Common Skills to excel in Security

Whichever domain you choose in security like Application Security, Cloud Security, or DevSecOpss; there are common skills that one must learn to excel in this domain. I have explained?what you need to learn in those common skills here

So, I will explain where to study and how much time you should devote to learning those concepts in these common skills so that you are job ready and interview-ready too!

These 5 common skills are:

1. ?Linux?(1 week)
2. ?Networking?(1 week)
3. ?Programming?(2 weeks)
4. ?Cloud Computing Fundamentals?(2 weeks)
5. ?git commands?(1 week)

Linux basics and Linux Commands (1-2 weeks)

It should not take more than a week to be comfortable with basic Linux commands to do day-to-day activities. Once you are comfortable with basic commands, go for networking and other security-related commands in little depth.

Bug bounty hunters, Penetration testers, and almost all tech-focused security professionals use O.S. like Kali Linux, Parrot OS, or BlackArch Linux which have lots of security tools to play with. But for that, you would need to know the basic working of Linux and commands.

Some common commands I can think of are:

• pwd,
• ls,
• cd,
• cp,
• scp,
• cat,
• uname,
• less,
• more,
• sort,
• ssh,
• mv,
• du,
• df,
• mount,
• mkdir,
• whois,
• whatis,
• locate,
• chmod,
• chown,
• sudo,
• top,
• kill,
• grep,
• find,
• sed,
• awk,
• ps,
• zip,
• tar,
• touch
• man
• service/systemctl

What else you can think of as common Linux commands for everyone?

Beyond basics, commands for security professionals (mainly AppSec and Pentesters) are:

1. netcat
2. nslookup
3. host
4. dig
5. netstat
6. traceroute
7. nmap
8. nikto
9. fierce
10. dirb
11. install/uninstall/update/upgrade
12. find
13. grep
14. ifconfig
15. learn the basics of regular expression as well.
16. start and stop services
17. basic understanding of /opt /tmp and log, server locations
18. comfortable in running scripts written in various languages like python, ruby, go, etc.

Books

1. Linux Basics for Hackers: Recommended
2. The Linux Command Line
3. How Linux works

Courses

1. Introduction to Linux Commands and Scripting
2. Linux Fundamentals for Security Practitioners: Recommended

Videos

1. Linux for Ethical Hackers: Recommended
2. Hacking for beginners: Linux and Common Commands
3. 50 most popular Linux and Terminal Commands

Networking Fundamentals

Except for the Audit and Compliance role, I assume almost every security professionals need to have a basic to intermediate understanding of Computer Network to excel in its domain.

What to learn and what interview questions related to this are already mentioned in?what you need to learn in those common skills

I will brief the common concepts here anyways just for quick reference:

1. IPv4/IPv6
2. concept of CIDR
3. Public vs Private IPs
4. DMZs
5. Zero Trust Networks
6. Common ports and protocols like 22, 25, ssh, https and so on.
7. Understanding of common cryptographic modules and functions
8. How DNS works
9. How SSL works
10. What are the common network threat around these
11. MiTM
12. Network sniffing
13. Various TCP attacks
14. DoS and DDoS attacks and its preventions
15. Common ideas on firewall or Software-defined networks
16. Basic network troubleshooting like why the internet is slow or down, why wi-fi is not working, open network issues et al.

Books

1. See if you know basics as mentioned in this presentation
2. Computer Networking: A Top-Down Approach by Kurose and Ross: Recommended
3. Networking All-in-One For Dummies

Videos

1. Basics of Computer Networking
2. Computer Networking Full Course: Recommended

Courses

1. Computer Networking by georgia Tech on Udacity: Recommended
2. Bits and Bytes of Computer Networking by Google on Coursera

Programming Skills

Recently, it has become a mandatory skill for any tech security job role to have a decent knowledge of at least one programming language. Common Programming languages that attract security folks are:

1. Python (recommended)
2. Go (gaining popularity)
3. Ruby

What actually you should try when you are learning any of these programming languages:

1. Learn basic concepts

Try a few basic projects like

1. connecting to DB and get some data
2. extracting data from a webpage
3. display some info from the cloud like AWS Instance details region wise
4. automate a few security stuff like docker monitor, get public IPs, server details, etc
5. See if you can find any task related to csv, json
6. Learn the use of crypto modules
7. simulate a few Linux or other commands to be comfortable with the language like a small nmap simulation
8. Understand the OOP concept and at least you should understand others' code comfortably
9. Try to review source code from security perspective
10. Read Python Security Best Practices

Books

1. Learn Python 3 the Hard Way?- Recommended
2. Violent Python
3. Black Hat Python?- Must Read
4. Full Stack Python Security?- Must for AppSec Professionals
5. Masterting Python for Networking and Security

Videos

1. Python Security Best Practices
2. Security Checks for Python Code
3. Intro to Python for Security Professionals

Courses

1. Python for Cybersecurity Specialization
2. SEC573: Automating Information Security with Python
3. Python for Pentesters

Cloud Computing

Cloud Computing is everywhere these days be it Industrial, Pharma, Finance, IT, etc. Sooner or later, it will be a mandatory skill to have for any cybersecurity job role.

Learn any of the famous CSPs like AWS, Azure, or GCP and

1. try to understand the use of it to solve various traditional challenges and
2. then try to understand what the new security challenges added because of Cloud concepts.
3. Understand various service and deployment models
4. Shared Security Responsibility
5. Microservices
6. IAM functionalities (Must understand very well)
7. Data Encryption
8. Cloud Networking concept is very important to succeed in Cloud Security

There are separate plans for Cloud Security Study Plan as listed below:

1. AWS Security Study Plan
2. Azure Security Study Plan
3. GCP Security Study Plan

Books

1. Cloud Computing for Dummies
2. AWS in Action

Videos

1. Cloud Computing Playlist by Fkexmind
2. What is Cloud Computing by AWS
3. Inside a Cloud Data Center

Courses

1. Introduction to Cloud Computing by IBM on Coursera
2. Micro Masters Program in Cloud Computing

git commands

You must understand any of the Version Control Software and git is one of the famous one at present. Don't go for a GUI version like source tree rather try to learn and understand common git commands at the terminal level.

The most basic git commands to understand are:

1. git clone
2. git add
3. git commit
4. git branch
5. git pull
6. git fetch
7. git merge
8. git push
9. git config
10. git log

There are many job roles/titles which make it a mandatory skill, such as:

1. AppSec
2. Pentest
3. DevSecOps
4. API Security

Books

1. Pro Git by Appress?- Highly recommended
2. Beginning git and github by Apress
3. github cheatsheet

Videos

1. git and github for beginners - crash course by freecodecamp
2. git fundamentals for beginners - full course for free by Flexmind

Courses

1. Git Fundamentals for everyone on Udemy
2. Version Control with Git by Atlassian on Coursera
3. Learn git and github by codecademy

I hope, you would find it useful and informative. Don't forget to share with other learners. And yeah, please share your feedback and suggestions to make this newsletter space informative.

Happy New Year friends!