Cyber Security Course

Hello friends,
I have received many questions and queries related to cyber security course in past few days especially from the students who are looking for career in IT security. In this article, I am trying to cover most of the questionnaires which are frequently asked by the students and will also suggest you best cyber security course / training as per my knowledge.

This article will give you a brief understanding and importance of cyber security course from career point of view. So, please feel free to reach me at ravi@itsecuritymentor.com for any doubts/concerns.

   

Question 1.
What is Cyber Security and what is best cyber security course material?

Answer:-

Cyber Security talks about securing our business assists from various attacks such as viruses, malwares, trojans etc.The process of mitigating security threats of an organization and taking preventive approach is called as ‘cyber security’.

Cyber security course is not specific to any one domain. Many training institutes are claiming to train cyber security course but the reality is ‘there is no cyber security course designed or officially accepted’ by any organization so far. Hence i’d recommend you to concentrate on learning real time aspects of cyber security such as SIEM tool, malware analysis, IPS/IDS functions rather then taking any bookish cyber security course.

Question 2
How cyber-security experts find out virus, malware, trojans and what are the tools and techniques they use to mitigate it?

Answer

First of all, we need to understand that virus, worms, trojan, malware are different with each other that’s why their mitigation techniques are also different.

Virus normally are executable program which will come in picture once that software is installed in system or activated in system whereas worms are kind of self ‘multiplicative program’ which replicate themselves in victim machine and eats up all the resources.

Trojan are hidden attack which is performed by hiding the actual exploit under some other content (like picture, graphic, file etc) whereas Malware are malicious software which is created to perform some attack or harm to a device. Endpoint protection, antivirus solutions and IPS/IDS system is most recommended solutions for these attacks.

There are lots of tools available in market which can detect various types of attacks which can be performed by a hacker.
I have given a list of most common tools in the last segment of this article you can go through that.

Question 3.
What are different aspects of Cyber Security?

Answer:-
The term ‘Cyber Security’ itself has a very wide scope and it has many layers which are directly or indirectly connected to it.
For example ‘SOC – Security operation Centre’ is also covers major aspects of Cyber Security.
Crime investigation in terms of cyber-crime is also part of cyber security.
Cyber forensics also plays a critical role in Cyber Security. IT governance policies and compliance also connected to cyber security.

So majorly these are the main components of cyber security. If you are new to this field and trying to explore, I’d recommend you guys to go towards ‘malware analysis’ and threat intelligence.

As far as ‘job portfolio’ is concerned, Security Operation Centre is considered as most popular platform in cyber security domain.

 

Question 4.
What is future of Cyber Security as a career option?

           

Answer:-
Security is getting a biggest concern for all organization now a day. That’s the reason why cyber security is getting much popularity as a carrier option in IT world. You are recommended to take cyber security course which contains real time examples and scenarios rather then bookish knowledge.
You can expect a tremendous growth and a flying career in Cyber Security.

There is a dedicated video that I have made on cyber security as a career option. Click on below link to check the video, which will through some more lights on this topic as well.

https://www.youtube.com/watch?v=MchYqrbcwLE  (in hindi)

I will upload a new video in English very soon, and will add that link in this article as well.

Question 5.

Why cyber security is getting so popular now a days and what is importance of a cyber-security field in IT world?

 

        

Answer
Big MNCs and corporates are heaving their offices worldwide. They also have centralized or decentralized datacentres (where they keep their infrastructure devices). All users are accessing these servers (infrastructure devices and services) from worldwide, that’s why there is high potential of risk of getting the ‘security system compromised’.

Cyber security plays an important role in detecting and mitigating external and internal threats and also ensures that adequate amount of security measures are in place to cover the cyber security threats.

Security is biggest concern for all organization in today’s world that the reason why cyber security is getting so much importance in IT field.

Question 6.
What is VAPT and how it is connected to cyber security?

Answer

VAPT means Vulnerability assessment and penetration testing which is inherent part of cyber security course as well and cyber security as a proffesion.
The process of finding out loop holes in customer’s infrastructure  using some standard tools and techniques is called vulnerability assessment and the process of making an attack on customer environment to make sure that this vulnerability is ‘real’ and can be compromised is called Penetration Testing.

We do a deep analysis on customer infrastructure devices and services from security point of view and give them a proper report of his current security level. The process of making a security assessment of client’s current security system is called as VAPT.

In Vulnerability assessment we use to assess their internal assets or IPs and find out the chances of getting these assists compromised or getting exploited by any hacker.
We often use some of advanced tools like Qualisguard or Nessus etc. which will run scan in the LAN/WAN and gives us prompt results.

Penetration Testing is a step beyond vulnerability assessment.
In PT, we try to make an attack on target system and test all the reported risks and vulnerabilities and give a solid proof of ‘getting that exploited’. Penetration testing is considered as a practise to make sure that we have enough security ‘in place’ to cope up with existing threats and also to take preventive approach to PT report.

Pen test is very goal oriented practise where everything is discussed, decided and document in a very clear way in agreement called ‘Scope of work’.
Both the parties will discuss and decide, what is the purpose of this test, when will we do that, what is the scope of this test and what would be the end result etc.

