All Articles

Getting into security

Getting started

This is a work in progress, and I will continue to add more and more to this post in the future!

Looking back, it seems like I just got into security yesterday… But that’s not the case (aka I’m getting old!). Every time I go to a non-security conference, I started to get a lot of questions about “what do you do in security”, “why does XYZ need security?”, and “how do I get started in security?“.

Instead of repeatedly giving people half-ass answers and an empty promise of me following up with additional resource, I thought I’d write a blog here to share instead. This way, every time I think about this subject, or if someone give a really good resource, I can add it here.

What was your experience? What’d you study back in college?

I went to college originally with the intention of becoming a pharmacist. I got an internship in high school to work in a research lab, working on how to deliver medication more effectively by trying to get it past blood barriers. Then my first job in college was working as a lab assistant, working on genetic engineering trying to understand the basic molecular mechanisms regulating reproduction, immunity, and lifespan in mosquito to control mosquito-borne diseases.

After sophomore year, I realized pretty quick that I wasn’t passionate about becoming a pharmacist anymore. The lab life moved way too slow for me. That’s when I added on MIS as a major, so I can get a feel of technology and see if I would like it. Turned out I did. In order to catch up with the rest of my peers and graduate on time, I took a bunch of classes. I remembered there was a semester that I was taking 28 units between the U of A and a CC while working 2 jobs… that was a fun time! Then during my senior year, I went to a hackathon every other week to improve my skills. I graduated with a triple majors in Molecular & Cellular Biology, Management Information Systems, and Operations Management. And once I was done, I got a job as a software developer. Soon after, someone reached out and offered me an opportunity to work on building some cool in-house security tools for detections. I thought that would be sweet, so I switched. It was indeed pretty sweet, and the rest is history!

Anyways, I’m getting wayyyy off topic reminiscing about the past… But the main point here is that I did not have a traditional path into infosec. And you don’t have to either. Despite what the gatekeepers or anybody might say, you can do it if you really want to do it! :)

What’s available? What did you do!? How do I get into that, too?

I started out in security by working on an in-house developed custom SIEM. So that got me to understand where all the log sources come from, how it get ingested, how it get parsed, and how it can be queried. I also got to work on developing a IR case management platform, so that taught me a lot about what the IR analysts have to do, where it would be good to automate, what kind of steps and procedures to follow, and what type of playbooks to create.

During my work, my company also sent me to a few trainings. I got to take a few SANS classes, and it only grew my love for security more and more. I spent many months after work at a coffee shop to read/watch videos/learn more about anything related. These are the classes that I got to take, and also paid out of pocket to take:

  • SANS 560 (GPEN), FOR 508 (GCFA), ICS 410 (GCISP), SEC 504 (GCIH), FOR 610 (GREM)
  • Penetration Testing with Kali Linux
  • Black Hat: Purple Teaming with TrustedSec
  • Conferences: Bsides, Grrcon, Defcon/BlackHat

TLDR: Non-traditional path to infosec. First software engineer, turned security engineer.

Getting into security

Here is a list of the security roles that I can think of, general skills you need in that field, and some free rabbit holes for you to go to (under resources). Being in security = you having a desire to learn and know all the things despite the impossibility. So cheers to my fellow nerds! ;D

But first, let me link you to Lesley Carhart (@hacks4pancakes)‘s blog. It’s a series of blog posts that I wish I knew about when I first started out in security, not 4 years after into my career. So here it is, let me save you the trouble:

Let’s think of it as a pre-requisite to read the rest of this blog. For mine, I’m going to focus on summarizing the role shortly, and mainly giving out resources for you to dig deeper into whatever role you desire!

~Am I bombarding you with information? Oops, too late!~

Application Security

Incident Response

Digital Forensics

Penetration Testing

A lot of the skills from here will come with experience.

Red Teaming

Malware Reverse Engineer

Threat Hunter

Under the “assumed breach” mindset, threat hunter proactively hunt, detect, isolate, and neutralize any threats within the network.

  • Must have/know: the topic to hunt for, eyes for detail, current & past malware methods, TTPs, OS, network
  • Nice to have: querying, technical writing/reporting and communication skills
  • Preferred Skills: knowledge of SIEM and analytics tools
  • Resources:

Detection Engineer

In this role, you will help to enrich and enhance detection capabilities, write rules, utilize logs to detect malicious activities

Cyber Threat Intelligence

Help to create an adversary playbooks. Research into threat actor’s technical profile, their TTPs (typical plays), and defenses (such as recommending actions), and technical indicators. Track threat groups - identify tradecraft techniques. Collect data and IOCs (atomic, computed, behavioral) and utilize it for analysis. There are strategic intel (forms overall picture of intent and capabilities of malicious theats), operational intel (assess specific/potential incidents related to events), and tactical intel (real time)

Cloud Security (AWS context)

Securing all things “cloud” related. AWS/Azure/GCP

Find the equivalent of these products in other cloud environments.

Identity & Access Management

The job is to figure out how individual can be identified in a system, how roles are identified in system and how they are assigned to individuals. These includes adding, removing, updating those entitlements as well.

Risk & Compliance

Work on making sure the company is complying with legal regulations and company’s policies and standards. Identify risks, analyze the data, develop policies to benefit the workplace, and consult. Risk is to manage risks, and compliance is adhering to mandated boundaries and voluntary boundaries.

  • Must have/know: known and emerging risks, GRC frameworks
  • Nice to have: passion for documentation
  • Preferred Skills: strong writing and communication skills

Data Loss Prevention (DLP)

Detects potential data breaches/data ex-filtration transmissions and prevents them by monitoring, detecting and blocking sensitive data while in use, in motion, and at rest.

  • Must have/know: all vectors of data protection (i.e. data in transit, data at rest, data in use, and cloud access security brokers (CASBs))
  • Nice to have: creativity, organizational, and being able to write detection to raise alerts
  • Preferred Skills: strong writing and communication skills

Security Engineer

Some more resources I really enjoy:

Some more “awesome” list from Github:

Next step

Goodluck, my friend!