Week 2: Cybersecurity Skills

Mastering IT Fundamentals for Cybersecurity Success: A Tutorial

This tutorial provides a roadmap for building the critical IT skills essential for success in cybersecurity. Each section offers resources and practical exercises to solidify your understanding:

1. Hardware:

• Resources: Online courses, interactive simulations, disassembly guides (e.g., PC Part Picker, online tear-down videos).
• Exercises: Identify hardware components in your own computer, research common vulnerabilities (e.g., overheating, malware in firmware).

2. Operating Systems:

• Resources: Official OS documentation (e.g., Microsoft Docs, Linux manuals), online labs, virtual machines.
• Exercises: Install different operating systems (dual-boot or VMs), configure user accounts and security settings, practice patching and updates.

3. Networking:

• Resources: Network+ certification courses, online network simulators (e.g., Packet Tracer), network protocols tutorials.
• Exercises: Set up a basic home network, analyze network traffic with tools like Wireshark, identify suspicious network behavior in simulated scenarios.

4. Programming:

• Resources: Online coding bootcamps, interactive tutorials (e.g., Codecademy, Khan Academy), cybersecurity-specific coding courses.
• Exercises: Learn basic Python or scripting languages, automate tasks with scripts, analyze simple malware code, solve coding challenges related to security concepts.

5. Databases:

• Resources: SQL and NoSQL tutorials, online database playgrounds (e.g., DB Fiddle), cybersecurity-focused database courses.
• Exercises: Set up a local database instance, practice writing secure SQL queries, learn about database access control and encryption, explore tools for database vulnerability scanning.

6. Cloud:

• Resources: Cloud provider documentation (e.g., AWS, Azure, GCP), online courses on cloud security, hands-on labs offered by cloud providers.
• Exercises: Create free cloud accounts, explore basic cloud services, implement security best practices (e.g., IAM roles, data encryption), participate in cloud security challenges.

Additional Tips:

• Practice consistently: Regularly engage in hands-on exercises and projects to solidify your understanding.
• Seek certifications: Consider pursuing relevant certifications like Network+ or Security+ to validate your skills.
• Stay updated: Follow cybersecurity news and blogs to keep pace with evolving threats and vulnerabilities.
• Build a community: Connect with other cybersecurity professionals for learning, collaboration, and mentorship.

Remember: Mastering IT fundamentals is a continuous journey. Dedicate time and effort to practicing and expanding your knowledge base to excel in the dynamic field of cybersecurity.

This tutorial serves as a starting point. Explore the mentioned resources, adapt the exercises to your learning style, and continuously challenge yourself to deepen your understanding. Good luck on your cybersecurity journey!

