Roadmap for Cyber Security Expert Candidates
At the point technology has reached today, cyber security issues have begun to increase their importance. Trending news and issues now concern individual users as well as service providers. Secure service level and quality are at the top of the preference criteria for users. As in all parts of the world, we all follow the announcements and news about the need for cyber security experts in our country. We have prepared a road map and a list of recommendations that we think will be useful for expert candidates who want to improve themselves in this field.
The first thing we need to point out to begin with is that learning should be approached systematically. A learning method that will be done in a certain logical order and in a way that complements each other will prevent getting stuck and going back in the process. Unfortunately, moving on to another subject without fully understanding it does not work in cybersecurity specialist training. Unfortunately, installing Kali Linux and immediately starting to use the tools in it does not yield any results.
What Should a Cyber Security Specialist Candidate Know?
1. Operating System
The point you will reach during a test is the Operating System. When you reach the target Operating System, if you do not know where to look and what to do, your range of motion will be quite limited. For this reason, in-depthoperatingsystem knowledge is a must for every cybersecurity expert.
Operating system knowledge is a separate issue from knowing where to click. When you access the operatingsystem command line as a normal user or root user,there is no screen to click on with the mouse. So you should assume that you will need to do everything from the command line.
You should know very well how the system you access works. For example, where log files are kept, how to access registry records, and examining and managing network connections from the command line are among the most basic topics that need to be learned. All hardware and software are secondary structures that use the Operating System as the Platform. That's why you need to know the behavior of the platform on which your software runs. A serious training process onWindows, Linux or Unix-basedoperatingsystems is at the top of our list.
2. Networking and Protocol Information
After learning the working and behavioral structure of Operating Systems to a considerable extent, it is time to communicate with each other. The structure of the network formed by the interconnected systems and the protocols used during communication must be known very well.
Let's make a statement here to describe the level of knowledge. Network and protocol knowledge is a subject far beyond just memorizing the layers of the OSI model. It is necessary to seriously internalize each layer, the structure and content of the packets. What operations are performed at which layer? How does the system react to these operations? All such questions should be learned without leaving any room for doubt.
The differences between TCP and UDP protocols and the travel of packets in the network environment, defined as routing, are also included in these topics. Knowing DNS, ARP or DHCP in detail is among the topics that cannot be ignored in order to mature network and protocol knowledge.
If you are unsure whether a transaction occurs at the Data Link layer or the Physical Layer, we recommend that you do not proceed to the next step.
3. Process Information and Attack Types
This article is a continuation of article 2 explained above. It is impossible to analyze ARP spoof or MiTM attacks if you lack network and protocol knowledge. It is very important to know the issues stated in Article 2 so that you can work on interception and changing packages. You must know the processes so you can discover where to look. If you don't know that such a process exists, you won't be able to find it by trying where to look.
The point we want to emphasize in this regard is Curiosity. How is it working? The question should always keep you busy and you should strive to learn patiently.
4. Basic Scripting Ability
We strongly recommend that you learn VBS and Bash Scripting. In this way, you can have many operations performed automatically by the system's processor. Working manually means waste of time and mistakes. Examination by human eyes increases the possibility of information being overlooked. The criteria you create with the scripts you write will automatically analyze the data, gain speed and minimize errors.
When you reach a certain level in scripting, you can naturally start writing more powerful programs with a programming language such as Python. The experiences you will gain will take you to this point. Learning to write scripts is not something to skip. You should definitely learn and be friendly with working from the command line.
5. Firewall
Cyber Security Expert must definitely learn the working logic of firewall. The best way to do this is to get yourself a firewall, find it and work on it. Learning firewall management will always be useful. Knowing permissions, restrictions and rules, learning Access Control processes is an important step in understanding their working logic. IP Spoofing is directly related to Firewall. You should do research and learn about this subject. Then it would be best to move on to PIX and ASA subjects and start all the processes again.
6. Forensics
Researching and analyzing digital environments and collecting evidence is a subject that requires expertise. You should do serious research to gain knowledge on this subject. Not learning where traces are left when a system is entered means that you cannot properly collect evidence in your research.
For digital analysis and log review, the Operating System Information we mentioned in Article 1 comes up again. If you know the Operating System very well, it will be much more efficient to progress in applying Forensics techniques.
7. Programming Knowledge
A Cyber Security Specialist must have advanced knowledge of programming. The advanced degree here is not knowing object-oriented programming very well and being able to code the desired algorithm. It is being able to write purpose-oriented programs that can perform operations on sockets and networks, especially starting from a simple program such as a port scanner.
Open source port scanner etc. published on platforms like Github. Taking the time to examine the codes of the programs will save you a lot of time. If you can review the codes and write them yourself, you have made progress.
8. Database information
Databases make the work of all systems easier. For this reason, we can say that if data is stored somewhere, there is definitely a database. Oracle, SQL etc. Knowing databases is very important. The systems you will access will definitely be using a database. Although you are not expected to be a very advanced expert in databases, you should at least understand and read the documents specified in the Tutorial and be able to make basic queries. In addition to queries, tables, permissions and user privileges are database issues that must be learned.
9. Patience
I think you have noticed that the topics we mentioned above are not topics that can be learned in a short time. It should be noted that these are subjects that require a really long time and are as abstract as possible. If you think you can work patiently on all these issues without getting tired, you can say that you are a Cyber Security Specialist Candidate.
Remember. Every success story starts with a small step. If you want to start working from a point, start learning the topics we have listed in order and patiently. We definitely want to say that it is important to share the topics you learn with others through blog posts or by organizing some seminars. In this way, your knowledge will become permanent and you will realize the points you do not know exactly. I would like to state that if you invite the author of these lines to your seminars, I will gladly try to attend.