How I Would Learn Cyber Security If I Could Start Over (Amazon Principal Security Engineer)

Loi Liang Yang
1 Sept 202415:38

Summary

TLDRThe speaker reflects on their journey in cybersecurity, starting as an average student to becoming a principal security engineer. They emphasize the importance of foundational knowledge, hands-on experience, and continuous learning. The transcript highlights the significance of understanding core concepts like networking, coding, and system management. It also advises aspiring cybersecurity professionals to experiment with technologies, engage with the community, and stay updated with current trends and skills in demand, such as cloud security and offensive security.

Takeaways

  • πŸ’Ό The speaker reflects on their career journey in cybersecurity, emphasizing the importance of starting with a solid foundation in the field.
  • πŸ’° A decade ago, the speaker was just starting out and could not have imagined earning $500,000 a year as a principal security engineer.
  • πŸ† The speaker highlights the significance of mastering the fundamentals of cybersecurity, such as computer science, networking, and coding.
  • πŸš€ The speaker advises that success in cybersecurity is not easy and requires dedication, passion, and continuous learning.
  • 🏫 The speaker suggests that while short boot camps can be helpful, they are no substitute for a strong educational background and hands-on experience.
  • πŸ’‘ The speaker emphasizes the importance of understanding basic concepts like how computers communicate, securing databases, and the OSI model.
  • πŸ”§ The speaker encourages setting up a cybersecurity lab and gaining practical experience through hands-on experimentation.
  • 🌐 The speaker notes the growing importance of cloud security and the need for professionals who can secure cloud-based systems.
  • πŸ’‘ The speaker advises on the value of joining local cybersecurity communities and networking with other professionals to learn and grow.
  • πŸ“ˆ The speaker stresses the importance of staying updated with the latest trends and technologies in cybersecurity to remain relevant and employable.

Q & A

  • What was the speaker's initial salary expectation when starting their career in cybersecurity?

    -The speaker mentions that in their city, anything from $24,000 to $36,000 a year was considered amazing when they were starting out.

  • What does the speaker emphasize as the key to success in cybersecurity?

    -The speaker emphasizes getting the fundamentals right, such as understanding computers, networking, and coding, as the key to building a solid foundation in cybersecurity.

  • Why does the speaker believe that short boot camps might not be sufficient for a career in cybersecurity?

    -The speaker believes that without a strong IT background, it would be challenging to gain the necessary skills and knowledge in such a short time, and employers often prefer candidates with more extensive experience and education.

  • What does the speaker suggest as a practical approach to learning cybersecurity?

    -The speaker suggests setting up a cybersecurity lab, using tools like Raspberry Pi with Kali Linux, and gaining hands-on experience with various technologies and platforms.

  • How does the speaker describe the importance of having a passion for cybersecurity?

    -The speaker describes passion as essential, suggesting that it should develop into an obsession to drive continuous learning and improvement in the field.

  • What does the speaker suggest about the relevance of cloud security in the current job market?

    -The speaker suggests that cloud security is a hot topic and in high demand, as many companies are deploying their IT systems on the cloud and require professionals to secure these systems.

  • What is the speaker's advice for someone looking to get a job in cybersecurity?

    -The speaker advises gaining practical experience, experimenting with technologies, and aligning oneself with the needs of businesses, such as securing systems and preventing hacks.

  • Why does the speaker recommend joining local cybersecurity groups or meetups?

    -The speaker recommends joining local groups to network with professionals, learn from their experiences, and stay updated on industry trends and certifications.

  • What is the speaker's perspective on the role of curiosity in cybersecurity?

    -The speaker views curiosity as a driving force for learning and experimentation, encouraging individuals to explore vulnerabilities, payloads, and different technologies.

  • How does the speaker define the ultimate goal for cybersecurity professionals?

    -The speaker defines the ultimate goal as ensuring systems are secure and not hacked, which involves staying updated with the latest technologies and threats.

Outlines

00:00

πŸ’Ό Career Reflections in Cybersecurity

The speaker reflects on their career journey in cybersecurity, starting from humble beginnings with a modest salary expectation to becoming a principal security engineer earning $500,000 a year. They emphasize the importance of getting the fundamentals right, such as understanding computer networking, coding, and complex systems like content management and enterprise resource planning. The speaker also discusses the unrealistic promises of short-term cybersecurity boot camps and the value of hands-on experience and continuous learning.

