What is Cyber?
March 10, 2017
Image Source: https://www.flickr.com/photos/nationnist/3436779560/
When someone says they work in “cyber” or “IT” – what are they saying? Not much, honestly! This is the same thing as if someone had said they work in sales. Do they mean real estate or at the perfume shop in the mall? Or did they mean international military arms sales?
Cyber (or IT – Information Technology) is a huge career field with many specialized disciplines. I’m sure when I say cyber or IT you picture someone in your head. Maybe you think of the Geek Squad at Best Buy or your company’s IT Help Desk Personnel who help you reset your password.
Well you could argue that they fit both within the greater cyber community. But so do the Network Engineers at your ISP (Internet Service Provider), the Penetration Testers who use hacking techniques to test and fortify the security of computer systems, the Software Developers who created the newest game for your iPhone, the Software Developers who created the software for your iPhone, the Engineers who designed your iPhone, and all the government employees and contractors who, at various secure installations, conduct various cyber missions for the military and government. All of these people make up and work in cyber.
Cyber isn’t only about cybersecurity – it’s a very diverse field
I like to use a simple analogy to explain cyber’s diversity. Almost everyone interacts with someone who works in the medical field. You’ve probably seen a doctor, nurse, pharmacist or EMT (Emergency Medication Technician) at some point in your life. But there are many more, diverse people who work in the medical field than you first think of. This includes phlebotomists, therapists, dental assistants, speech-language pathologists, veterinary technologists, biomedical scientists, neurologists, and pharmaceutical scientists. I think you get the idea.
We have the same thing within this broad field that is now being called cyber (I still think the term is heavily overused and many people still prefer to use IT). For reasons that you probably hear about frequently on the evening news and on Twitter, we are specifically inundated with news about cybersecurity. But that is only one area of ‘cyber’ and it probably is one that has even less people working in it than traditional IT roles, such as network engineers and IT technicians.
NIST NICE Framework to the rescue!
We can break down the cyber career field a little bit by using the NIST Cybersecurity Work Categories. Now even this is only part of cyber, because this is focused on cybersecurity, but bear with me. The NIST says there are 7 big categories of common cybersecurity functions. Within these 7 big categories, there are 52 specific work roles. The big 7 categories, including a brief description, are below:
- Operate and Maintain – Specialty areas responsible for providing support, administration, and maintenance necessary to ensure effective and efficient information technology (IT) system performance and security.
- Oversee and Govern – Specialty areas providing leadership, management, direction, and/or development and advocacy so that individuals and organizations may effectively conduct cybersecurity work.
- Protect and Defend – Specialty areas responsible for identification, analysis, and mitigation of threats to internal information technology (IT) systems or networks.
- Collect and Operate – Specialty areas responsible for specialized denial and deception operations and collection of cybersecurity information that may be used to develop cyber threat intelligence.
- Investigate – Specialty areas responsible for investigation of cyber events and/or crimes of information technology (IT) systems, networks, and digital evidence.
- Analyze – Specialty areas responsible for highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence (includes specialists for analyzing and producing cyber threat intelligence).
- Securely Provision – Specialty areas responsible for conceptualizing, designing, and building secure information technology (IT) systems (i.e., responsible for some aspect of systems development).
Examples of Cyber jobs
Some of these “categories” of cybersecurity are also cyber or IT job roles you are going to find outside of cybersecurity – pretty much every IT department on earth needs to operate and maintain their network. Even when the government tries to explain this, it’s a little murky and open to interpretation.
Just to give you an idea of how broad these categories are, we could list a few specific jobs within the Operate and Maintain big category:
- Database Administrator
- Database Developer
- Database Engineer/Architect
- Information Dissemination Manager
- Systems Operations Personnel
- Content Administrator
- Customer Support
- Help Desk Representative
- Service Desk Operator
- Systems Administrator
- Technical Support Specialist
- Network Administrator
- Network Analyst
- Network Engineer
Again, we can look at some of the specific work roles within the Protect and Defend Category:
- Computer Network Defense (CND) Analyst
- Cybersecurity Intelligence Analyst
- Focused Operations Analyst
- Incident Analyst
- Network Defense Technician
- Network Security Engineer
- Security Analyst
- Sensor Analyst
- Penetration Tester (Ethical Hacker)
As you can see, if we just look at the careers within cyber or IT, we are talking about a huge diverse career field. We haven’t even really broached the niche areas of expertise yet. We are still only addressing pretty broad categories still.
Cloud specialists, Virtual Network Engineers, and Malware Reverse Engineer (RE) Analysts start to get into smaller, more niche areas. I currently work as a Cyber Counterintelligence Analyst with the Department of Defense, speaking of niche jobs! So, you can see that not only is cyber a huge field, there’s also lots of different opportunities!
But Cyber isn’t just the people, it is so much more!
But Cyber isn’t only the careers and the people. Cyber is a term used to describe the internet and everything that is digitally connected to either the internet or other types of networks that aren’t the internet (like military or government networks, as an example). So, people my use the term cyber to describe this environment. The Department of Defense has officially made “Cyberspace” a domain, just like air, land, water and space. For our military, cyber is an operational environment. Cyber has friendly assets (like our own servers and networks) and actors but it also has adversarial assets and actors (hackers, criminals, spies, etc.).
Cyber as an environment continues to grow exponentially because nearly everything you buy these days come with some form of connectivity, often it is Wi-Fi, but it could also be Bluetooth. Your fitness trackers, your NEST thermostat, your new appliances and your car are all connected in some way. This is both good and bad (we’ll address that in another blog!), but this means that there are always more devices being hooked up. This means more people need to design and maintain, and if necessary, repair and fix these devices. This is driving more ‘cyber’ jobs. Who creates software for thermostats? Obviously someone does! Cyber is a domain, an environment made of all these devices and companies keep making new devices that allow for inter-connectedness! You may hear the term Internet-Of-Things when people refer to this trend.
The term ‘Cyber’ really refers to both all the people that work in this really huge, diverse field, but it also refers to all the networks, hosts, and systems that make up the environment that all those people work in. This is just a primer and represents a really broad overview of this material.
How do I get into Cyber?
If you aren’t in cyber or have a peripheral IT job and want to pivot into another career like cybersecurity, there are lots of options out there to help get you started. If that seems to peak your interests I highly recommend this previous blog article – How to Get Started in a Cyber Security Career
I also highly recommend this video from my Booz Allen Hamilton colleague – How to Join the INFOSEC Community:
Getting started in Cyber Security
In terms of the specific cyber field of “Cyber Security” I have a few pointers to help get you started. Most of this is specific and geared towards cyber analysts, cyber defenders, vulnerability analysts, junior penetration testers (PenTesters) and cyber threat analysts.
Here are some key things I think will help you get that important first job in cyber security. (You could also say it is a list of key items and tools to have a basic proficiency in, listed from most important at the top, to least important):
- CEH Certification (because of DOD 8570 and CEH’s wide recognition for junior to mid-level positions)
- Security+ Certification (because of DOD 8570 and CEH’s wide recognition for junior-level positions)
- Proficiency in basic windows command line (networking)
- Ability to use Wireshark and do packet analysis
- Knowledge of Windows Server / Domain Admin functionality (recommend that you download a Windows server VM to practice with)
- Knowledge of Snort, know how to set it up and write Snort rules
- Familiarity with VMware (setting up VMs, managing VMs, at least at a basic ability level)
- Familiarity with Linux (Kali Linux for PenTest type job roles); more importantly have basic ability to use Linux command line
- Familiarity with MacOSX
- Splunk knowledge (or any other SIEM, or ‘all-in-one’ security appliance)
- Know about sites like Virus Total, Central Ops and similar very common OSINT tools (including the tool Maltego)
- Know how to use Nessus or any other common (free) Vulnerability scanner (OpenVAS, Retina CS, Microsoft Baseline Security Analyzer (MBSA))
- Know how to use BurpSuite
- Know how to use nmap and/or Zenmap for scanning
- Any knowledge of programming is helpful, probably Python being most relevant
- Powershell, including basic usage, possible basic Powershell scripting
Here is an additional list of tools and software, ideally that may interest you for those specific jobs I listed in a few cyber security fields. If you gain familiarity and proficiency with these tools, primarily it will help you perform analysis and then you also speak to them and your knowledge of them during an interview:
- Know some of the key programs that are part of Win Sysinternals Suite of tools
- Especially: TCPView, pSKill, PsList, PsExec, PsLogList, Sysmon
- Bulk Extractor (for basic forensics)
- Network Miner
- PST Viewer
- Log Parser 2.2
- Cain and Able
- John The Ripper
- Panda Antivirus, Avast Antivirus, Avira Antivirus, Adware Antivirus (and or other common anti-virus programs)
It’s all about Networking!
My main advice would be to network, network, and network! All of my jobs, both at Booz Allen Hamilton (and otherwise), are because of people I know (or at least very solid job recommendations from my circle of friends.) If you make a name for yourself because of the activities you are involved in (Hacker Trivia at Jailbreak in Laurel, MD, participating in Capture the Flag events (CTFs), hacking groups, attending conferences, meeting people in IT/Cyber training classes (and adding the students and instructor to your Linked-In account!), going to other cyber focused events, like Smart Talks in Maryland, being active cyber-related online communities and groups, etc.; then people already in Cyber will be like, oh hey, I know SoAndSo was looking to get into cyber. I’m always handing out my card and you should be too.
Then when ‘cyber’ people see a new job requisition open, they can send it to that person looking to break into cyber or recommend them for the position. Within my circle of friends in cyber, we know who is competent and who we would pick to work with. Get on people’s short list of who they’d want to work with because then those people will know you by name and vouch for you.
One last thing, books are awesome!
One last thing I wanted to share, for those looking to understand cyber and/or break into a cyber related job, are some key books. These address a number of diverse topics, but I highly recommend them. (And no these aren’t the books to use to study for a certification.)
- Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners (ISBN-13: 978-0124166721)
- Chinese Cyber Nationalism: Evolution, Characteristics, and Implications(ISBN-13: 978-0739118184)
- The Art of Deception: Controlling the Human Element of Security (ISBN-13: 978-0471237129)
- Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door (ISBN-13: 978-1402295614)
- Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon (ISBN-13: 978-0770436193)
- RTFM: Red Team Field Manual (ISBN-13: 978-1494295509) – This is more of a hard copy reference manual, than a ‘book’. But very useful for quick reference!
Where to go from here?
Courses like the CompTIA Network+ are a good choice if you need a broad overview of IT and IT technologies. If you already are in IT and are looking to move into cybersecurity then the CompTIA Security+ or the EC-Council Certified Ethical Hacker (CEH) courses are probably the first ones you should look into. After that, it will depend on your interests and job requirements as to which training would be ideal for follow-on training.
NIST NICE Framework – The NICE Cybersecurity Workforce Framework (NCWF) is a national resource that categorizes and describes cybersecurity work. It provides a common language to define cybersecurity work as well as a common set of tasks and skills required to perform cybersecurity work.
About the Guest Writer – John Stoner
Mr. Stoner has over 17 years of experience in the national security and defense sector working a variety of roles, including as a Cyber Threat Analyst, Cyber Counterintelligence Analyst and Cyber Instructor. He holds A+, Net+, CEH, CHFI, CEI, CISD and CISSP certifications. Connect with him on LinkedIn.