What Must You Know Before Pursuing A Career In Cybersecurity?

Cybersecurity or Security Engineering is a critical aspect of our modern digital world, encompassing measures and practices designed to protect computer systems, networks, and data from unauthorised access, breaches, and malicious activities. The digital landscape is constantly evolving, presenting new challenges and vulnerabilities that require specialised knowledge and expertise. Cybersecurity experts play a vital role in identifying and addressing these vulnerabilities, implementing proactive security measures, detecting and responding to incidents, and ensuring the confidentiality, integrity, and availability of sensitive information. In this article, we shall explore various steps one can take into foray into the world of cybersecurity or security engineering.

Build a strong foundation in computer science

One should focus on learning a programming language and perfecting the basics of programming by solving coding problems on different online judges like Codechef, Codeforces etc.

The next step could be to learn a few algorithms to level up problem solving skills. One key aspect to cybersecurity is the knowledge of multiple programming languages as the security team in a company usually looks for threats in both backend and frontend systems. Both backend and frontend teams usually use different languages to build an application. While backend teams rely on languages like Java, C++, GoLang etc; frontend teams use JavaScript, Kotlin, Swift, along with frameworks like React, Angular etc.

Learning Computer Networking

Learning networking can be highly beneficial for individuals pursuing a career in cybersecurity. Networking knowledge provides a solid foundation for understanding the underlying infrastructure, protocols, and communication mechanisms that support computer systems and the internet. Networking knowledge enables cybersecurity experts to analyse network traffic effectively. By examining network packets and logs, they can detect anomalies, suspicious activities, and potential security breaches.

Websites like Cisco Networking Academy, Khan Academy, and Codecademy provide interactive learning materials and exercises to introduce networking concepts. Online courses like "Computer Networking for Kids" on Udemy or "Introduction to Networking for Kids" on Kids Learning Code can be good resources for school students. Additionally, books like "How the Internet Works" by Preston Gralla or "How to Speak Computer: The Basics Every Kid Should Know" by Kiki Prottsman are also good resources for beginners who are still in school.

Also Read | What Are My Options If I Score Less in Class 12?

There are networking simulators and educational games available that make learning networking engaging and fun for students. Some popular networking simulators include Cisco Packet Tracer, GNS3 (Graphical Network Simulator) etc.

A great book for folks with more experience or who might be in an undergrad course can be “Computer Networking: A Top-down Approach” by Jim Kurose.

Learning about operating systems

Learning about operating systems is extremely helpful for cybersecurity. Operating systems play a crucial role in the security of computer systems, and understanding their underlying principles and mechanisms is important for effective cybersecurity practices. Operating systems can have vulnerabilities that can be exploited by attackers. Understanding the structure, components, and functionalities of an operating system allows cybersecurity professionals to identify and analyze potential vulnerabilities. Properly configuring an operating system is vital for maintaining a secure environment. Knowledge of operating system security features and settings enables cybersecurity experts to configure the system securely, such as enabling firewalls, setting user permissions, and managing access controls.

A good way to learn about operating systems in school would be to explore the Linux operating system. Setting up a safe, virtual environment using software like Oracle's VirtualBox, where one can install and explore various operating systems such as Windows, macOS, or Linux is a great first step in tinkering with operating systems. This hands-on experience helps them understand different user interfaces, file systems, and basic operations. Another way is to develop some projects using “Raspberry Pi”, since it gives basic ideas around operating systems, their interaction with hardware and practical application of programming. "Adventures in Raspberry Pi" by Carrie Anne Philbin is a good book to use for such projects.

For folks with more experience, the book called “Operating System Concepts: by Peter Baer Galvin, Abraham Silberschatz, Greg Gagne” is advised for a thorough reading. There is a good lecture series available on NPTEL by the lecturer Mr. P.K. Biswas on operating systems. This is a good resource for someone who is pursuing an undergraduate degree.
Also Read | Kickstart Your Startup Journey in College

Learning about databases

Databases are widely used in organisations to store and manage critical data, making them attractive targets for attackers. Understanding how databases work, their vulnerabilities, and appropriate security measures is essential for effectively protecting and securing data.

Databases can have vulnerabilities that attackers can exploit. Learning about common database vulnerabilities, such as SQL injection, insecure configurations, and weak authentication mechanisms, helps cybersecurity engineers identify and mitigate these risks effectively. Databases contain sensitive and valuable data, such as personal information, financial records, and intellectual property. Cybersecurity engineers need to understand database security mechanisms, including access controls, encryption, and data integrity measures, to ensure that data is adequately protected from unauthorised access or modification.

Folks in school can start by learning the basics of databases, SQL etc through online courses offered by various platforms like CodeAcademy. Oracle Academy offers free online courses and resources on databases and SQL. Their curriculum includes interactive lessons, hands-on activities, and access to Oracle's Database software, allowing students to gain practical experience. "SQL for Kids: A Playful Introduction to Databases" by Craig S. Utley iis designed to introduce databases and SQL to young readers. Students can download and install database management systems such as MySQL, PostgreSQL, or SQLite. These systems often provide documentation and tutorials to help users get started with creating and managing databases.

CyberPatriot is a national youth cyber defence competition in the United States. It offers training materials and resources for students interested in cybersecurity, including modules on securing databases and understanding database security principles.

Participating In Capture The Flag(Ctf) Competitions

Capture the Flag (CTF) competitions in India are an excellent way for students and cybersecurity enthusiasts to test their skills and learn in a competitive environment. It is also a good way to put existing learning to use and pick up new patterns as well. For school students in India, there are also CTF competitions specifically designed for their age group and skill levels.
Here are a couple of examples:

> HackQuest Junior: HackQuest Junior is an online CTF competition organised by Nullcon. It is specifically tailored for school students, providing them with an opportunity to learn and showcase their cybersecurity skills. The challenges are designed to be beginner-friendly, covering topics such as basic cryptography, web security, and steganography.
> CySICTF: CySICTF is an annual CTF competition organised by the Cyber Society of India (CySI). It is open to students from different age groups, including school students. The competition includes challenges related to cryptography, forensics, web security, and more. CySICTF aims to promote cybersecurity awareness and skill development among students in India.

To participate in these competitions, students can form teams or participate individually. It is recommended to visit the respective websites or follow their social media channels to stay updated about upcoming competitions and registration details.

Ethical Hacking And Bug Bounty Programmes

Ethical hacking and bug bounty programmes provide opportunities for school students to engage in cybersecurity, learn practical skills, and contribute to the security of various organisations. While bug bounty programmes generally have age restrictions and legal requirements, there are specific platforms and initiatives that cater to younger participants.

Here are a few options:

> HackEDU: HackEDU is an online platform that offers interactive training programs for students interested in ethical hacking and cybersecurity. Their courses cover various topics, including web application security, penetration testing, and ethical hacking techniques.
> HackerOne Community Edition: HackerOne, a leading bug bounty platform, offers a Community Edition specifically designed for educational institutions. This program allows schools to introduce their students to the bug bounty model in a controlled and educational environment.

> picoCTF: picoCTF is a free online cybersecurity competition designed for middle and high school students. It provides challenges across different areas of cybersecurity, such as cryptography, web security, forensics, and more. picoCTF encourages students to learn and solve problems in a gamified environment.

Also Read | New Programming Languages To Learn And Their Usage

In a nutshell, learning the basics across multiple domains of computer science, recognising the patterns, and putting these learnings to practical use through various events and programs is the best way to start a journey into the field of cybersecurity.