Question 7.
What is SIEM tools and what they do?

                                      Or
Question 8.
What is difference between network monitoring tools and SIEM tool?

            

Well, SIEM tools is nothing but security monitoring tool. It works the same way how a network monitoring tools works but the only difference is the ‘point of view’ or ‘point of focus’ of both of these tools. Network Monitoring tool monitor the hardware component and uptime of device whereas SIEM tool monitors the threats and risk that are exists in the device.

Network monitoring tool focuses more on availability of devices as well as services configured on device. It also focuses on the hardware component of the device like interface status, threshold value, memory utilization etc.

SIEM tool on the other hand focuses on security aspects of those devices and generates only alerts which have some potential risk or security concerns.

Let’s understand both the tools by an real-time example.

For example :- We have configured a router and a firewall on both SIEM tool as well as on monitoring tool. Below is the strighline comparison of both the monitoring tools.

Network Monitoring tool SIEM tool
a)     Device uptime, device down a)     Device traffic flow / traffic monitoring
b)    Interfaces down, CPU utilization etc.   b)  Virus scan, malware scans etc.
  c)   Alerts related to device administration like device down, link utilization, bandwidth etc   c)   Alerts related to all attacks like
bruteforce, SQL injection etc.

 

Question 9.
How can we start learning cyber security from job prospective and what are the steps to complete the training?

Answer:-

Job market in cyber-security is going very nice right now. Below are the steps which you need to follow to become cyber security analyst.

Step 1 -> Learn basics of networking because this is ‘baseline’ of cyber security. You need to have a good understanding of routing/switching and should also have some idea about layer 1, layer 2 and layer 3 security as well.

Step 2 -> Learn firewall as a practice. You need to have some idea about firewall. What is firewall, how it works and what the different application layer security features firewall has is and how to use them?

You can learn any firewall whether it is cisco or checkpoint or Fortinet anything, doesn’t matter but understand the application layer function of firewall such as url filtering, content filtering, identity management, VPN set-up, IPS/IDS etc. is very important.

Step 3 -> Learn any SIEM tools. SIEM tools means security incident and event management tool which takes data logs from various data sources i.e. router, switches, firewall etc. and send alerts for all unusual traffic to monitoring centre.
Some of the common tools are Qradar, Splunk, Allienvoult etc.

Step 4 -> Learn hacking in real sense.
You need to have fair idea of different types of attacks and mitigation techniques. Some of the common attack which you should be aware of are below:-
Bruteforce attack :- If someone is trying to by-pass authentication process (username password)
Sql injection :- If some attacker is trying to manipulate the sql entries in your webserver or application server.
This type of attacks are very common in organization and considered as ‘most dangerous attack’ from security point of view as the attacker can get access to entire database of the system.
Malwares :- Malicious software is called as Malware. In other words, an software which is designed for attacking purpose is called as malware. Virus, vermes, Trojans are adjacent to malware.

Step 5 -> Learn some aspects of ITIL V3 process as well. Now a days every organization is focusing on ‘work processes’ along with technical aspects. So if you have basic idea about ‘event management’, incident management, change management etc. it will help a lot in clearing job interview.

Question 10
What kind of tools and techniques used in cyber security

                      Or

Question 11.
What kind of certification we should do to get job in cyber security field?

First of all I’d say that Cyber Security is all about using your sense of logic in investigation. Therefore you need to have more of analytical skills rather then bookish knowledge or certification.

For example, an event occurs for multiple login attempt to a server. So in order to resolve that, you need to use your analytical skills to find out what went wrong there? Is this is genuine user trying to access the server or some hacker is trying brute-force attack in your system.
That’s the reason why i believe that there is no certification or training which can claim to make you a cyber-security expert in real sense.
However I’d definitely recommend you all to read more and more material related to malware analysis or threat intelligence rather then going for bookish training.
a) CCNA Security Operations (new course introduced by Cisco recently)
b) Certified Ethical Hacking
c) CCNA Security
d) CCNA Routing Switching (to get strong base on networking).

Some of the most common tools sued in cyber security are below:-
01) Qualisguard – scanning tool
02) Nessus – Scanning tool
03) Brub-suite – Pen testing tool
04) Acunetix – for web application testing
05) MCAfee – endpoint security solution
06) Qradar – SIEM tool
07) Splunk – SIEM tool
08) Allienvoult – SIEM tool
09) Proofpoint – Email security.
10) SNORT – IPS/IDS solution
I hope this information would be useful for you all. Please reach out to me at ravi@itsecuritymentor.com if you have any other queries.

Thanks and Regards,
Ravi Sultanekar,
Founder of IT Security Mentor,
Email :- ravi@itsecuritymentor.com
Website :- www.itsecuritymentor.com
Phone :- +91-77995-83079
CCNA, CCNA Security, CCIE Security,
CCSA, CCSE (checkpoint), ITIL V3,
ISO 27001 Lead Auditor, CEH, Prince 2.

Sky is the Limit !!

%d bloggers like this: