarships and mentorship programs for diverse individuals, through programs that invest in training transitioning military members and retraining displaced workers. We can actually bring cybersecurity to the broader population by simplifying the lexicon of the industry and making it less intimidating. We can mentor broadly, and we can speak publicly and frequently on the need for change and the steps required.
Given the need to evolve as an industry, what can you do as a candidate? I described my history here as a way to encourage you to be creative and to self-learn throughout your whole career. As a candidate, you need to work to describe your skills in a way that translates them to the cybersecurity landscape. Are you an experienced teacher? We need learning materials to explain complex concepts in simpler terms. Are you a psychology major? We need to understand the motives of attackers. Are you in law enforcement? We need to complete investigations. Are you a business analyst? We need to comprehend vast amounts of data. And if you are a programmer, network engineer, or database architect, there is a natural place for you in securityâleverage your existing skills and learn new ones. Take risks and be part of the change that cybersecurity needs to fulfill its mission of securing global enterprises and governments. Seek out mentors and learn from them. Act now to join a quickly growing and highly exciting industry.
Who is Ann Johnson?
As Corporate Vice President of the Cybersecurity Solutions Group at Microsoft, Ann Johnson oversees the go-to-market strategies of cybersecurity solutions for one of the largest tech companies on our planet. As part of this charter, she leads and drives the evolution and implementation of Microsoft's short- and long-term security solutions road map with alignment across the marketing, engineering, and product teams.
Prior to joining Microsoft, her executive leadership roles included CEO of Boundless Spatial, president and chief operating officer of vulnerability management pioneer Qualys Inc, and vice president of World Wide Identity and Fraud Sales at RSA Security, a subsidiary of the EMC corporation.
Dr. Emre Eren Korkmaz
University of Oxford
What is the place of the general public in the new tech revolution?
Rapid technological progress in artificial intelligence (AI) is about to transform existing business models. Companies are beginning to use AI to help manage their human resources, attract and promote the loyalty of clients and customers, and increase transparency in their supply chains. Companies are also using AI to automate decision-making processes about their employees, customers, and suppliers.
This process began with companies using big data analytics to increase transparency in supply chains and continued with companies using cloud-based systems and AI to process the enormous amount of data collected globally from thousands of workplaces. Efforts to develop AI and blockchain (https://blog.sweetbridge.com/managing-supply-chains-on-the-blockchain-a-primer-1f7dc293e3d9?gi=8bee415e5b5a) to improve supply chain traceability are still pretty new, and the focus so far has mainly been limited simply to ensuring that products can be traced from lower tiers of the supply chain to supermarket shelves. There are even fewer initiatives that focus on sustainability (https://deepmind.com/blog/deepmind-ai-reduces-google-data-centre-cooling-bill-40/), and these have largely been directed toward environmental sustainability (https://www.eli.org/vibrant-environment-blog/environmentalism-next-machine-age); so far, little attention has been paid to the potential of AI to address labor and human rights issues. However, it is clear that AI will have a real impact in these areas and that it will directly affect the existing relationships between corporations, their suppliers, workers, and customers.
Thus, AI can analyze a vast amount of data very quickly and offer a summary judgment that can be used to inform decision-making (https://link.springer.com/article/10.1007/s13347-017-0263-5). However, a primary concern in this context is the extent to which AI analysis can be relied upon to produce objective judgments (https://link.springer.com/article/10.1007/s13347-017-0285-z) that do not simply reproduce and legitimize existing discrimination or inequalities (https://www.telegraph.co.uk/technology/2017/08/01/algorithms-future-must-not-allow-become-shield-injustice/). This concern has prompted discussions about the accountability and transparency of algorithms. And there have been efforts to understand how to mitigate the potentially discriminatory and unfair decisions of algorithms in a range of important areas of life, such as, say, applying for a bank loan or seeking justice.
Revolution for cor...