05:02

πŸŽ“ Interview Insights and Career Growth

This paragraph delves into the interview process for cybersecurity roles, highlighting the importance of foundational knowledge such as understanding how computers communicate and securing databases. The speaker shares their own experiences, including receiving job offers from major companies like Amazon, Cisco, and McAfee, and stresses that a strong foundation in cybersecurity principles is crucial for success. They also touch upon the role of passion and sacrifice in achieving a rewarding career and the importance of keeping up with current trends and technologies in the field.

10:04

πŸ”§ Practical Experience and Community Engagement

The speaker advises on gaining practical experience through setting up personal labs and experimenting with technologies. They suggest using low-cost options like Raspberry Pi and Col Linux to build a cybersecurity lab. The paragraph also encourages engaging with the cybersecurity community through local meetups and user groups to network and learn from peers. The speaker underscores the value of curiosity, hands-on experience, and continuous exploration of new vulnerabilities and exploits to stay ahead in the field.

15:05

πŸ›‘οΈ Core Competencies and Future Outlook

In the final paragraph, the speaker reiterates the importance of mastering core cybersecurity skills such as encryption, networking, and database management. They suggest that a strong foundation in these areas can make more advanced topics seem easier. The speaker also encourages aspiring professionals to challenge themselves with difficult tasks and to continuously push their limits to grow in their cybersecurity careers.

Mindmap

Keywords

πŸ’‘Cyber Security

Cyber security refers to the practice of protecting systems, networks, and data from digital attacks. In the script, the speaker reflects on their career in cyber security and emphasizes the importance of having a strong foundation in this field. The speaker's journey from a beginner to a principal security engineer illustrates the growth and opportunities within the cyber security industry.

πŸ’‘Fundamentals

The fundamentals in the context of the video refer to the core knowledge and skills necessary for a career in cyber security. The speaker stresses the importance of understanding basic concepts such as computer networking, programming, and system operations. These fundamentals form the basis for more advanced learning and are critical for success in the field, as they enable professionals to tackle complex problems and adapt to new technologies.

πŸ’‘Principal Security Engineer

A Principal Security Engineer is a senior role in the field of cyber security, often responsible for overseeing security measures, conducting risk assessments, and developing security strategies. The speaker's mention of achieving this position within a decade signifies the potential for rapid career advancement in the industry, particularly for those with a strong grasp of the fundamentals and a passion for learning.

πŸ’‘Internships

Internships are temporary positions that provide hands-on experience in a professional setting. In the script, the speaker recounts their early experiences with internships, which involved basic tasks like installing VPN servers and fixing computers. These opportunities are highlighted as crucial for building practical skills and gaining an initial foothold in the industry.

πŸ’‘Content Management System (CMS)

A Content Management System is a software application used to create, manage, and modify digital content. The speaker suggests working on complex systems like CMSs as a way to gain deeper understanding and experience in cyber security. This is an example of how professionals can apply their foundational knowledge to real-world applications, which is essential for career growth.

πŸ’‘OSI Model

The OSI Model, or Open Systems Interconnection Model, is a conceptual framework that standardizes the functions of a telecommunication or computing system into seven layers. The speaker mentions the OSI layers as an example of a fundamental concept that cyber security professionals should understand. Knowledge of the OSI model is essential for understanding how data is transmitted and secured across networks.

πŸ’‘Boot Camp

A boot camp in the context of the video refers to an intensive, short-term training program designed to quickly equip individuals with the skills needed for a specific career, such as cyber security. The speaker expresses skepticism about the effectiveness of such programs for those without a background in IT, suggesting that a deeper, more gradual learning process is typically necessary to build a solid foundation in the field.

πŸ’‘Cloud Security

Cloud security involves protecting data, applications, and infrastructure hosted in the cloud. The speaker notes the growing importance of cloud security in the industry, as more businesses are moving their operations to cloud platforms. This trend underscores the need for cyber security professionals to stay current with emerging technologies and adapt their skills accordingly.

πŸ’‘Offensive Security

Offensive security refers to the practice of proactively identifying and exploiting vulnerabilities in systems to better understand and defend against potential cyber attacks. The speaker mentions offensive security as an area of expertise that is in demand, reflecting the industry's need for professionals who can think like attackers to strengthen defenses.

πŸ’‘Ethical Hacking

Ethical hacking involves the use of hacking techniques to identify and fix vulnerabilities in a system with the owner's permission. The speaker encourages setting up an ethical hacking lab to gain hands-on experience, which is a practical way to apply and enhance one's cyber security skills. This approach helps professionals understand the tactics used by malicious hackers and how to counter them.