Welcome to Importance of IT
Fundamentals and Technical Skills. After watching this video, you’ll be able
to: identify the basic IT skills required by a cybersecurity professional, describe the need for understanding basic
hardware operating systems, networking, programming, databases, and
cloud to identify potential threats or vulnerabilities. The Foundation for Cybersecurity
Excellence is built upon robust information technology
IT fundamental skills. These skills include hardware, operating
systems, networking, programming, databases, and cloud. Hardware knowledge is the first step
toward understanding the physical elements that make up a computer system. These components include the monitor,
keyboard, mouse, processor, hard drive, and RAM. Each piece of hardware plays a crucial
role in processing, storing and inputting information necessary for
the system to function. Monitoring hardware components and
ensuring their security is integral to prevent unauthorized access and
protecting sensitive data. Knowledge of the fundamentals of
computer hardware can also aid in identifying potential threats or
vulnerabilities, such as malware embedded
in hardware components. Operating systems, OS, serve as
the bridge between the hardware and the software applications
running on a computer. An OS is a software that manages computer
hardware and software resources, providing a range of services for different software
applications to run on a computer. It is responsible for managing and coordinating the use of hardware
among various application programs. Its vital role includes controlling and
allocating memory, prioritizing system requests, controlling input and
output devices, and managing file systems. Understanding operating systems mechanics
helps cybersecurity professionals detect abnormalities, handle vulnerabilities,
and improve system defenses. This includes knowledge of managing
user privileges, system updates and patches, which can help prevent access
by malicious software or hackers. Networking knowledge is critical
to the cybersecurity field. Networking refers to linking two or more
computing devices together to share data. It involves a network’s design,
construction and use, encompassing various technologies,
devices and protocols. This forms the basis of data exchange and
communication in the digital world, making it a crucial area of understanding
for cybersecurity professionals. Cyber threats often target
network vulnerabilities. For securing the systems, it is important
to understand how data transfers from one computer to another and
how different network components interact. You should be able to recognize
suspicious network behavior and identify potential attacks,
taking appropriate preventive measures. A rudimentary grasp of programming
is another essential skill. Programming creates instructions
that computers can interpret and execute to perform a specific task or
solve a problem. It involves writing,
testing, debugging and maintaining the source
code of computer programs. This source code is written in
a programming language which acts as the interface between human logic and
machine operations. While cybersecurity professionals don’t
necessarily need to be developers, understanding the basics of
coding helps automate tasks, identify software vulnerabilities,
and understand attack vectors. Familiarity with scripts and code can
enable the development of tools for penetration testing and aid in discovering
and rectifying security vulnerabilities. Database knowledge is also critical due to
the sensitive information stored within these systems. A database is a structured set of data
organized to facilitate efficient retrieval, addition,
modification and deletion of data. It is the backbone of many applications
storing information such as user data, transaction details or product records. You should understand how to store,
retrieve and protect data to help prevent
unauthorized access and breaches. Knowledge of SQL and
NoSQL databases, encryption and access control mechanisms is particularly
valuable for cybersecurity practitioners. Lastly, cloud basics form an essential
part of the IT foundation for cybersecurity. Cloud computing is a technology model that
enables on demand access to a shared pool of configurable computing resources
such as networks, servers, storage, applications and services. Cloud enables swift provision or
release of resources with minimal management effort or
service provider interaction. As more businesses migrate their
operations to the cloud, the potential for cyber threats in these environments rises. Knowledge of cloud services,
the shared security model, and the best practices for
securing cloud environments can significantly enhance a cybersecurity
professional’s ability to safeguard data. In this video, you learned that
fundamental IT skills are the building blocks for a career in cyber security. Mastery of hardware, operating systems,
networking, programming basics, databases, and cloud basics can equip professionals
with the knowledge and skills to identify, prevent and mitigate cyber threats. As the landscape of cyber threats
continues to evolve, these foundational skills remain a constant and indispensable
tool in the cybersecurity toolbox.

[MUSIC] Welcome to Expert Viewpoints:
Fundamental IT Skills. In this video, cybersecurity experts
will share which fundamental IT technical skills are required for
cybersecurity professionals. When it comes to
skills required for cybersecurity, I do two things generally
when I interview people. What I look for
is I look at their final year project. In Ireland at least, towards
the end of your project semester, you would do a project that could be
a cooperative or that could be something. What I look for in that is, I look to see
not necessarily the implementation of what they did, but
what question were they asking of it? How curious is their mind? What are they trying to explore? The mindset is arguably the most
technical skill you can have. Technology has evolved. Every two to three years
is a different technology. But that spark of excitement or intrigue about what a technology build is
what enables you to find vulnerabilities. So when I ask someone who’s interested
in getting a start in cybersecurity, I ask them what are they probing around,
what are they looking at? I think the question is more a mindset
based question than an actual pure technology. We do run, and
this is what I advise people. One of the things you want to be doing
is you want to separate yourself from the rest of the pack that
are also going from the same job. I work a lot with the open
source community. I think the open source community
is one of the most powerful, important things that someone new in
cybersecurity can be involved in. I founded the Irish Honeynet Project. There is a Honeynet chapter all over. The world is different. If there isn’t one in your region or
your university, you should look to create that and
work with the Global Honeynet Project. I also work with OAS,
that’s a global group. We run Capture The Flag tournaments. I’ve run global
Capture The Flag tournaments. A Capture The Flag is a competition. If you’ve never done a Capture The Flag,
you should probably look them up and you could see is there any in your area,
potentially run them yourselves. That’s what I would look for. Someone who’s showing an interest
in cybersecurity outside of just their course content and
outside of particular technology. It’s such a broad sphere. You really have to chase mindset
over a particular technology. Having a solid base in
programming is very important when working on cybersecurity software. Knowing how to write code that is
readable and follows industry standards, knowing how to debug and
how to write tests are all vital skills. I think it is also important to have
a good understanding of various tools and technologies that are used in
the industry, what they do, and why they are useful, such as collaboration
and version control tools like GitHub or CICD software such as Jenkins or
Circuit CI. Depending on which area of
cybersecurity you’re in, there’s different IT skills that
you could need, for example, network security, Cloud security,
information security, and so on. So I would say that
to be a good security professional, good security architect,
security engineer, you need to first understand how a system
works and then focus on how it might fail. So in order to understand how it works,
you have to have a broad background and a broad understanding of networking and
what the technology is involved there, in databases, in applications. If you’ve done coding,
that brings additional understanding and depth to your understanding here. You don’t have to be very
deeply experienced in this, but the more experience you have, the more it
helps, because then you understand how vulnerabilities can be introduced and
also how they can be mitigated. So I think a broad general
understanding of all things IT, every time a new technology comes out,
you need to run toward that. So for instance,
when PCs first came out, then laptops, then mobile devices, then Cloud,
now Internet of Things and AI, every one of these new
technological innovations are areas that I go running toward because
I see them as first of all, interesting technologically, but also
as a new area and a new attack surface. So I need to understand how they
work before I can figure out how to secure them. [MUSIC]

