Dr. Mike Jankowski-Lorek

Database and Machine Learning Expert

Recommendations to cybersecurity beginners

Every year, there is a growing number of news stories about data breaches, cyberattacks, corporate cyber espionage, hacktivism, or cyberterrorism threatening organizations all around the world. That news is not only spreading across specialized websites, news channels, podcasts, or digital newspapers related to information technology, but reaching mass media, which is making cybersecurity a hot topic among everyone. So, it is not a surprise that more and more young students, as well as employees, want to have a career in cybersecurity.

IT employees are already in high demand as it is—adding in the element of security makes them even more sought after. According to ISACA, a nonprofit information security advocacy group, there is a global shortage of 2 million cybersecurity professionals already in 2019. Combine this with the predictions of the US Bureau of Labor Statistics that the growth rate for information security positions will be 37 percent greater than the average of other positions and we have practically zero-percent unemployment for those who choose this career path!

At CQURE, as one of the leading providers of specialized services in IT infrastructure security, business applications, and consulting and advisory services, with more than 10 years of experience, we noticed that trend a few years ago and started our own CQURE Academy, where we turn new adepts into security experts through a set of authored training.

Moreover, as a responsible organization gathering a group of enthusiastic and charismatic experts, we share our security knowledge, tools, examples, experience, and fun with others at the most important conferences all over the world. It has been during those events that, multiple times, we have been asked what the best way is to start a journey into the exciting world of cybersecurity. How can you boost your career? How do you follow the trends and learn about new threats and ways of mitigating them?

To answer those questions, you need to ask yourself what the current state of your knowledge and expertise is. Are you a rookie with no basic knowledge in computer science, or are you currently working in the IT field? It is important to realize that an academic background must not necessarily be related to engineering or information technology, although in most cases, that helps to understand how technology is used and to get a better perspective of the overall process of digital transformations in organizations.

So, what does it take to be successful in cybersecurity? It is all about having the right mindset, skills, and knowledge.

First comes the mindset. As a child, did you ever wonder how toys worked and try to disassemble them, or try to make modifications that would make them go faster, or do tricks that the maker did not design them for? Yes, that's probably what all of us did; yet some of us are lucky enough to be doing those same things in our work life. Whenever we get a new piece of software or we are in a new environment and someone is trying to convince us that it is secure or how it works, we simply don't take it for granted! There is no way we will pass by a chance of looking behind the scenes: checking the source code, testing different payloads, or sniffing the network traffic. If you ask someone "Can it be done, hacked, or bypassed?", just don't take "no" for an answer.

This mindset, in general, will drive you through these new cybersecurity areas, and it is always inside us when we want to crack something, and we always want to be up to date. These two things drive us pretty much every day to discover something new.

If you are one of those people who likes to follow the news and likes to know more and more every day, and when there is something new coming up, you are like "Oh, I didn't know that; let me dig in," then that's definitely an appropriate mindset. And, don't worry—it's not something that you can only be born with; obviously, it's something that you need to work on.

You must also pay attention to the details and be systematic and persistent. It takes lots of time, learning, and practice to advance in cybersecurity, as this field requires knowledge from many different areas.

This brings us to the second and third requirements, which are skillset and knowledge. While pursuing a cybersecurity career, you should become familiar with multiple domains:

This is, of course, just a glimpse of what you should build a strong basis of for further development; a glimpse into many possible specializations as a security analyst, architect, pentester, auditor, secure software developer, and so on.

I myself started my career as a software developer, just to become a system and database administrator, and finally moved toward security. Every time I switched to a new job role, I was thinking how this position requires me to get broader knowledge from even more disciplines than the previous one; that is, until I found myself in the security space, where, now, I'm convinced there are no limits to the number of topics you can learn and benefit from.

Remember that, at first, you don't need to be an expert in any domain, and you probably will never become a cryptographer or a hardware designer, but for every security professional it is crucial to understand and connect many completely different parts of infrastructure and computer science.

From our experience, we have seen that the biggest breaches and successful attacks occur mostly through a combination of multiple misconfigurations, mistakes, and events chained together that, separately, do not pose a huge threat. It's the same with plane crashes—a single failure will not bring an airplane down, but a combination of many unforeseen factors may have catastrophic results. Our goal as security experts is to think out of the box and connect many dots together before someone else does.

