How I Would Learn Cyber Security If I Could Start Over (Amazon Principal Security Engineer)
Summary
TLDRThe speaker reflects on their journey in cybersecurity, starting as an average student to becoming a principal security engineer. They emphasize the importance of foundational knowledge, hands-on experience, and continuous learning. The transcript highlights the significance of understanding core concepts like networking, coding, and system management. It also advises aspiring cybersecurity professionals to experiment with technologies, engage with the community, and stay updated with current trends and skills in demand, such as cloud security and offensive security.
Takeaways
- 💼 The speaker reflects on their career journey in cybersecurity, emphasizing the importance of starting with a solid foundation in the field.
- 💰 A decade ago, the speaker was just starting out and could not have imagined earning $500,000 a year as a principal security engineer.
- 🏆 The speaker highlights the significance of mastering the fundamentals of cybersecurity, such as computer science, networking, and coding.
- 🚀 The speaker advises that success in cybersecurity is not easy and requires dedication, passion, and continuous learning.
- 🏫 The speaker suggests that while short boot camps can be helpful, they are no substitute for a strong educational background and hands-on experience.
- 💡 The speaker emphasizes the importance of understanding basic concepts like how computers communicate, securing databases, and the OSI model.
- 🔧 The speaker encourages setting up a cybersecurity lab and gaining practical experience through hands-on experimentation.
- 🌐 The speaker notes the growing importance of cloud security and the need for professionals who can secure cloud-based systems.
- 💡 The speaker advises on the value of joining local cybersecurity communities and networking with other professionals to learn and grow.
- 📈 The speaker stresses the importance of staying updated with the latest trends and technologies in cybersecurity to remain relevant and employable.
Q & A
What was the speaker's initial salary expectation when starting their career in cybersecurity?
-The speaker mentions that in their city, anything from $24,000 to $36,000 a year was considered amazing when they were starting out.
What does the speaker emphasize as the key to success in cybersecurity?
-The speaker emphasizes getting the fundamentals right, such as understanding computers, networking, and coding, as the key to building a solid foundation in cybersecurity.
Why does the speaker believe that short boot camps might not be sufficient for a career in cybersecurity?
-The speaker believes that without a strong IT background, it would be challenging to gain the necessary skills and knowledge in such a short time, and employers often prefer candidates with more extensive experience and education.
What does the speaker suggest as a practical approach to learning cybersecurity?
-The speaker suggests setting up a cybersecurity lab, using tools like Raspberry Pi with Kali Linux, and gaining hands-on experience with various technologies and platforms.
How does the speaker describe the importance of having a passion for cybersecurity?
-The speaker describes passion as essential, suggesting that it should develop into an obsession to drive continuous learning and improvement in the field.
What does the speaker suggest about the relevance of cloud security in the current job market?
-The speaker suggests that cloud security is a hot topic and in high demand, as many companies are deploying their IT systems on the cloud and require professionals to secure these systems.
What is the speaker's advice for someone looking to get a job in cybersecurity?
-The speaker advises gaining practical experience, experimenting with technologies, and aligning oneself with the needs of businesses, such as securing systems and preventing hacks.
Why does the speaker recommend joining local cybersecurity groups or meetups?
-The speaker recommends joining local groups to network with professionals, learn from their experiences, and stay updated on industry trends and certifications.
What is the speaker's perspective on the role of curiosity in cybersecurity?
-The speaker views curiosity as a driving force for learning and experimentation, encouraging individuals to explore vulnerabilities, payloads, and different technologies.
How does the speaker define the ultimate goal for cybersecurity professionals?
-The speaker defines the ultimate goal as ensuring systems are secure and not hacked, which involves staying updated with the latest technologies and threats.
Outlines
💼 Career Reflections in Cybersecurity
The speaker reflects on their career journey in cybersecurity, starting from humble beginnings with a modest salary expectation to becoming a principal security engineer earning $500,000 a year. They emphasize the importance of getting the fundamentals right, such as understanding computer networking, coding, and complex systems like content management and enterprise resource planning. The speaker also discusses the unrealistic promises of short-term cybersecurity boot camps and the value of hands-on experience and continuous learning.
🎓 Interview Insights and Career Growth
This paragraph delves into the interview process for cybersecurity roles, highlighting the importance of foundational knowledge such as understanding how computers communicate and securing databases. The speaker shares their own experiences, including receiving job offers from major companies like Amazon, Cisco, and McAfee, and stresses that a strong foundation in cybersecurity principles is crucial for success. They also touch upon the role of passion and sacrifice in achieving a rewarding career and the importance of keeping up with current trends and technologies in the field.
🔧 Practical Experience and Community Engagement
The speaker advises on gaining practical experience through setting up personal labs and experimenting with technologies. They suggest using low-cost options like Raspberry Pi and Col Linux to build a cybersecurity lab. The paragraph also encourages engaging with the cybersecurity community through local meetups and user groups to network and learn from peers. The speaker underscores the value of curiosity, hands-on experience, and continuous exploration of new vulnerabilities and exploits to stay ahead in the field.