πŸ’‘Career Advancement

Career advancement in the script refers to the process of moving up in rank or responsibility within a profession. The speaker's personal journey from an average student to a high-income security engineer exemplifies the potential for significant career growth in cyber security. This progression is attributed to a combination of foundational knowledge, hands-on experience, and a continuous drive for learning and improvement.

Highlights

Reflecting on a career journey in cybersecurity from a starting point 10 years ago.

The speaker's disbelief at the prospect of earning $500,000 a year as a principal security engineer.

The importance of having a strong foundation in cybersecurity fundamentals.

The speaker's early career as an average student with internships in small companies.

The excitement and challenges of starting a career in cybersecurity.

The necessity of understanding computer networking and coding basics in cybersecurity.

The skepticism towards short-term boot camps as a pathway to a cybersecurity career.

The value of hands-on experience and the importance of setting up a cybersecurity lab.

The speaker's personal experience of receiving job offers from major companies like Amazon, Cisco, and McAfee.

The role of foundational knowledge in successfully answering interview questions.

The speaker's advice on experimenting with cloud technologies and gaining practical experience.

The significance of aligning with the core goal of businesses to prevent hacks.

The speaker's emphasis on the importance of curiosity and continuous learning in cybersecurity.

The benefits of joining local cybersecurity communities and networking with professionals.

The speaker's perspective on the unrealistic promises of quick cybersecurity training programs.

The speaker's encouragement to challenge oneself with difficult tasks to grow in cybersecurity.

The importance of understanding encryption, networking, databases, and applications as core cybersecurity skills.

