A background in IT is a great start already and a easy transfer that a lot of people do. My biggest advice is to start getting hands on experience. There are a lot of books out there but just reading can only get you so far. Offsec has our SOC200 training out with the exam that will be coming out as well. We also have challenge labs with a play button that launches an entire attack against a network and the student has to find it in the host logs. Tryhackme is also a good resource for hands on stuff as well. CTFs are a fun way to get some experience and hands on skills like PicoCTF. Getting some security certifications will help make that switch too.

That is a tough question. I would say improve your knowledge about the threats out there. People are the biggest security risk. You can have all the security features you want but a person can make those useless. Be aware of how hackers are operating these days. Like text message are big now saying it is your bank and you need to click a link. Just be aware of those type of things.

Not OP, but Multifactor Authentication is a huge way to protect yourself. Put it on everything you can. If attackers gain your usernames and passwords from data breaches, MFA can prevent them from getting into your accounts. Also, don't use the same passwords on multiple sites because if somebody hacks LinkedIn (for example) and gets your password, you can bet they'll try to see what else they can access with those credentials.

Not OP, but IMHO the single best thing you can do is to not re-use passwords. Use a different password for every website you have an account on, because password leaks are common and your username is often your e-mail these days, and hackers will take a leaked password database and try those e-mail/password combinations on other sites, especially social media, gmail, and others that offer SSO ("log in with Facebook/GMail/Github/etc")

I have heard a lot of people talking about how that is the future and even someone said that security analysts will be a thing of the past. I disagree with that. I do not think AI will take the place of a person. Well at least for a long time. There are a lot of tools that classify network traffic and logs and create a base of what is going on and hackers till get passed that stuff. It will help for sure but every time security tools get better then hackers get better. It just never ends.

That is a tough question haha because that can be a lot of different things depending on what technique they are using. For a general answer I would say looking for "weirdness" on the network. I always say most of a SOC analysts job is verifying "good" things. Lots of things will look weird on the network and you dig in and find its something normal. So I would be looking for things a normal user would not be doing. Things like running command that are not necessarily bad but could be used in a bad way that a normal user would not be doing. Trying to access things on the system a normal user does not need to access. Those type of things.

I think about this a lot since I get scam calls a lot. What some people do not know is that answering these can cause more calls to happen. Some scam calls are just being sent to random numbers to just see if it is even a real number. Then they see it is real and keep calling. So it is best to never answer.

There does need to be some sort of regulation when it comes to this. It is hard to regulate though because often these scam calls come from outside the U.S. and that makes it tough to enforce any real consequences. I do not have a solution (If I did I would probably be rich) but maybe regulating the cell phone companies so they actually put real blocks in place. The are probably in the best place to do something about it all these calls so if they have a real incentive put in place by regulations then they might spend real time trying to solve the problem (This could be a thing already but I am not sure to be honest).

There are a ton of ways for hackers to get into a network. The biggest security risk is people. You can have all the right security measures in place and someone will mess all that up. Email or phishing attacks are huge. An attacker sends an email with malware attached and then a user clicks on it to get all their free iTunes music and boom the attacker has a foot hold in the network. Social engineering is a big way for attackers to compromise a network

Web attacks are huge too. Mismanaged websites and application are always a way to get in a network. https://owasp.org/www-project-top-ten/ has a list of the top 10 web application security risk that they keep updated and is a great source for that.

A less common way is probably like the movies show a hacker just reinforcing their way into a network.

I did not work in any of that but I did volunteer to do that but it just never happened. I thought it would have been a lot of fun though. There is a lot of misinformation that is happening when it comes to warfare and the U.S. is a huge target. The use of misinformation is not a new thing either. It has been happening for a long time. It is just easier now with the internet. If you can make the enemy confused then you have a big advantage.

That seems like, at the very least, secret level clearance…

Great question. We are creating more defensive training. We have a SOC200 course that is out and the OSDA (Offensive Security Defense Analyst) exam coming out soon. The best security analyst is a well rounded one that can have a defense and offensive mindset. You can not have defense training if there is no one to play the offensive part so creating defense training just makes sense.

We also have defense challenge labs too. The student has access to a ELK SIEM with a working network that starts up. The student presses a play button and full network attack from initial compromise to the end of the attack happens and the student has to find what happened in the logs. Having a hacker at your fingertips basically so analyst can train on "hunting" is great training.

Ok commercial over!

I can not get into details because of the classification. I will say the scariest attack is one that happened at a very very important facility and it was not hard for the attacker to get into that network. It was a network that should have been harder to attack but the it was sooo easy for them.

I obviously recommend offsec for training. We have a lot of hands on stuff and a lot of good defensive training going on right now. Tryhackme is a good resource as well. I have used that.

For some good fundamental training https://overthewire.org/wargames/bandit/ and under the wire are great. They help build command line skills which is very important. They are free as well.

We probably all have something we regret like that for our time in the Army haha but its never to late to get in the game. I was 25 working at a motorcycle mechanic when I joined the Army and started in cyber security.