🛡️ Core Competencies and Future Outlook
In the final paragraph, the speaker reiterates the importance of mastering core cybersecurity skills such as encryption, networking, and database management. They suggest that a strong foundation in these areas can make more advanced topics seem easier. The speaker also encourages aspiring professionals to challenge themselves with difficult tasks and to continuously push their limits to grow in their cybersecurity careers.
Mindmap
Keywords
💡Cyber Security
💡Fundamentals
💡Principal Security Engineer
💡Internships
💡Content Management System (CMS)
💡OSI Model
💡Boot Camp
💡Cloud Security
💡Offensive Security
💡Ethical Hacking
💡Career Advancement
Highlights
Reflecting on a career journey in cybersecurity from a starting point 10 years ago.
The speaker's disbelief at the prospect of earning $500,000 a year as a principal security engineer.
The importance of having a strong foundation in cybersecurity fundamentals.
The speaker's early career as an average student with internships in small companies.
The excitement and challenges of starting a career in cybersecurity.
The necessity of understanding computer networking and coding basics in cybersecurity.
The skepticism towards short-term boot camps as a pathway to a cybersecurity career.
The value of hands-on experience and the importance of setting up a cybersecurity lab.
The speaker's personal experience of receiving job offers from major companies like Amazon, Cisco, and McAfee.
The role of foundational knowledge in successfully answering interview questions.
The speaker's advice on experimenting with cloud technologies and gaining practical experience.
The significance of aligning with the core goal of businesses to prevent hacks.
The speaker's emphasis on the importance of curiosity and continuous learning in cybersecurity.
The benefits of joining local cybersecurity communities and networking with professionals.
The speaker's perspective on the unrealistic promises of quick cybersecurity training programs.
The speaker's encouragement to challenge oneself with difficult tasks to grow in cybersecurity.
The importance of understanding encryption, networking, databases, and applications as core cybersecurity skills.
Transcripts
you know today is a Sunday afternoon
it's quite
afternoon
and it's interesting because
just I was just thinking about this like
there were a few things that happened
and just just 10 years ago I was
starting out my career in cyber
security and if you were to come up to
me and tell me hey Mr heck aoy
or back then it would have been back
then it would have been scrip KY
Loy and you say hey 10 years later you
are going to make $500,000 a year as a
principal security engineer at Fang or
bang I would say how is that
possible what did I do can it really be
done
difficult I would say challenging not
the
least and at that time 10 years ago I
was just starting
out I was helped as engineer and at a
time in my city if you could get
anything from $24,000 a year to $36,000
a
year that's amazing anything more is
just unbelievable
and I wasn't the the best student I
wasn't the rightest student far from it
I was like the average
student and I learned like computer
science I learned Computing I learn how
to code a thing or
two but they didn't really have a lot of
real well
experience I've done some internships at
small size
companies and like installing VPN
servers fix
computers I knew nothing about fixing
computers back
then they gave me the shot and I was
pretty excited about
it so I was at the start of my
career and it was exciting it was pretty
exciting it was fun it
was
challenging but I knew cyber security
was something that felt natural
and there are some things that you
should really get good at when it comes
to cyber
security and that's the
fundamentals get the foundation right if
you get the foundation right everything
will come to you all the great things
will come to you so get the fundamentals
right
like think about like computers right
and think about how they talk to each
other networking piece the compute piece
get those right think about coding some
things get those right think about
something complex like a Content
management system enterprise resource
planning
system work on them see how it goes but
don't say no go for it you
have vitality
in you if you're coming into cyber
security getting the fundamentals right
is is critical because that's where you
buot a really
solid really really
solid foundation for everything
else and cyber is not easy and I see
lots of
courses that are being marketed that are
being promoted
they kept saying 3 weeks boot
cam a month boot Cam and you get into
cyber
security it's possible it's possible if
you come from a computer science
background that's possible but majority
of the time if you're not coming in from
a an IT
background it would be pretty difficult
very
challenging and how many companies out
there
think about it you're it manager you're
cyber security manager you want to hire
and you probably have some
options where you hire someone who is
coming out three year from college or
university from computer science who has
done some coding who has built some
sites who has done a bit of internships
here in
there or would you go for someone who is
like just had a three week boot
camp the answer is
obvious and in the interview process
it'll be pretty different too the
way that they could answer the
questions the way the questions are
answer
it You' be asking simple things like how
do two computers talk to each
other how do you secure a
database how do you
in fact simple one what is the
OSI layers what are they how many layers
are there those are simple questions get
them right get them right you go a long
way and of course like I
say I would have never imagined
myself here in this position
like being a security engineer
at a mang or a Fang company I would
never have imagined
that and it came from lots of
reading burning through lots of
weekends starting a lot reading a
lot
