Skip to main content

Finding your starting point.


Cybersecurity is a vast field.  

It often feels like one needs to be a good Business Analyst, Programmer, Architect, Operations Manager, Lawyer, Contracts Officer– all at the same time! 

The saving grace though is that not all jobs need you to be a complete expert in any one single area to have a successful career. With this assurance, let’s get started on learning cybersecurity. 

One very good starting point is the NIST NICE model. It is a good place to find what you like within the broad spectrum of Cybersecurity. You can then extract its Knowledge-Skills-Abilities (KSA) framework data and resources and get going.

If job market relevance is your concern, then leverage Cyberseek.org. It represents today’s job market needs and maps them to the NICE framework as well.

If you have a technical background or career, head on over to the Cloud Security Alliance (CSA) Enterprise Architecture reference model. Here you can jump into the Security Stack and find your place, or select one of the other stacks and see where security comes into play. 

If you are a framework type of person, start with the Cybersecurity Framework (CSF). Go at least one level deep to understand the frameworks and identify, for example, Supply Chain security, such as Vendor Risk Management is our calling. Or perhaps you can leverage the Risk Management Framework (RMF) and find out if you are a controls recommender such as an architect, or a controls assessor such as a NIST 800-53 controls tester as opposed to a penetration tester.

It's also important to know what certifications are valued by the job market. I like to use Cyberseek.org again to see what is in demand. Caution though, certification by itself does not mean job performance. That is, you may get a job but not a career. 

No matter where you start, remember security needs to learned hands-on. Otherwise, it's like telling a swimmer how to swim based on manuals without ever having swum yourself! Patience is needed as well!!


Happy Learning!
Srini Kasturi
https://www.linkedin.com/in/skasturi/
https://banyanlogic.com/Classes/
 

Comments

  1. Ana CyberSeptember 23, 2021 at 1:34 PM

    The demand of ethical hackers and cyber security professionals is higher. These professionals can help enterprises to secure their data and systems from malicious users and prevent potential cyber attacks. Thank you for sharing this insightful article. Top listed cyber security companies in India

    ReplyDelete
  2. AnonymousNovember 22, 2022 at 7:25 PM

    And more than 93% of all the money spent on sports bets was wagered on-line. Various independent auditors verify on line casino random quantity mills for accuracy. The company strives guarantee that|to make certain that} every motion on the on line casino web site is purely legal and fully random. If may have} the opportunity to play at certainly 카지노 one of these sites, want to|you should|you have to} know everything find a way to|you possibly can} to get the proper Indian on-line on line casino bluechip.io in expertise.

    ReplyDelete

Post a Comment

Popular posts from this blog

Shield's damaged! What is the risk level Scotty?

Understanding Security Risk Level Security Risks are like having a hole in your shield: no matter the side, the hole is still there. You can raise your shields, but until you fix the hole, you are living under a false sense of security. IT folks enter risk conversations much like the blind men describing an elephant ( https://en.wikipedia.org/wiki/Blind_men_and_an_elephant ). Each person is trying to convince everyone else and each one's statement is true to their perception but may be missing the overall perspective. A security professional is required to think through all stacks, layers, phases, control standards, and baselines. It is not optional.  They may know the elephant, but they may not know its purpose and value! Add the daunting task of keeping up with rapidly-evolving technologies and you have a very difficult task. How do we help all stakeholders get onto the same page and reduce risk due to ...
2 comments
Read more

A starting point for SaaS security and NIST 800-53

SaaS (Security as-if adding Salt) haha Security is like salt. You need to add it at the right time, add just the right amount, and keep in mind the health/dietary needs. One can’t really learn the art-of-salt, unless one cooks, and eats what they cooked! So here you go! My view of learning Security as-if learning the art of salting. What does this paradigm mean to say learning a SaaS Cloud Platform? Well, it means, go ahead, get say a trail   Office 365 subscription *, set up the default, then start securing it, or as security people say, harden it. It escapes me as to why it is still called hardening, feels like it is neither Agile or DevSecopsy**, so let's say hardening is like a callus that a pro-player develops. Anyways, unless one sets up a user, one will not experience the skipped/skimped password settings, and next unless one assigns a role** one will not experience membership management issues. So, go ahead create a fe...
Post a Comment
Read more