Cybersecurity Technical Skills Tutorial: Protect Your Organization’s Digital Assets

Cybersecurity threats are constantly evolving, demanding professionals with diverse technical skills to safeguard sensitive information. This tutorial delves into essential skills and resources to help you embark on your cybersecurity journey.

Foundational Skills:

1. Networking Fundamentals: Understanding network protocols, architecture, and vulnerabilities forms the basis for effective security measures.
   • Resources:
     • Cisco Networking Academy: [<invalid URL removed>]
     • CompTIA Network+ certification: [<invalid URL removed>]
2. Operating Systems: Learn the internals of commonly used operating systems like Windows, Linux, and macOS to understand and defend against potential threats.
   • Resources:
     • Microsoft Virtual Academy: [<invalid URL removed>]
     • Linux Foundation Certified System Administrator (LFCS): [https://training.linuxfoundation.org/certification/lfcs]
3. Scripting: Python, Bash, and PowerShell scripting skills prove invaluable for automating security tasks and analyzing system logs.
   • Resources:
     • Codecademy: [https://www.codecademy.com/]
     • Automate the Boring Stuff with Python: [https://automatetheboringstuff.com/]

Core Cybersecurity Skills:

1. Cryptography: Master concepts like encryption, hashing, and digital signatures to secure data confidentiality, integrity, and authenticity.
   • Resources:
     • Cryptopals Crypto Challenges: [https://cryptopals.com/]
     • Coursera Cryptography Courses: [<invalid URL removed>]
2. Vulnerability Management: Identify, prioritize, and remediate vulnerabilities in your IT infrastructure to minimize attack surface.
   • Resources:
     • SANS Institute Penetration Testing Essentials: [<invalid URL removed>]
     • National Institute of Standards and Technology (NIST) Cybersecurity Framework: [https://www.nist.gov/cyberframework]
3. Threat Analysis & Incident Response: Develop expertise in identifying threats, investigating security incidents, and implementing effective mitigation strategies.
   • Resources:
     • SANS Institute Security Incident Handler (GSEC): [<invalid URL removed>]
     • FIRST: Forum of Incident Response and Security Teams: [https://www.first.org/]
4. Secure Coding Practices: Learn how to write code that is secure from common vulnerabilities like injection attacks and cross-site scripting (XSS).
   • Resources:
     • OWASP Top 10 Web Application Security Risks: [https://owasp.org/Top10/]
     • Secure Code Warrior: [https://www.securecodewarrior.com/]
5. Cloud Security: Understand the unique security considerations of cloud-based infrastructure and services.
   • Resources:
     • AWS Security: [https://aws.amazon.com/security/]
     • Microsoft Azure Security: [<invalid URL removed>]

Remember:

• Continuous Learning: This field is dynamic, so staying updated with emerging threats and technologies is crucial.
• Specialization: Explore areas that align with your interests and career goals.
• Practice & Experiment: Set up personal labs to solidify your knowledge and experiment with tools and techniques.

By developing these skills and staying ahead of the curve, you can contribute to creating a more secure digital environment for organizations and individuals alike.