I do not work on the team that does the Proving grounds work so I am not sure if they are having that discussion. The offsec discord is a great place to bring those issues up and get some answers. I will can also pass that message along to them and if you have some more specific input on that let me know and I will pass that along.

I will say that for proving grounds I think the idea is to not have much to go on. Just like in the real world for a hacker. They do not get any inside tips or help most of the time. They might just start with a web site or an IP address just like in proving grounds and from there they work on finding out as much as they can about what services are running, vulnerabilities, etc.

If the issue is not that and something else then we are always open to making the student experience better any way we can.

That is a problem in the industry. A lot of entry level jobs then say "requires 5 years experience." The market is very demanding right now. There are a lot of jobs out there but a lot of people too trying to get those jobs.

If you have basic skills then you should be good for a entry level position. I think a good attitude and showing you are trying to learn more goes a long way. You might not get the exact job you want right away but do not be afraid to take something not ideal to build that experience.

The more certs you have does help, but you need to be able to show that knowledge as well. Like I said in another post that I was a motorcycle mechanic before and I made the switch. Do not be afraid to go for it.

Come over to Europe. We are desperate for people with cybersecurity knowledge. My company is hiring and so is every other company in the field that I know.

1. I started in cyber security in the Army. I was on a cyber protection team and we deployed to different areas where a cyber attack had occurred. I was actually a motorcycle mechanic and wanted to make a switch.
2. The work is fun and challenging. There is always something to learn and it never ends. For a SOC analyst for example they spend a lot of time looking at a SIEM and looking at alerts hoping to find "the bad things". We would spend a lot of time working on tools to make our work easier and make it easier to find cyber attacks. Also we did a lot of practicing and exercises because if you do not have an cyber attack its hard to get better at finding one.

There are different ways this can happen. The link may bring the user to a malicious site hosted by the attacker and then malware is automatically downloaded. Networks may have security measures put in place to help stop this but they also may not.

When things like that are initiated from inside the network it can bypass security measures because users still need to visit web sites and download things. You can not just stop normal use.

Once the malware is downloaded it might make a connection back to the attacker so they can access the network. It could be a worm that does not need human interaction and spreads itself through the network. Lots of things like that can happen.

There is no fool proof way to avoid links. You can be cautious though. Look at the full picture. Did the link come from a unknown email? Or a email from the organization but it is worded weird ex: "Hey friend co worker of mine! Good days to you and yours. Please click link for the fun I talked about".

Virus total is a good website to use. You can paste the url on the site and they will give you a score on how malicious it is and if it is known to be malicious. That is always helpful for a quick check.

I use Windows 11 at the moment. I always have virtual machines running though with a Linux system going. I use both windows and Linux to get work done. I know a lot of people use MAC as their OS on their laptop and then run VMs with Windows an Linux going.

>Does Reddit, or social media platforms in general, have safeguards in place to stop users from posting malicious links on their platforms

I am not sure to be honest. Not any that I have heard of thought. I feel like it would be tough to handle because of the volume that links are getting posted to the platforms. I could be wrong though.

No OP, but some sub-reddits do have a bot doing link-checking, yes.

full beard == mad 1337 h4x0r sKiLlZ

haha I honestly do not remember. It was a passing score though

Great question. Some SIEMs are the worst and some are great. I like Splunk a lot because it is easy to use. I think it is something that is needed in an enterprise network. They are as good as you set them up to be. A lot of places just sent logs to their SIEM and thats it. They do not tune their logs or anything. You have to spend time making it work correctly. You have to spend the time making worth while alerts and dashboards. When we would deploy to a network the first thing we would do would be is fine tune our SIEM. Making sure the correct logs are going in and not just all the logs.

long answer short is they are as good as you let them work. Spend the time to tune them and make them work well for your organization.

Getting some certifications will help get your foot in the door. You can always go after some IT/helpdesk positions. They are not security but are good to get experience and pivot over to security.

Also there are a lot of smaller cyber security companies, also hospitals, lawyer firms, things like that have security positions that may be easier to get a job in security for them.

The certifications will help get their attention and then do some training on your own to build some knowledge.

Lots of positions I have seen list for qualifications like "5 years experience with degree or 8 years experience with no degree". It makes it harder because you need more experience but you can get into the field with out a degree.

Obviously it helps to have a degree but I have worked with some super smart people who never got a degree and can run circles around me on the keyboard.

haha shaving in the Army for 7 years made me want a long beard but a keyboard must have some sort of electromagnetic hair pull that makes the beard grow down.

Not OP, but my company is looking, so: The right mindset. Skills can be acquired. But dealing with an intelligent, intentionally acting adversary is fundamentally different from dealing with technical failures, environment events or simple system behaviour. This is also where in the training scenarios I sometimes run most companies fail. They can handle a fire, a DDoS attack, a malware outbreak - but they can't handle a hacker who will pivot and react to whatever you're doing. Having a basic grasp of what it means to be under attack is essential.