Is Cyber Security Hard To Learn?

First, we need to ask, what is cyber security? You will likely hear a different answer every time the question is asked. This is because cyber security operates in a huge arena, encompassing many disciplines that demand varied skill sets.

Cyber security is about reducing the risk of cyber attacks on the things we value, known as assets. It is the people, processes, and technology used to achieve this and deal with the consequences. The assets can be things like data, government systems, infrastructure, or devices. Anything that uses technology will probably be able to be attacked so will need protection.

As a security professional, you will be dealing with many aspects of protecting those valuable assets, from preventing data breaches to responding to incidents involving critical systems. What you will be doing depends on which career path you take.

One of the hardest things with cyber security is deciding which area to specialize in, as there are many career paths. From penetration testing to audit and compliance, blue teaming to malware analysis, there is something related to cyber security that will appeal to many different types of people.

When you have decided which pathway to take, you should gain some qualifications to prove to employers that you have the relevant skills and dedication to your career. The StationX skills roadmap is a good place to start and will guide you through building on your skills until you get to a good level of cyber security knowledge.

What Kind Of Skills Do I Need To Enter Cyber Security?

Technology lies at the heart of cyber security, so if you can get the relevant skills, you can create a good career. Technology constantly changes and advances, so you need to keep up with the latest developments. Be careful, and ensure the skills you are acquiring are still relevant and will be applicable in the future.

A good base knowledge is always required, though, so make sure you know the basics of working with computers, referring back to our skills roadmap for guidance.

Technical skills that employers often ask for include:

• Networking - All devices are connected with a network of one form or another, whether it is cable or wireless. Understanding networking fundamentals is essential for any cyber security professional in a technical role. These cheat sheets on the OSI model and IPv4 subnetting are good starting places to build knowledge. Networking is a huge and complex discipline, so you will always have new things to learn.

• Operating system knowledge - Whether it’s MacOS, Windows, Linux, Android, or IOS, operating systems are how people interact with a computer, and hackers will try to exploit weaknesses. Learn how they work in depth and how they are hacked, and you can start to think like a hacker to protect systems. Learning to use the command line in Linux is also highly recommended, as many cyber security tools, such as those used by Kali Linux (offensive OS) and Kali Purple or Security Onion (defensive OS), rely heavily on this.

• Programming - Coding is a skill used in many roles in cyber security, such as DevSecOps. It is used for automation, writing exploits, analyzing malware, and much more. Python is a great place to start, as hackers, AWS, Cisco, and others use it to automate tasks.

• Cloud services - This is the future of IT, and the transition to the cloud is picking up pace, especially since the pandemic. Many cloud services are badly configured, lacking in defenses, and are a data breach waiting to happen. Skills in this area are not necessary to start a career, but you can certainly look to gain experience here in the future.

As you can see from above, cyber security is technical to a large extent, and these qualifications are in demand. However, it is also the case that soft skills relating to people, communication, and compliance are equally important. Candidates with these skills often excel in cyber security roles as they can communicate complex ideas to the decision-makers in organizations that need clear information.

Soft skills that are relevant to cyber security include:

• Written skills - A poorly written document will not impress anybody, whereas one that is clear, concise, and engaging is more likely to get the results you want. Even the highly technical role of penetration tester involves a detailed report that must be well-written.

• Verbal communication - Presenting ideas to various people verbally is a brilliant skill. If you can confidently convey your message, people will believe what you are saying and be more likely to accept your ideas.

• Organization - Many roles in cyber security involve dealing with multiple problems simultaneously. You might be writing several reports to a deadline or dealing with numerous security incidents. Headless chickens need not apply. Keep a cool head, manage your time, and get results.

• Teamwork - You will often need to work as part of a team, for example, an offensive Red Team, or a defensive Blue Team. Working together to get good results is an essential part of many roles in cyber security.

• Listening skills - This might seem like a strange skill to suggest for cyber security, but in many roles, you need to understand the problem before you can solve it. If you don’t listen carefully and instead assume important details, you might be solving the wrong problem. Listen to people, understand them, and do the right job.

• Problem-solving - This skill requirement is true of most roles in the IT industry, and it is no different for cyber security. No matter your position, you will often need to solve complex problems. This comes with experience, but this could be a great career if you like puzzles.

How hard cyber security is depends very much on the career path you want to take and your existing skills. Some areas are much harder than others, but all areas are indeed challenging to a certain extent, even positions available to those starting out. All things in life worth doing are challenging, right?

However, the reputation for it being a difficult industry to work in is unfounded. You might find a great role in audit and compliance or training if you are not technical. If you are technical, there are many skills you can learn to benefit your career. There will be a career path for you, no matter what you decide to do.

There are no shortcuts, though. You will have to study, absorb information, and get as much experience as possible, but the reward will be a career with myriad pathways and the chance to learn some fantastic skills. Cyber security may be hard, but it's worth it.