NowADays, Information Security has caught lot of peoples’ attention. Many don’t understand it, some interested give it A try, few serious ones make a career out of it.
I have prepared this article for Beginners who are thinking of adopting an Information Security Career for their bread and butter. But those who are veterans can also learn a thing or two about expanding their career. Also, I will show you the method to set up your own ethical hacking lab along with the prerequisites for it.
Hackers like Steve Wozniak, Bill Gates, Steves Job were responsible for bringing down the monopoly of big computer giant like IBM and delivered computers in the hand of the general public.
Before we start, I want to clear one thing, Information/Cyber Security is a respectable discipline like Science, Pharmacy, Accounting and it is upon us those who are keen to join this career or are already involved in this, to uphold this profession as a reputable one. Before the hacker term became derogatory, hackers were revered. So in this article, we will use terms like the perpetrator, attacker to identify people with malicious intent who want to gain access to another information system for their illegal private gain.
One may choose two options from the Information Security Career Path: Managerial and Technical Aspect.
- Managerial Aspect:
This category is for individuals who want to become Information Security Manager, Chief Information Security Officers, Information Security Auditors. They are responsible for the overall management of information security in the organization. Their jobs and responsibilities will include but are not limited to information security risk assessment and planning for its mitigation, setting up department structure, developing policy, guidelines, and procedures, conducting audits, reporting to management and other stakeholders and so on.
2. Technical Aspect:
The individuals in these categories are the ones who want to be ethical hackers, pentester, Vulnerability Analyst. The main responsibility is to find whether there is some kind of weakness, loopholes in existing Information Security Threats that might be leveraged by attackers to exploit the system. So, they fix these issues by patching the system, implementing new hardware or software or reconfiguring them.
It is impossible to say which one is better than another. It depends upon one country to another that is what kind of opportunities are available for these two categories. Nevertheless, both have their own advantages. If you like the managerial type we will secure a good position in an organization with a steady income but if you go for technical, you can work as a contractor or set up your own business and you will have more freedom.
Prerequisites for Information Security Professional
I am going to list the following minimum requirements for both categories that individuals need to fulfill before starting a successful career.
It does not matter how much you know about a certain subject unless you can back it by appropriate certification. Nobody is going to offer you a job or a contract based on your knowledge only, they want proof of that knowledge. Hence, certification is a must. I am going to list out some certifications for each category that you might opt for.
|Managerial||Certified Information Security Auditor(CISA)
|Technical||Certified Ethical Hacker(CEH)
It may be overwhelming at times when choosing which certification to go for. So, my suggestion is that you do a little bit of homework, you find out which certification is in demand in your region, look at job openings, it will give you some idea.
Now, if you are just starting out, here is my suggestion. If you want to go in the managerial sector, you may want to do CISA. CISA is easy and it is not that technical as other certifications. You can go to my article here to know about what CISA is all about and how to prepare for it.
Now, for the technical aspect, if you are at a beginner level, then go for Certified Ethical Hacking, it is straightforward and it provides you the basic concepts of all things like networking, database, web applications, social engineering, Internet of Things and many more. Further, you will be using ready-made tools for hacking so you don’t actually need the concepts of programming here. Therefore, this course will help you to build the foundation for your ethical hacking career. Another thing is, you can read it on your own and practice tools in your ethical hacking lab(I will tell you later in this article how to set up this lab) by yourself.
b. Knowledge about Basic ethical Hacking Tools:
Whichever, the area you may choose, one should have knowledge of basic ethical hacking tools like Nmap, Wireshark, Nessus and so on. Those who want to be ethical hackers will develop this knowledge about these tools gradually, while for managerial people, it is imperative that you know about these tools because without the of knowledge these tools, how can you recommend controls measures for different types of information security threats. It is advised that you think about CEH certification.
c. Knowledge of different operating systems.