Additional Resources:

• National Initiative for Cybersecurity Careers and Studies (NICCS): [https://www.niccs.cisa.gov/]
• Cybersecurity & Infrastructure Security Agency (CISA): [https://www.cisa.gov/]
• Open Web Application Security Project (OWASP): [https://owasp.org/]

You’ll learn about
the different types of technical skills
pertaining to cybersecurity and
their importance in protecting the organization’s
digital information. After watching this
video, you’ll be able to, identify cybersecurity
technical skills, describe the importance
of each skill. Let’s look at several
essential cybersecurity skills for cybersecurity professionals. These include
information security and assurance,
security operations, cryptography, risk
management, threat analysis, authentication, and
network security. Information security
and assurance is the cornerstone
of cybersecurity. Information security
and assurance refers to the practices
and measures to protect digital and
nondigital information from unauthorized access, use, disclosure, disruption, modification, or destruction. As the volume and value of digital data increases
exponentially, the need for trained
professionals who can ensure its integrity, confidentiality, and accessibility becomes
equally critical. They are responsible for
implementing security policies, managing user access controls, and conducting regular
audits to ensure compliance. Security operations refers to the actions and activities
dedicated to identifying, investigating, and resolving
security incidents within an organization’s
information system. Cybersecurity professionals maintain and monitor
security infrastructure, conduct incident
response activities, and collaborate
with other teams to manage security
incidents effectively. Cryptography is the
science of protecting information by transforming
it into a secure format. It provides data
confidentiality, integrity, and authenticity
in an insecure environment. Cryptographers create algorithms
and ciphers to encrypt data making it unreadable to anyone without
the decryption key. Cybersecurity
professionals need to understand the fundamental
principles of cryptography, including symmetric and
asymmetric encryption, hashing and digital signatures. They must be familiar
with implementing encryption protocols to secure data in transit and at rest. They should be aware of the potential
vulnerabilities that can arise if they do not
use protocols correctly. They should also understand how to manage encryption keys, including the processes
of essential generation, distribution, storage,
and exploration. Risk in cybersecurity
is the result of uncertainty in information
and technology. Risk management is identifying, assessing, and
prioritizing these risks, followed by implementing
processes and resources to minimize the
impact of these risks. In cybersecurity, this means understanding the
potential threats facing an organization’s
information systems and making informed decisions
to mitigate those risks. It involves conducting
risk assessments, creating risk
mitigation strategies, and monitoring the effectiveness
of these strategies. Cybersecurity professionals
use threat management to prevent cyber attacks, detect threats, and respond
to security incidents. Threat hunting involves
proactively identifying and isolating threats that automated security solutions
may not notice. It requires a deep
understanding of the organization’s
network including normal and abnormal
system behaviors, thus uncovering
malicious activities. Cyber professionals use
threat intelligence analytics and up-to-date threat
data to actively search, analyze, and remediate
potential threats that evade existing
security solutions. Vulnerability management is continuously discovering,
prioritizing, and resolving security
vulnerabilities in an organization’s IT
infrastructure and hardware. Analysts identify and secure
potential vulnerabilities, helping organizations stay
ahead of potential attackers. This process includes
vulnerability scanning, which uses tools to detect potential system network or
application vulnerabilities. Penetration testing is another essential part of
vulnerability assessment. It involves simulating
hacker activities to verify the existence of vulnerabilities and understand
their potential impact on the system if exploited. Authentication is the process of verifying the identity of
a user, device, or system. It’s a fundamental aspect
of access control, ensuring that only
authorized individuals or systems can access
specific resources. Skills in designing
and implementing robust authentication
methods like multi-factor authentication, biometrics, and digital
certificates are essential in preventing unauthorized access and subsequent data breaches. In this video, you learned that as cyber threats continue
to grow and evolve, the need for professionals with cybersecurity technical
skills will increase. With these skills,
cybersecurity professionals can protect organization’s
information assets, and maintain their
data’s integrity, confidentiality,
and availability.