and how can it be success without any
sacrifice
so sacrifice that
and it usually be because you have a
passion for it it's something that you
feel some interest in it but it's not
developed fully where it becomes an
obsession it's just the start start of
Journey and you want to become obsessed
with it so you have to thinker with it
you have to
try you have to play around with it
like for example when I was just several
years ago when I was
interviewing at
Amazon I was also interviewed by several
other companies who gave me an offer too
I was
given the offer at Cisco I was given the
offer at McAfee now know as
Skyhigh I pass all of
them it all went down to F
fundamentals always the foundational
piece of
things you get it right all the
questions are asked to off
you you'll be able to tackle them
easily of course back then there wasn't
things like chat
GPT and you had to really like get lots
of books fore but now with this gen AI
CH GB R you can just ask questions if
you don't know fire it up ask CH your
question have a passion for you set up a
a cyers crey lab an etical hacking lab
set that up Don't
Wait set it up it's low cost get a
Raspberry Pi it's less than
$200 get it install it with col Linux
use it get a small laptop a small
PC install col Linux on it
try it try running them you have to have
hands-on
experience and back then of course clout
really wasn't that big of
thing all right it was growing but it
didn't become the mammoth that it is
today so but there were glimps there
were indicators that is coming up there
were things that were showing that is
coming
up
and that's those are the things that you
need to take note of that you need to
be that you need to know of like
now what's hot right now in cyber
security think about it other and geni
of
course what else is hot about cyber
security
Now call
security is is that hot is that
big are there demands for
it when you're searching for jobs you go
to
LinkedIn do you see come
up do you see those skills being asked
of you like aw
security Azure security Google Cloud
security do they come
up what about offensive security do they
come up
do they ask a few
to do they ask a few how do BU
payloads how do you bypass
edrs how do you secure
service the ultimate goal of many of
this businesses and
organizations is simply just don't get
hacked okay and you have to allign
yourself to that you have to get the
skills of that so think about
like think about
like a
company we just started a couple years
ago they are likely going to be
deploying their workloads their it
systems likely on the
clout 90% of the
chances they're on a clout
their workloads are running they're
growing they're growing
aggressively they want to make sure it
never goes
down so that because it's Revenue it
creates revenue for them it's Revenue
generating they don't want it to go down
and your job as a cyber security
professional is to ensure that is to
help them secure those systems and
that's how you get a job that's how you
get a roll at it and to get a rooll at
it you need to demonstrate that you have
the skills and experience on it so
experiment experiment with these
Technologies if you have not started a
website on a cloud go out there and do
it right now log in right now set it up
it's only like $5 a month to set it up
maybe even lower or maybe a little
higher depending on where you go but the
experience is what matters
I mean think about it it's at least $4
$5,000 a month compared to hosting a
website gaining The Experience gaining
the knowledge for $10 a
month it's worth
it well worth
it Tinker with security Technologies
there's lots of free ones open source
ones it's all around they're all
around go for them try them out don't
just watch the videos I produce don't
just watch the tutoral I produce
reproduce them in your own
lab try them
out be curious be really curious about
things that are happening think about
all the common vulnerability
exposure have you read the
payloads have you tried the
payloads have you try to install a
server of that version that is
vulnerable try
that get experience for it join
community in the city near you I am
certain there are monthly meups for the
Cyber Security Professionals security
user groups go for it go there and meet
people talk to them interact with them
try to mirror
them see what you're doing with the
careers
what certifications are they going for
what are they reading what are they
watching go for that
two ultimately get a fun as right get
the fun right
first then you start doing all these
things you start meeting people you
start connecting with people you start
tinkering with things that are a little
more advanced but it's good for you it's
good for your career you know that
cyber security is not I mean if you see
boot camps to tell you that you can get
in cyber
security within a week within a
month highly
unlikely go for things that are hard
that challenges you then you move
faster then you're really then you
really know your own limits and then you
can keep testing the limits of
yourself keep pushing yourself get
better get
further a new CV go read it a new
exploit go try it have a hacking lap in
place get the F
right this are the things you need to
get really good at
Cyber that's how how I do it
again that's how I would do it all over
again get a fom is
right think about
encryption think
about networking think about databases
think
about
applications if you have the core you
have the basic
rights you get them right you go far
and everything else would just look easy
or easier for you
تصفح المزيد من مقاطع الفيديو ذات الصلة
How I Would Learn Cyber Security If I Was To Start Over in 2024 (Beginner Roadmap In Cybersecurity)
Cloud Security is the FUTURE! - Here's Why
Getting Into Cyber Security: 5 Skills You NEED to Learn
Step-By-Step Cybersecurity Beginner Learner's Guide | Cyber Security Training for Beginners 2023
How I Would Learn Cyber Security If I Could Start Over in 2024 (6 Month Plan)
Interview with an Expert - Michael Babischkin: CyberSecurity
5.0 / 5 (0 votes)