Many of us know how to use windows very well but if you are seriously thinking about cybersecurity, you need to have knowledge of different operating systems like Linux, Mac, Android. Since, as an ethical hacker, you need to find different ways to gain access to your target so you need to expand your knowledge to use different penetration tools for different platforms.
c. Programming Skill:
As the name suggests, this skill should be acquired sooner or later if you want to be a skilled ethical hacker. Because, after you use penetration tools for long period of time, you may start to see its limitations in functionality. Therefore, you may want to devise your own custom tools to carry out operations of your choosing. Although, you can choose any programming language that you are comfortable with. But, it is preferable that you become accustomed to Python. The main benefit is that it is easy to learn and highly flexible as it has a wide variety of tools in its library that can be used for hacking anything.
d. Curiosity and Learning Aptitude.
Opposite of popular saying curiosity killed the Cat, you need to have a curious attitude. You should always break down matter in hand into the smallest part. That is to say, if you want to hack any website, you have to understand, what server type from it is being hosted, what language like Java, PHP is being used to build that website, who is the admin owner. You should have the patience to make a detail study all this thing. And in the next step, you will analyze all these variables and identify vulnerabilities in them in order to exploit them to compromise the website.
Let’s Get Techincal
Setting of Ethical Lab
If you want to say yourself as an information security expert, then you must set up an ethical hacking lab so that you can practice different hacking techniques by yourself and method that I will be teaching you later in this article series.
- Choosing Appropriate Gear
If you want to get started in ethical hacking, you need to have a computer with good hardware, it should be at least Intel Core I7 or equivalent, with 16 GB ram and good graphic cards. This is required because you may need to sometime run 5-6 virtual machines simultaneously and your computer should support that. You might have also heard that you don’t need a graphics card while doing hacking, well actually you need it, because sometimes you have to depend upon GPU rather than CPU to perform penetration testing like password cracking as they are much faster from GPU than CPU. So, this requirement can be fulfilled by using any Budget gaming laptop. Personally, I use a Dell G3 Gaming laptop, but you can choose any laptop that falls within your budget until and unless it meets the above requirement.
b. External Wireless Card
You may be wondering why I should buy an external wireless card if I have already had an in-built wireless card on my laptop. The answer is there are some inherent limitations in those wireless cards. You actually want that wireless card which you can configure to put it on monitor mode so that you can listen to another computer network traffic as well as perform packet injection, also there is a question of range that every wireless card does not support. I am currently using TP-Link 150 Mbps external wireless card.
Now you are all set, you now read to set up your own ethical hacking lab. So, watch the following video on how to set up an ethical hacking lab.
Now if you have followed the instructions properly, I believe you would have now ready-to-start lab.
So, you have set up a new lab. I know you are all excited; you are ready to do some damage. Ok, how about trying some Linux commands just to practice around. Some of you might not understand these commands right off the bat but, don’t worry, we will cover these commands in our next ethical hacking tutorials.
Bull’s Eye Model
All information security personnel should understand about Bull’s Eye Model. This Model simply states that to run any type of application say browser or ms word, it has to depend upon the systems which are made up of different hardware and software and they interact with each other through different networking devices and protocols. Therefore, when you are designing any information security policy, you should be able to address all types of information security threats in networks, systems, and applications by developing adequate control measures for them.
Now, for ethical hackers why is this important, look at the figure carefully, see the outer layer that surrounds the other layers. So, what does this mean? If an attacker can gain access to a network of the organization, then he/she can access all hardware and software components of the organization, finally, he/she can manipulate application for own purpose. Therefore, in this article and youtube series, I will be teaching you different ethical hacking methods to gain access to the network and then we will move eventually towards hacking other applications.
For the next article series, I will be writing different posts for information security management and ethical hacking. Let me give you a brief idea about this:
Information Security Management:
This will be all about how you can setup Information Security Management in your organization so that you can understand and manage information security threats. It will focus on how to perform risk assessment, identify different kinds of information security threats, proposing different types of mitigants. This will be more helpful to those who want to go for the managerial aspect of information security.
2. Ethical Hacking:
In this post, I will be sharing you with different techniques of ethical hacking that you can use to access network, web application, database, applications and also we will talk about different tools that will be used for social engineering, mobile hacking.
I like to finish this article with one last request, it depends upon you all whether these article series and youtube series will see the day of light or not. If you have found this article useful and think that it has been helpful to you or others in any way, please subscribe to my youtube channel if you have not already done so and please share this article so that others could also benefit from it.
Thank you all for your time.