Transcripts

play00:02

you know today is a Sunday afternoon

play00:06

it's quite

play00:07

afternoon

play00:10

and it's interesting because

play00:13

just I was just thinking about this like

play00:17

there were a few things that happened

play00:19

and just just 10 years ago I was

play00:22

starting out my career in cyber

play00:25

security and if you were to come up to

play00:27

me and tell me hey Mr heck aoy

play00:30

or back then it would have been back

play00:33

then it would have been scrip KY

play00:34

Loy and you say hey 10 years later you

play00:40

are going to make $500,000 a year as a

play00:44

principal security engineer at Fang or

play00:49

bang I would say how is that

play00:54

possible what did I do can it really be

play00:57

done

play01:00

difficult I would say challenging not

play01:04

the

play01:05

least and at that time 10 years ago I

play01:09

was just starting

play01:10

out I was helped as engineer and at a

play01:14

time in my city if you could get

play01:18

anything from $24,000 a year to $36,000

play01:23

a

play01:24

year that's amazing anything more is

play01:28

just unbelievable

play01:31

and I wasn't the the best student I

play01:33

wasn't the rightest student far from it

play01:36

I was like the average

play01:38

student and I learned like computer

play01:41

science I learned Computing I learn how

play01:43

to code a thing or

play01:44

two but they didn't really have a lot of

play01:47

real well

play01:48

experience I've done some internships at

play01:52

small size

play01:54

companies and like installing VPN

play01:58

servers fix

play02:00

computers I knew nothing about fixing

play02:02

computers back

play02:04

then they gave me the shot and I was

play02:06

pretty excited about

play02:09

it so I was at the start of my

play02:14

career and it was exciting it was pretty

play02:17

exciting it was fun it

play02:20

was

play02:21

challenging but I knew cyber security

play02:24

was something that felt natural

play02:30

and there are some things that you

play02:32

should really get good at when it comes

play02:34

to cyber

play02:35

security and that's the

play02:37

fundamentals get the foundation right if

play02:41

you get the foundation right everything

play02:44

will come to you all the great things

play02:47

will come to you so get the fundamentals

play02:50

right

play02:51

like think about like computers right

play02:56

and think about how they talk to each

play02:58

other networking piece the compute piece

play03:03

get those right think about coding some

play03:07

things get those right think about

play03:10

something complex like a Content

play03:14

management system enterprise resource

play03:16

planning

play03:18

system work on them see how it goes but

play03:23

don't say no go for it you

play03:28

have vitality

play03:30

in you if you're coming into cyber

play03:34

security getting the fundamentals right

play03:36

is is critical because that's where you

play03:40

buot a really

play03:43

solid really really

play03:46

solid foundation for everything

play03:50

else and cyber is not easy and I see

play03:54

lots of

play03:55

courses that are being marketed that are

play03:58

being promoted

play04:00

they kept saying 3 weeks boot

play04:03

cam a month boot Cam and you get into

play04:06

cyber

play04:09

security it's possible it's possible if

play04:12

you come from a computer science

play04:14

background that's possible but majority

play04:17

of the time if you're not coming in from

play04:20

a an IT

play04:23

background it would be pretty difficult

play04:26

very

play04:27

challenging and how many companies out

play04:29

there

play04:31

think about it you're it manager you're

play04:33

cyber security manager you want to hire

play04:36

and you probably have some

play04:39

options where you hire someone who is

play04:42

coming out three year from college or

play04:44

university from computer science who has

play04:47

done some coding who has built some

play04:51

sites who has done a bit of internships

play04:53

here in

play04:54

there or would you go for someone who is

play04:57

like just had a three week boot

play05:02

camp the answer is

play05:04

obvious and in the interview process

play05:07

it'll be pretty different too the

play05:10

way that they could answer the

play05:13

questions the way the questions are

play05:15

answer

play05:17

it You' be asking simple things like how

play05:21

do two computers talk to each

play05:23

other how do you secure a

play05:27

database how do you

play05:31

in fact simple one what is the

play05:33

OSI layers what are they how many layers

play05:36

are there those are simple questions get

play05:39

them right get them right you go a long

play05:45

way and of course like I

play05:48

say I would have never imagined

play05:51

myself here in this position

play05:55

like being a security engineer

play06:00

at a mang or a Fang company I would

play06:02

never have imagined

play06:05

that and it came from lots of

play06:09

reading burning through lots of

play06:12

weekends starting a lot reading a

play06:17

lot

play06:19

and how can it be success without any

play06:24

sacrifice

play06:26

so sacrifice that

play06:29

and it usually be because you have a

play06:32

passion for it it's something that you

play06:37

feel some interest in it but it's not

play06:40

developed fully where it becomes an

play06:45

obsession it's just the start start of

play06:48

Journey and you want to become obsessed

play06:51

with it so you have to thinker with it

play06:54

you have to

play06:55

try you have to play around with it

play06:59

like for example when I was just several

play07:03

years ago when I was

play07:04

interviewing at

play07:08

Amazon I was also interviewed by several

play07:10

other companies who gave me an offer too

play07:14

I was

play07:15

given the offer at Cisco I was given the

play07:19

offer at McAfee now know as

play07:24

Skyhigh I pass all of

play07:26

them it all went down to F

play07:30

fundamentals always the foundational

play07:33

piece of

play07:36

things you get it right all the

play07:40

questions are asked to off

play07:44

you you'll be able to tackle them

play07:48

easily of course back then there wasn't

play07:50

things like chat

play07:52

GPT and you had to really like get lots

play07:55

of books fore but now with this gen AI

play07:58

CH GB R you can just ask questions if

play08:01

you don't know fire it up ask CH your

play08:06

question have a passion for you set up a

play08:09

a cyers crey lab an etical hacking lab

play08:11

set that up Don't

play08:13

Wait set it up it's low cost get a

