5 Ways to Boost your Cybersecurity Career in 2024

00:00

what are the skills you need Beyond

00:01

practical Hands-On hacking to be a

00:03

successful penetration tester or

00:05

security engineer in 2024 and take your

00:09

career to the next level I'm going to

00:11

give you five things that you should

00:13

learn and also share some resources on

00:15

how to actually go about learning them

00:17

these won't just expand your Knowledge

00:19

and Skills but potentially set you apart

00:21

from others putting your head in an

00:23

increasingly competitive field if you're

00:25

new to the channel then don't forget to

00:27

like And subscribe and let's just geted

00:30

that's it so first up we have the cloud

00:32

and you might be thinking well a pentest

00:34

is a pentest and I'll just deal with the

00:37

cloud when I get to it after all it's

00:39

just somebody else's computer right well

00:42

whilst the goal might be similar to a

00:44

traditional pent test I.E we want to

00:45

find weaknesses and vulnerabilities and

00:48

give actional remediation advice

00:50

attacking Cloud environments requires

00:52

knowledge of how Cloud permissions work

00:54

what services are being used their

00:56

potential misconfigurations and of

00:58

course it doesn't help that new services

00:59

and change ches are being pushed

01:01

literally all the time so for cloud

01:03

you're going to be spending a lot more

01:05

time with apis and whilst you can learn

01:07

a methodology to work with you'll likely

01:10

be reading a lot of documentation on the

01:12

Fly and of course there are cloud pen

01:14

testing tools to help you achieve your

01:15

goals but again that's another thing

01:18

that we're going to have to get to grips

01:19

with new tools some of the things you'll

01:22

run into a lot in the cloud are service

01:24

side request forgery metadata endpoints

01:26

S3 permissions and of course credentials

01:29

and keys in source code and

01:31

configuration files and if you're

01:33

thinking to yourself a lot of these

01:34

things sound like web attacks rather

01:36

than more traditional Network attacks

01:38

then you'd be right and so if you're a

01:40

network penetration tester it might be

01:42

time to dust off those web skills so

01:46

where should you go to learn about cloud

01:48

computing well most major vendors have

01:50

free training available so that's a

01:52

great place if you're starting from zero

01:54

and personally I tend to learn by doing

01:56

so I have some sub projects sitting in

01:59

AWS and I think unless you're starting

02:01

from scratch Project based learning is

02:03

definitely the way to go our next skill

02:05

is Powershell but you could also add

02:08

scripting here too the reason I want to

02:10

put the argument forward for Powershell

02:12

though is because it leads to a deeper

02:14

understanding of Windows gives you

02:15

access to the Net Framework and can help

02:18

you with stealth and evasion and of

02:20

course post

02:22

exploitation I have to admit my power

02:24

shell skills are not particularly strong

02:26

but even a basic understanding can be

02:28

really helpful during a

02:30

pentest I personally originally learned

02:32

from a book called Powershell in a month

02:34

of lunches and when I checked last week

02:37

there was an updated version published

02:39

in

02:40

2022 I really liked the way it taught

02:42

you not just how to write Powershell

02:44

scripts but how to solve problems from a

02:46

Powershell perspective and also where to

02:48

go and what to reference when you're

02:50

stuck or if something is broken another

02:53

real benefit of Powershell is that once

02:55

you have a reasonable grasp of it you

02:57

can start to borrow and adapt Scripts to

02:59

suit your needs for example I used to

03:02

take scripts from the Empire project and

03:04

use them in certain situations this is a

03:06

great way to exponentially expand your

03:09

potential toolkit as a pentester and may

03:12

open up new attack paths or options that

03:14

you may not have previously explored I

03:16

don't have much more to say on

03:18

Powershell other than that so A short

03:20

and sweet section I suppose so next up

03:22

we have the dreaded word or phrase that

03:24

gets thrown around a lot and that is

03:27

soft skills but to me soft skills are

03:30

really a measure of interacting

03:31

effectively and harmoniously with other

03:34

people and particularly for technical

03:36

roles effective communication is vital

03:39

it could be explaining technical details

03:41

or it could be abstracting something to

03:43

help another department understand your

03:46

requirements soft skills do go beyond

03:49

communication though being a good team

03:51

member and collaborating effectively is

03:53

often an important skill we need to

03:55

master and managing projects time and

03:58

resources whether they are your own own

03:59

or your teams is also very important too

04:03

so how can we improve our soft skills

04:06

well to begin with we need to decide on

04:08

what we really want to improve if you're

04:10

not so good at presenting or public

04:12

speaking then the Fineman technique can

04:14

really help or if you're always jumping

04:16

from task to task and fighting fires

04:19

then pick up a book on techniques to

04:21

better manage your tasks and time it

04:24

comes down to finding things that you