CQURE specializes first and foremost in Windows-oriented environments, so we have been asking ourselves what the necessary sets of hard skills are that a security specialist working in this environment should have. We came up with 10 groups of these:

When going into Windows security, you should start with the basics and core information in order to understand how your operating system really works, understand threads, processes and services, memory management, and how code is executed. Next, move to one of the key aspects of security—identity and access management—to get insights into permissions, access control, object protection, and system privileges.

After that, you'll be ready for core Windows infrastructure services, including DNS, DHCP, Active Directory Domain Services, Internal Public Key Infrastructure, and even the popular database server, Microsoft SQL Server. You should understand what the purpose of each of these is and the key security concepts related to them, as well as what the common mistakes made by administrators are and what to look for when you perform audits or penetration tests. These are the same things that attackers look for.

Network security and understanding the most important protocols used in Windows networking and common services is the next goal for you to achieve. Focus on protocols used to transfer data such as TDS, SMB, and FTP, and those that are related to name resolution and remote authentication.

When you already know how to work with Windows Server and its core services, it's time to focus on hardening workstations, as most common kill chains start by compromising the user's workstation. Understanding how malware avoids detection, spreads, and takes control of your system will be crucial for you. You also need to know how to prevent it from even starting by implementing successful application whitelisting and code-execution prevention techniques. You'll need some practical cryptography knowledge and to find out how to protect your precious data with BitLocker drive encryption. Moreover, get to know how Windows protects your secrets, passwords, and other content with DPAPI. Here, we are true experts, as CQURE Team was the first to fully reverse engineer the Windows Data Protection API and we made a few surprising discoveries!

You should already know how to ensure the confidentiality and integrity of your data and systems, but there is still more to learn, as the last component of security is availability: how to ensure that your systems are still working during or after an attack. You should be able to understand virtualization, failover clustering, and other technologies. At this point, don't forget about disaster recovery and how to prepare for the worst.

The next part of the skill set is making your day-to-day working life easier. You need to know how to become a real scripting and automation ninja. This will reduce the number of mistakes you make and give you more time to learn new stuff. You must understand how to use PowerShell, write your own scripts, use just enough administration for delegation, and automate everything with Desired State Configuration and Group Policy Objects.

Finally, we have the monitoring and troubleshooting of infrastructure. Proper monitoring and getting correct insights from your infrastructure without unnecessary noise will assure that an intruder will be detected quickly and easily stopped, or, in a worst-case scenario, after a breach, you will know how it happened so you will be better prepared next time.

Additionally, we would like to add penetration testing as a necessary skill group that's not only related to Windows. It represents knowledge about operating system internals, combined with various tools to exploit system services, vulnerabilities, and misconfigurations.

While we have been working with our customers and delivering other specialized masterclasses focusing on just one topic, we realize the need to define this kind of fast track to get new practitioners into the cybersecurity sector as it is expanding rapidly, fueled by the growth in demand from businesses who want to feel secure. We created an online 30-day intense course to give a really good set of ideas, insights, and core knowledge in all the aforementioned skillset groups. Up until now, this has been a great success and we are proud that many of our trainees have started successful careers and are progressing in the cybersecurity world.

So, you already know how you should frame your thoughts and what you should learn and practice. Now, there is the question of how to do it. First of all, find what your best way of learning is. Is it online training, an instructor-led on-premises class, or maybe reading books and watching video tutorials? It's up to you, but remember: you must practice thoroughly. Build your test environment or rent one in the cloud and get hands-on lab experience.

A great way to stay up to date with the newest technology or threats is to follow multiple security researchers, experts, and companies on Twitter, LinkedIn, Facebook, and YouTube. CQURE and our team members are contributing to the cybersecurity community on all social media, constantly sharing our knowledge directly from the battlefield against cyberattacks.

If you would like to know about useful books, I would recommend Windows Internals by Mark Russinovich, because it is a book that describes internals in a way that every cybersecurity professional should know. Although, at first, it might be difficult to keep up with the content, going slowly through the book and learning everything that you need to fully understand it will guide you to cybersecurity mastery.

In the end, it's a lot of work and it's a never-ending story. Yet, acquiring the right curiosity-driven approach will help you gain the right skill set, as in cybersecurity knowledge, the sky is the limit. Stay CQURE!

Who is Dr. Mike Jankowski-Lorek?

Mike designs and implements solutions for databases, networks, and management areas, mainly for Microsoft platforms. As for his day-to-day work, he works as a solution architect, designing and planning database-related solutions and software.

He is interested in big data, high availability, and real-time analytics, especially when combined with machine learning and AI or natural language processing. He is currently finishing his PhD thesis.