play08:16

Raspberry Pi it's less than

play08:19

$200 get it install it with col Linux

play08:23

use it get a small laptop a small

play08:27

PC install col Linux on it

play08:30

try it try running them you have to have

play08:34

hands-on

play08:37

experience and back then of course clout

play08:40

really wasn't that big of

play08:43

thing all right it was growing but it

play08:47

didn't become the mammoth that it is

play08:51

today so but there were glimps there

play08:54

were indicators that is coming up there

play08:58

were things that were showing that is

play09:00

coming

play09:01

up

play09:03

and that's those are the things that you

play09:07

need to take note of that you need to

play09:10

be that you need to know of like

play09:14

now what's hot right now in cyber

play09:17

security think about it other and geni

play09:20

of

play09:21

course what else is hot about cyber

play09:23

security

play09:25

Now call

play09:28

security is is that hot is that

play09:30

big are there demands for

play09:33

it when you're searching for jobs you go

play09:36

to

play09:38

LinkedIn do you see come

play09:41

up do you see those skills being asked

play09:45

of you like aw

play09:48

security Azure security Google Cloud

play09:51

security do they come

play09:54

up what about offensive security do they

play09:57

come up

play10:00

do they ask a few

play10:04

to do they ask a few how do BU

play10:08

payloads how do you bypass

play10:12

edrs how do you secure

play10:15

service the ultimate goal of many of

play10:18

this businesses and

play10:20

organizations is simply just don't get

play10:23

hacked okay and you have to allign

play10:26

yourself to that you have to get the

play10:28

skills of that so think about

play10:34

like think about

play10:37

like a

play10:39

company we just started a couple years

play10:44

ago they are likely going to be

play10:47

deploying their workloads their it

play10:51

systems likely on the

play10:53

clout 90% of the

play10:56

chances they're on a clout

play11:00

their workloads are running they're

play11:01

growing they're growing

play11:04

aggressively they want to make sure it

play11:07

never goes

play11:08

down so that because it's Revenue it

play11:14

creates revenue for them it's Revenue

play11:17

generating they don't want it to go down

play11:19

and your job as a cyber security

play11:22

professional is to ensure that is to

play11:25

help them secure those systems and

play11:27

that's how you get a job that's how you

play11:29

get a roll at it and to get a rooll at

play11:32

it you need to demonstrate that you have

play11:35

the skills and experience on it so

play11:38

experiment experiment with these

play11:41

Technologies if you have not started a

play11:44

website on a cloud go out there and do

play11:46

it right now log in right now set it up

play11:50

it's only like $5 a month to set it up

play11:53

maybe even lower or maybe a little

play11:55

higher depending on where you go but the

play11:58

experience is what matters

play12:00

I mean think about it it's at least $4

play12:03

$5,000 a month compared to hosting a

play12:07

website gaining The Experience gaining

play12:09

the knowledge for $10 a

play12:12

month it's worth

play12:15

it well worth

play12:19

it Tinker with security Technologies

play12:24

there's lots of free ones open source

play12:27

ones it's all around they're all

play12:30

around go for them try them out don't

play12:34

just watch the videos I produce don't

play12:36

just watch the tutoral I produce

play12:38

reproduce them in your own

play12:41

lab try them

play12:44

out be curious be really curious about

play12:47

things that are happening think about

play12:49

all the common vulnerability

play12:52

exposure have you read the

play12:54

payloads have you tried the

play12:57

payloads have you try to install a

play13:01

server of that version that is

play13:04

vulnerable try

play13:06

that get experience for it join

play13:09

community in the city near you I am

play13:13

certain there are monthly meups for the

play13:16

Cyber Security Professionals security

play13:19

user groups go for it go there and meet

play13:21

people talk to them interact with them

play13:24

try to mirror

play13:26

them see what you're doing with the

play13:28

careers

play13:29

what certifications are they going for

play13:32

what are they reading what are they

play13:35

watching go for that

play13:39

two ultimately get a fun as right get

play13:43

the fun right

play13:44

first then you start doing all these

play13:47

things you start meeting people you

play13:49

start connecting with people you start

play13:52

tinkering with things that are a little

play13:53

more advanced but it's good for you it's

play13:55

good for your career you know that

play13:59

cyber security is not I mean if you see

play14:03

boot camps to tell you that you can get

play14:04

in cyber

play14:06

security within a week within a

play14:09

month highly

play14:16

unlikely go for things that are hard

play14:20

that challenges you then you move

play14:26

faster then you're really then you

play14:29

really know your own limits and then you

play14:32

can keep testing the limits of

play14:35

yourself keep pushing yourself get

play14:38

better get

play14:40

further a new CV go read it a new

play14:43

exploit go try it have a hacking lap in

play14:46

place get the F

play14:51

right this are the things you need to

play14:54

get really good at

play14:57

Cyber that's how how I do it

play15:00

again that's how I would do it all over

play15:04

again get a fom is

play15:07

right think about

play15:09

encryption think

play15:12

about networking think about databases

play15:16

think

play15:16

about

play15:18

applications if you have the core you

play15:21

have the basic

play15:25

rights you get them right you go far

play15:31

and everything else would just look easy

play15:34

or easier for you

Browse More Related Video

How I Would Learn Cyber Security If I Was To Start Over in 2024 (Beginner Roadmap In Cybersecurity)

Cloud Security is the FUTURE! - Here's Why

Getting Into Cyber Security: 5 Skills You NEED to Learn

Step-By-Step Cybersecurity Beginner Learner's Guide | Cyber Security Training for Beginners 2023

How I Would Learn Cyber Security If I Could Start Over in 2024 (6 Month Plan)

Interview with an Expert - Michael Babischkin: CyberSecurity

Rate This
β˜…
β˜…
β˜…
β˜…
β˜…

5.0 / 5 (0 votes)

Summary
Outlines
Mindmap
Keywords
Highlights
Transcripts
Related Tags
Cyber SecurityCareer GrowthFundamentalsCoding SkillsNetworkingCloud SecurityEducationalProfessional AdvicePassion DrivenHands-On Experience