National Institute of Standards and Technology (NIST)
NIST helps organizations understand, manage, and improve cybersecurity risk by guiding various publications. Security and Privacy Controls for Information Systems and Organizations SP 800-5 Rev 5 Guide for Mapping Types of Information and Information Systems to Security Categories SP 800-60 Vol I Rev 1
Appendices to Guide for Mapping Types of Information and Information Systems to Security Categories SP 800-60 Vol II Rev 1
Risk Management Framework for Information Systems and Organizations SP 800-37 Rev 2 National Checklist Program for IT Products – Guidelines for Checklist Users and Developers SP 800-70 Rev 4
Federal Information Processing Standards Publication (FIPS)
FIPS guides organizations to comply with the mandatory standard required by the Federal Information Security Management Act of 2002 (FISMA). Standards for Security Categorization of Federal Information and Information Systems FIPS 199 Minimum Security Requirements for Federal Information and Information Systems FIPS 200
Cyber Security Tools
VirtualBox is a free type 2 hypervisor developed by Oracle Corporation. In a nutshell, a Virtual Box allows a computer to run multiple operating systems, such as Microsoft Windows, Mac OS, and Linux.
Parallel Desktop is just like Virtual Box but intended for Mac OS users. Some MacBooks may run Virtual Box, and some may not due to the hardware. Parallel Desktop allows Mac OS users to run Virtual Machines (VM) seamlessly. However, it is a purchased license that has different editions.
Kali Linux is a Debian-based distribution built for digital forensics and penetration testing. Kali Linux has several hundred tools that may be utilized to experiment within a lab environment. The simplest way to start with Kali Linux is to download Virtual Box or purchase a license with Parallel Desktop. Download the pre-built image and start experimenting. Some of the free tools it comes with are Metasploit, Map, Wireshark, and Kismet.
Metasploitis a penetration testing tool that provides information on system vulnerabilities and exploitation. There are two editions: open source and commercial support.
Nmapis an open-source tool used for network discovery and vulnerability scanning. If you have ever used the command “ping,” Nmap is the advanced, in-depth version. Nmap can provide what ports, services, and versions an IP address uses.
Wireshark It is a free open-source network protocol analyzer that can be used for network troubleshooting, data sniffing, eavesdropping, and other task.
Kismet is a free powerful wireless network and device detector. You can use Kismet as a wardriving tool and discover multiple access points in your area.
Certifications
Let's Get Started Starting an IT/Cybersecurity career may be daunting at first. If you were like me, trying to figure out where to start, I have broken down different certifications/certificates you may obtain to kickstart your career in the industry. Certifications/certificates are credentials earned by an organization that verifies you understand and can perform duties within that curriculum. Different industries have specific certifications/certificates you must earn to work with them. Some organizations want you to have it before working or will give you a deadline to obtain it if hired. For example, the Department of Defense (DoD) follows the DoD 8570.01 Manual, indicating the approved certifications required if you work for the DoD or an industry associated with the DoD. When looking at a job description, some may indicate IAT, IAM, IASAE, and other related certifications. When job hunting, be aware of the certificate needed to be successful in the position.
Certifications Industries Computing Technology Industry Association (CompTIA) CompTIA is designed to help you start your career in the IT industry. You may take multiple career paths if you go through the CompTIA route, depending on whether you want to focus on infrastructure, cybersecurity, data and analytics, or project management. CompTIA ITF+, A+, Network+, and Security+ are core certifications. These certifications will help you establish the fundamentals to be confident in an entry-level position. Although you are not required to obtain every accreditation when choosing a career path, you are recommended because of the fundamental knowledge and value.
CompTIA Career Paths In addition to the core certification, the infrastructure career path consists of CompTIA Server+, Linux+, and Cloud+. In addition to the core certification, the cybersecurity career path consists of CompTIA Pentest+, Cysa+, and CASP+. Data and analytic pathways consist of CompTIA Data+. The project management pathway comprises CompTIA Project+, Cloud Essentials+, and CTT+.
Information Systems Audit and Control Association (ISACA) ISACA is an international professional association that offers 8 certification programs and multiple certificates. These certification programs boost your career by being recognized with credibility and understanding of today’s world problems. ISACA Certifications The Information Technology Certified Associate (ITCA) comprises 5 core certificates to establish an understanding of computing, network, cyber security, software development, and data science. A Certified Information Systems Auditor's (CISA) responsibilities are to audit, control, monitor, and assess IT and business systems using a risk-based approach to ensure compliance is met.
SysAdmin, Audit, Network, and Security (SANS) SANS is a professional organization specializing in information security and cyber security training. They developed the Global Information Assurance Certification (GIAC) program focusing on different areas. These areas are: Cloud Security: Defending systems and applications in the cloud. Cyber Defense: Securing the enterprise system (Blue Team). Offensive Operations: Penetration testing and offensive computing skills (Red Team). Digital Forensics & Incident Response: Discover, investigate, and respond to attacks. Industrial Control Systems (IDS): Protect, detect, respond, monitor, and threat hunt in an IDS environment. Security Management: Sharpening the leadership roles' technical skills.
Veterans There are multiple resources to receive help in kickstarting your career in the industry. Pearson Vue gives discounts to study material and certification vouchers.