04:25

want to improve and actively doing

04:28

things so that they can improve prove

04:30

and if you can get meaningful feedback

04:32

from a colleague or a mentor then you're

04:34

going to be even more successful I was

04:37

recently watching something about soft

04:38

skills and it said hey you can be 10 out

04:41

of 10 technically but if your

04:43

communication skill is only three out of

04:45

10 how do you think people will judge

04:47

you and it's the same as a pentest a

04:50

good pentest is only ever as good as its

04:52

reports a pentest without a report is a

04:55

complete waste of time unfortunately

04:58

make sure you put a little bit of of

04:59

time into improving your soft skills and

05:02

filling in any weaknesses that you might

05:04

have all right so now we have containers

05:07

which have basically taken over the

05:10

world and are now a fundamental part of

05:12

modern application deployment and Cloud

05:16

infrastructure they can both improve

05:18

security and introduce new weaknesses

05:21

into a system so getting containers

05:23

right is a key part of the development

05:26

life cycle and of course as security

05:29

engineers and pentesters something that

05:31

we also need to be familiar with

05:34

containers provide an isolated

05:36

environment for your application to run

05:38

which can be a double-edged sword on one

05:40

hand it offers enhanced security through

05:42

isolation but on the other hand

05:44

misconfigurations can lead to

05:46

significant vulnerabilities some common

05:48

issues that we do find are container

05:50

escapes unsecured container Registries

05:53

and the mishandling of sensitive data so

05:56

when it comes to pentesting in a

05:58

containerized environment you really

05:59

need to understand the technology that

06:01

you're working with so maybe it's Docker

06:04

podman kubernetes whatever but you need

06:07

to understand the security best

06:08

practices and in this situation it's

06:11

often critical to inspect the container

06:14

images and configurations for

06:16

vulnerabilities you also need to make

06:18

sure that there's proper Network

06:20

segmentation and that secrets are being

06:22

managed appropriately personally I kind

06:24

of learned Docker a little bit by doing

06:26

at the start and then expanded my

06:28

knowledge by doing more research or

06:30

reading blog posts and documentation and

06:33

if you're looking to deepen your

06:34

knowledge of containers diving into the

06:37

architecture of

06:38

containerization understanding the

06:39

orchestration within things like

06:41

kubernetes and exploring the tools in a

06:44

Hands-On way is definitely recommended

06:46

and personally of course I think

06:48

hands-on experience is key so setting up

06:50

your own containerized environment and

06:52

introducing misconfigurations and then

06:54

trying to break it I think is the best

06:56

way to learn I did a Docker 101 video a

06:59

little while ago and so you can check

07:02

that out if you're interested and want

07:04

to get started let's talk next about an

07:06

area that's been gaining immense

07:08

traction and that is the world of

07:10

cryptocurrency and blockchain security

07:13

now I wouldn't usually recommend this to

07:15

someone who is still looking to build

07:17

their fundamental skills but if you want

07:19

to get ahead or find a niche then it's

07:22

definitely worth exploring with the

07:24

increasing adoption of cryptocurrencies

07:26

and the blockchain technology that

07:27

powers them understanding security

07:29

surrounding this technology is critical

07:32

so blockchain technology records

07:34

transactions across many many machines

07:37

in a way that the records cannot be

07:39

altered

07:41

retroactively however this doesn't mean

07:43

that they're immune to all security

07:45

issues common threats include smart

07:47

contract vulnerabilities exchange

07:49

security wallet security and network

07:52

level attacks like the 51% attack when

07:55

pentesting in the crypto world it's

07:57

crucial to understand how how blockchain

08:00

actually works the specifics of smart

08:02

contracts and decentralized applications

08:05

or D apps you'll often be looking to

08:08

identify vulnerabilities in daa

08:10

interfaces and ensuring the security of

08:12

crypto wallets and there is also a

08:15

growing need for specialists in this

08:17

field so getting ahead now can put you

08:20

at the Forefront of an exciting and

08:22

evolving industry so if you're looking

08:25

to dive into this space then definitely

08:27

start with the basics of blockchain tech

08:29

technology and cryptocurrencies and

08:31

explore the best practices of crypto

08:34

exchanges and you can even experiment

08:36

with creating and testing your own smart

08:38

contracts and of course keeping up to

08:40

dat with the latest research and

08:42

development in terms of the crypto and

08:44

blockchain world is important too so

08:47

that's it for this video once again if

08:49

you enjoyed it then don't forget to like

08:52

And subscribe and of course if you have

08:54

any questions then we live stream here

08:56

on the Cyber Mentor YouTube channel

08:58

every Tuesday Tuesday and Wednesday

09:00

other than that you can always catch us

09:02

on the Discord to share ideas and meet

09:05

like-minded people catch you next time