This blog was written by an independent guest blogger.
It’s 2020 and our world is rapidly evolving. Many conferences and training programs have been cancelled, most of us are working from home, and it may seem like learning opportunities are scarce. If you are locked in your house due to COVID-19, what could you be doing to improve your cybersecurity & information security skills? Let me share a few ideas.
Let’s start with the most straightforward suggestion I give every person who wants to jump into infosec. In my opinion, it is the fundamental skillset that will lift you above any and all of your peers and most seasoned professionals. It is considered by many in the industry to be beneath them and boring work that it is often overlooked, but is so essential to almost all organizations that people who have this skillset within an organization become critical to infosec operations and can easily flip between blue team and red team operations. So what is my first recommendation? Learn Microsoft Active Directory.
Microsoft Active Directory (AD) is the heart and brains of most organizations today. AD controls who and what is part of the corporate network, access and permissions rights, visibility, logging and reporting, and more. When malicious actors want to “stop by for a visit”, their initial goal is to gain access to AD so that they can accomplish their larger objectives. Think about this for a second, you wifi Access Point is nice, your endpoint is nice… but Admin privileges on the Domain Controller?!? With those, they can go anywhere and take anything on the network.
Here’s a bigger secret: Most AD environments are a mess. Total disaster that is being held together by hopes and prayers… and it is only getting worse. Organizations buy products to enhance their security because they don’t know how to use Active Directory!
If you learn how to build trust relationships, user permissions and shares, roles, a GPO set that actually works the way it is supposed to, PKI management, proper logging and reporting and apply that knowledge to your environment, you will have a very clear understanding of how malicious actors will attack you and how to identify and stop them.
My second recommendation, if you are able to, is to learn how to use the security tools your organization owns. In my experience, many organizations purchase tools for a specific purpose rarely implementing all of the tools features. People that have a deep understanding of each of the tools become invaluable when something goes wrong.
My secret? Start with the tools that the team takes for granted, the tools others don’t find interesting. Some examples I’ve seen throughout my career include Antivirus, endpoint encryption, multi-factor authentication, but sometimes it can be firewalls, EDR or other tools. Often it is the tools that team members have the least experience with or know the least about. Regardless, all of these provide an opportunity to learn more, enhance your skills, and become more valuable to the security organization.
My third recommendation is to build your professional network. Now is a perfect time to join LinkedIn and Twitter. Now is a perfect time to join virtual meetups, free training sessions, and chat groups. It doesn’t matter how much you know, if this is day 1 or day 10,000 in cybersec, engaging (professionally and politely) with others is a great way to widen your perspective, learn new things, and develop professional skills. Added Bonus: developing and maintaining professional relationships now will help your career trajectory over time significantly.
My fourth and final recommendation is to focus on learning more about your industry and business in general. If possible, subscribe to and read The Wall street Journal, The Economist, and other business-centric news outlets and journals. Read the industry magazines that you used to see sitting in your lobby. Set up Google Alerts for news notifications of your competitors. The more you know about happenings in your industry and the world economy, the more prepared for protecting your environment you will be.
Now is a perfect time to improve your security skills. The four skills I would focus on are:
- Microsoft Active Directory knowledge
- Existing tools in your environment capabilities
- Professional networking
- Business acumen
Here's a list of resources I use:
- Jess Dodson (@girlgerms) https://channel9.msdn.com/events/Ignite/New-Zealand-2016/M354
- @blackroomsec https://www.blackroomsec.com/
- @swiftonsecurity https://decentsecurity.com/
- Amanda Berlin (@infosystir) book: Defensive-Security-Handbook