[MUSIC] Welcome to Expert Viewpoints:
Cybersecurity Technical Skills. In this video,
cybersecurity experts will identify and describe technical skills they’ve deemed
essential for cybersecurity professionals. So the most important
technical skills I would look for for people is their ability and anything they’ve gleaned from,
say, the open source community, anything they can tell me about OASP, anything they can tell me if they’ve
contributed to an open source project. That’s a fantastic thing
that someone can do, and that really helps them to stand apart. An example of an OASP project
that I think is really great and something that I helped get off
the ground is Security Shepherd. It’s now championed by
a fantastic an ex IBMers. Mark Denhan and Paul McCann are big
contributors to that project. I think if you’ve got an awareness of
hacker tools, I think that’s really good. And also if you get
the opportunity to get any type of exposure to any enterprise level tools,
the likes of App scan and things like that,
that’s also very powerful. So when it comes to tooling, I think
the best way to hone these tools or get access and are understanding what
tools you should be using is if you compete in capture the flag tournaments. You shouldn’t go into a capture
the flag thinking you’ll do well. You should go into a Capture
the Flag tournament thinking, I’m going to learn how you hack and
how you triage defects by talking and building up a network of people. So what I love most about Capture
the Flag tournaments when we run them, is we build vulnerable systems. We put them in front of 30
to 50 hackers or more, and then we watch to see what tools they use. And then from our understanding of what
tools they use, we see what’s going on. So what I would say to people, if you’re
interested, is there a particular tool, I’d say the best place to start for you to figure that out is to do
a Capture the Flag tournament. Maybe some in your university, there may
be some in your district, do a Capture the Flag, do some online, figure out what
it took to solve particular challenges, and from that you’ll start
to build your career story. I think it’s important to
have a general knowledge of the different types of security issues, possible
causes, and common exploitation methods. The ability to use a range
of cybersecurity tools and understand why they’re useful
is also very important. The ability as well to read and understand code in such a way that
you can spot vulnerabilities while you read it is the third thing that I
think is the most important. I think the number one most
important skill a cybersecurity professional can have is
that of critical thinking. You have to, as I said before,
envision how a system works and then think about how it might fail. So you have to be able to
imagine if I were a bad guy and I was trying to compromise the system. What are all the things I
might do to compromise that? What are all the different things? Where do we have implicit trust
built into the system and identify those things that
are assumptions that we assume are okay, the bad guy will probably try to exploit. So that’s the first and most important
thing is a critical thinking mindset that allows me to do that, but
also an ability to balance that and not become overly negative. Because the security department
cannot be the department of no. We have to figure out not how to say no,
but how to say how we should instruct our peers who are trying to come up
with new innovative capabilities, how they can do them in a secure
way rather than just saying no. You can’t do that. If you
want to go into hacking, you can learn integration testing. That would be useful. And if you want to go into implementation, you should understand the in and
outs of firewall works. That would be useful. If you want to do the engineering part, you have to understand how a software
application security works, so it’s always based on what kind
of domain you’re targeting. [MUSIC]

[MUSIC] Welcome to Importance of Soft Skills. After watching this video, you’ll be able
to identify cybersecurity soft skills, describe the importance of each skill. While the importance of technical skills
in tackling cybersecurity threats is obvious, you cannot ignore
the role of soft skills. Soft skills refer to personal attributes,
interpersonal capabilities, and social attitudes that allow individuals
to interact effectively with others. These skills are often overlooked, yet they are increasingly
important in cybersecurity. Let’s look at some of the most critical
soft skills for the cybersecurity field. Let’s start with attention to detail. Cybersecurity professionals
must scrutinize data and systems to identify potential
vulnerabilities or threats. If they overlook a single detail, it could
lead to significant and costly breaches. Besides detailing, creativity and
critical thinking are equally important. With hackers becoming more innovative, cybersecurity professionals must think
smartly and outmaneuver these threats. They must anticipate potential
attack strategies, and develop robust countermeasures. Teamwork and communication, both
written and verbal, are also essential. Cybersecurity is a collective
effort requiring coordination for a successful defense strategy. Effective communication ensures that every
team member is aware of potential threats, the status of ongoing tasks and
any changes in strategy. Leadership and problem solving are
intertwined in the cybersecurity field. A team leader must guide their team
through challenges, make important decisions, and resolve disputes
while maintaining high team morale. Documentation is another crucial skill. Keeping meticulous records of threats,
breaches, and countermeasures provides valuable
references for future occurrences. Professionalism is another crucial aspect,
it involves observing work ethics, maintaining confidentiality,
and respecting the rules and regulations of the profession. The cybersecurity field involves securing
digital assets and sensitive data, meaning that cybersecurity professionals
must maintain high integrity and responsibility. Research plays a pivotal
role in threat hunting, a proactive approach in cybersecurity
where experts actively search for signs of attacks or potential
vulnerabilities within a network. By continuously keeping up with the latest
cybersecurity research, threat hunters can anticipate the evolving strategies and
techniques that adversaries might use. This could mean studying recent
case studies of cyberattacks, understanding newly discovered exploits,
or even learning about the latest
security tools and technologies. The knowledge gleaned from such
research allows threat hunters to spot anomalies that might
otherwise go unnoticed, helping them to identify potential threats
before they can do substantial harm. Lastly, time management is crucial, in the
rapidly evolving field of cybersecurity, every second indeed counts. The speed at which a threat is identified,
evaluated, and responded to can significantly impact the extent of the
damage a cybersecurity breach can cause. Response time delays can provide cyber
attackers a crucial window to infiltrate systems, access sensitive information,
and cause havoc. On the other hand, swift detection and
response can help mitigate threats, minimize damage, and
prevent potential breaches. In a day-to-day context, cybersecurity
professionals must be able to prioritize tasks, delegate when necessary,
and work efficiently to prevent or mitigate breaches. In this video, you learned that while
technical knowledge is essential in cybersecurity, soft skills enhance
a professional’s effectiveness. Soft skills enable professionals to work
in teams, think creatively and critically, document meticulously,
demonstrate leadership, solve problems, maintain professionalism,
conduct thorough research, and manage their time effectively. [MUSIC]

