A Guide to Building a Cybersecurity Career in Pen-Testing Post-COVID

By Mr. Jay Bavisi
Founder & CEO – EC-Council Group

Only a global pandemic could upend things so quickly. With countries imposing lockdown and social distancing, the way we conduct our businesses, entertainment, and even our lives, in general, have changed drastically and have become very digitized. At first, this sounds great, we get to work from home, spend more time around our family, maybe set up a more robust routine, but what we do not realize is that this new-found remote work environment has left us extremely vulnerable to cyber threats from across the world. In fact, according to a report by Crowdstrike, cybercriminal activity is up 154% in 2020, when compared to 2019. Those are alarming numbers, and what many seem to miss out on is that if we deep-dive into the technologies and the nuances of their security architectures, we realize that there are dynamic concepts at play that need severe attention else would fall prey to the next big cyber-attack. One example to consider here is that more than 90% of organizations today use some cloud service. The point of concern here is that, according to McAfee Cloud Adoption & Risk Report, cloud-based attacks have been raised by 630%. It’s not just major enterprises falling prey to the increasing cyber threats; even households are not safe.

So how do we tackle this situation? – The Enterprise Nucleus of Protection

Many cybersecurity architectures across organizations and governments tend to be biased towards the blue team (defenders) or red team (attackers), depending on their reasons. Still, equilibrium can be achieved when there is a balance between the focus provided on network security teams defending the network perimeter and the ethical hacking or penetration testing teams that audit the system for vulnerabilities. Apart from this, providing cyber awareness training to every employee that can access the enterprise network will ensure that everyone in the system protects.

One such way to ensure that everybody is trained to protect is to initiate healthy competition via a gamified cybersecurity training app. By doing so, security is now at the nucleus of this balance between a blue team, a red team, and all other professionals in the company. The increasing threats also mean that cybersecurity as a career option is becoming more lucrative than its IT counterpart. However, with technology changing so fast and the job market is starting to get more competitive, employers prefer to hire candidates that possess a well-rounded skill set when it comes to hiring for cybersecurity roles, especially penetration testers.

A skill-based, hands-on method of learning is the only way to upskill and prepare for the many cybersecurity jobs emerging efficiently. These skills can be transferred from one role to the next, which is why it isn’t recommended that you become a penetration tester with one certification, but with a thorough track for a candidate to follow to build up their skills in the right way.

Network Security (Network Defenders)

Building network security skills, understanding attack vectors, and learning to audit a system are just the beginning. Including modern network defender technologies and concepts like IoT Security in a network security course will expose learners to various security challenges that IoT devices pose and the measures required to mitigate them. The security of virtualization technologies such as Network Virtualization (NV), Software-Defined Network (SDN), Network Function Virtualization (NFV), OS Virtualization, Containers, Dockers, and Kubernetes, all of which are used in modern-day networks is also a must-know.

Ethical Hacking (Ethical Hackers)

After gaining the skills needed to defend a network successfully, a candidate should be trained in becoming an ethical hacker. They would need to access and practice on the latest tools required by security practitioners and pen testers across the world. An inevitable skill that ethical hackers need is adaptability – to new tools, technologies, and techniques. They should also be proficient in the latest malware analysis tactics for ransomware, banking and financial malware, IoT botnets, OT malware analysis, Android malware, and more. However, knowing is simply not enough; gaining and testing one’s practical skills in live ranges is necessary.

Penetration Testing (Penetration Testers)

Focusing on multiple disciplines presented through an enterprise network environment that must be attacked, exploited, evaded, and defended will prove that penetration testers have what it takes to protect an organization from the latest cyber threats. It is recommended that you test against advanced Windows attacks with PowerShell (or other bypass techniques), attack IoT systems by locating and gaining access to the network and identifying the firmware of the IoT device, and bypass a filtered network and leverage it to gain access to web applications that must be compromised. By exposing learners to advanced environments and techniques such as penetration testing operational technology, double pivoting, evading defense mechanisms, report writing, and professional dynamic reporting, organizations ensure a skill-based approach to learning.

About the Author:

Jay Bavisi

Jay Bavisi is the award-winning founder and CEO of EC-Council Group. EC-Council is the creator of the world-famous Certified Ethical Hacker (CEH), Certified Network Defender (CND), and the recently launched Certified Penetration Testing Professional (CPENT) programs. Globally renowned reporters like Wolf Blitzer of CNN sought Jay’s views in The Situation Room, and he has appeared regularly on CNN, CNBC and Fox News, Fox Business, and in internationally acclaimed publications like Time, Washington Post, The Herald Tribune, The Wall Street Journal, The Economic Times, USA Today, Computer World.

Ad

No posts to display