Breaking into Cybersecurity Study Notes Cybersecurity Notes Into Cybersecurity

Core Prerequisites for Entry

• Foundational Assessment: Determine starting point (flipping from '0' to '1' or leveling up) and target destination (corporate vs. government; industry focus like Health, Finance, or Tech).

• Day One Checklist:

  • Tech skills.

  • Soft skills.

  • Intent.

Essential Technical Proficiencies

• Programming and Database: Proficiency in Python and SQL (specifically SELECT, JOIN, and DELETE operations).

• Network Security Tools: Application of Nmap for port scanning/OS fingerprinting and Wireshark for packet analysis.

• Hacking and Defense Tools: Experience with Kali Linux, Metasploit (e.g., auxiliary/scanner/smb/smb_ms17_010), and platforms like HackTheBox, TryHackMe, and Let's Defend.

Practical Learning and Labs

• Home Lab Basics: Use of virtualization software including VMware Workstation Pro and Oracle VirtualBox to simulate routers, switches, and firewalls.

• Cloud Hacking Labs: Learning environments within AWS (using GuardDuty, CloudTrail, Inspector, and Lambda) and Azure (Active Directory and pass-through authentication).

Key Security Principles and Frameworks

• Zero Trust Principles:

  1. Verify explicitly.

  2. Assume breach.

  3. Least privilege.

• Standards and Regulations:

  • NIST Framework (Identify, Protect, Detect, Respond, Recover).

  • ISO $27001$.

  • PCI DSS.

  • GDPR (General Data Protection Regulation).

  • HIPAA (Health Insurance Portability and Accountability Act).

  • NZISM (New Zealand Information Security Manual).

Industry Statistics and Trends ($2026$)

• Cost of Breach: The average cost of a data breach is estimated at $4.44$ million.

• Breach Timeline: Average time to identify is $181$ days, with $60$ days to contain ($241$ days total).

• Emerging Threats: AI-powered attacks allowing domains to be hacked in under $30$ minutes.

Professional Development and Career Timeline

• Skills to Study: Networking, Operating Systems, Databases, APIs, Mobile Devices, IoT, AI, Deception Technology, and Risk Assessments.

• Career Roadmap:

  • $2026$: Focus on cyber courses, online tutorials, and building personal labs.

  • $2027$: Gain work experience through tutoring or assisting small businesses/family with security.

  • $2028$: Target professional cybersecurity internships.

  • $2029$: Transition into a full-time permanent cybersecurity role.