How to get started in internet security

JonFal2122 · August 20, 2024, 2:46pm

Good Morning
My name is Jonathan Falkowski and I would like to know how to get started in the cybersecurity field i have been studying on cybrary for over a year and got 39 certifications. I would like know how to get into the field of Internet Security or have training with someone who can coach me into the field of net security or who can help me to get into the field .
Have a good day
Jon Falkowski

Josip · August 21, 2024, 4:27pm

Hi I work as cybersecurity consultant in my company and I will talk from from my experience. The best way is to build yourself up first from support/service desk to networking engineer and then security engineer. I did not experience any high demand for people in cybersecurity, as some portals and certificate bodies promote, and companies do not look for cybersecurity professionals in large. What many companies are looking for is person who can translate cis controls to practical controls in organization, this is what I also do as a part of job. For example, translating cis controls microsoft365 foundation benchmark or windows server hardening using cis controls into probability/impact heat map and implement GPO’s/Intune policies etc to practical controls you can showcase you auditor like SOC2 or similar.
My suggestion would be doing/learning Mitre Att&ck and cis controls in your organization and then showcase your boss, or just use it for training.

JonFal2122 · August 21, 2024, 4:46pm

How about comp Tia or ethical hacking that more my thing?

Josip · August 21, 2024, 5:51pm

Depends,

I do Red Teaming and crisis simulations for clients also and to be honest, in 90% of the companies you will utilize only payed software. Clients do not trust much into open-source and companies want to use top of the line software to showcase compliance and quality.
Red Teaming comes down to adversary emulation like Caldera from Mitre with combination of RMM solution scripting and software such as Qualys.
Comptia is good to have but, at level of hire for security role I would look for isc2 sscp or similar. Instead of comtia I would look for service desk experience and AD DS with Azure certs such as sc-900, sc-400, sc-300. Big part of cybersecurity is AD DS, Azure, Firewalls and VPN solutions or S2S VPN, DNS records such as DMARC, DKIM, SPF etc.
Many think cybersecurity is all action and cool things, sad thing is its 80% documenting and 20% implementation unless you are payed to be cybersecurity researcher.
I can only advise you to broaden view’s, keep learning, create test labs such as AD DS, get E5 account on Azure to play with compliance and security, conditional access, authentications etc.