Welcome to Expert
Viewpoints: Soft Skills. Cybersecurity
professionals must manage sensitive one-to-one and
one-to-many communications. In this video, you’ll gain
insight into the soft skills these cybersecurity professionals
find most important. The most important soft skill a cybersecurity professional
can have is, I would say, the ability to listen, the ability to hear what’s
going on with people, and then to be able to
translate that into a message. When we talk we would often find vulnerabilities
and development, you need to understand
that developers are under a tremendous amount
of pressure to get their products out the door so we come along and we
find vulnerabilities, there’s always a balance to be struck and this
needs to be fixed, that needs to be fixed, but also this needs to be released. One of the things
that was really important as a soft skill
is the ability to listen. The ability to then understand what they’re doing
and then using that skill to be
able to position your own argument on why
it needs to be done. People will only fix the issues that you are
able to articulate, why it needs to be
fixed to a business. One of the key things that
you can do is develop that ability to
understand the business, understand what’s
driving the business, listen to what the
business people are telling you and
then be able to articulate if they
don’t fix this why. But through listening,
you’ll be able to tell them why it’s important
because you’ll be able to understand what’s
driving them. I would say that the most
important soft skills for a cybersecurity professional
would be communication, problem solving, adaptability, and a dedication to
lifelong learning. Communication is so important because you’re going to
be working with teams, explaining complex
technical concepts to both technical and non
technical stakeholders. Cybersecurity professionals
face challenges daily and that’s the
intrigue of the job. But because of that,
problem solving skills are very important
for identifying, for analyzing, and then also for determining how to mitigate
security vulnerabilities. The tech world is constantly
changing so the ability to adapt quickly to changing
circumstances is important. Cybersecurity professionals
need to be able to anticipate and
respond to new threats. Technology advancements,
regulatory changes again, just so many things change
and just being able to be ready for those changes
is very important. Communication and
interpersonal skills are as vital in cybersecurity as
they are in any other career. Being able to listen to
others as well as present your own opinions and your own ideas clearly and
concisely is essential. I think adaptability is also
an important skill to have. The cybersecurity industry
is constantly changing with new threats and
attacks, and new processes, strategies and technologies
needed to help detect, respond, and recover
from these attacks. I think the most
important soft skill for a cybersecurity professional is the ability to communicate well. You need to be able
to speak well. You need to be able to write well and be able to get
your ideas out there. Learn the kind of
emotional intelligence, the emotional IQ, so that we’re able
to read the room and understand when to
speak and when not to speak so that we
can put all that we do in the context
of business. If you can’t explain what you need to do in business terms, the business will not fund
it and it won’t happen. An understanding of
business principles and the ability to communicate. Well, from a point of view, I think there is two sides. If we look at the
high level skills, I think it’s important to understand what alerts coming
from where and also to understand which tech frameworks they are working with to avoid intrusions but on top and what I see a customer
often forgotten, but not focused on as well, is to really understand the technology
you’re working with. If that’s IBM or
Microsoft or Splunk, it doesn’t really
matter but we need to understand the
capabilities of the tools, because these days,
a lot of knowledge, a lot of actions towards the alerts
they’re already built in. Most security software, and especially the IBM
security software has some AI built in to better point the SOC specialist into the right direction.
So being able to work with those parts of the
tool and being able to really use them to
be more effective, is really important skill. I was speaking it’s more important to
listen and understand. I observed, even
when we hire people, they believe that they need to do things
in a certain way, they don’t listen to
the requirements, and they don’t listen to
the problem statements. That’s what is more
important nowadays, at least in security
because security specific, you can’t just do
something general. You have to tailor
your security based on your organization
and in that case, you have to be able to
understand and explain that to your top management because money comes from the
top management, and if they don’t understand how your security tool is adding value, it would be difficult.