One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1339981 |
| Date de publication | 2019-09-17 13:00:00 (vue: 2019-09-17 15:07:26) |
| Titre | There\'s no such thing as an entry-level job in cybersecurity |
| Texte |
Every week the AT&T Chief Security Office produces a series called ThreatTraq with helpful information and news commentary for InfoSec practitioners and researchers. I really enjoy them; you can subscribe to the Youtube channel to stay updated. This is a transcript of a recent feature on ThreatTraq. The video features Jonathan Gonzalez, Principal Technology Security, AT&T, John Hogoboom, Lead Technology Security and Tony Tortorici, Principal Technology Security, AT&T.
Jonathan: There's no such thing as an entry-level job in cybersecurity.
Tony: Jonathan, you had a story about entry-level jobs and what skills you need for day one. Do you want to go into it?
Jonathan: Yes, definitely. You know, we usually do vulnerability stories and things that are being hacked and I thought for those watching that might be interested in the field, that might not be in it yet, this may be an interesting topic. I found this blog post by Daniel Miessler about what the expectations of a potential-hiring manager will be on day one. Right. But first of all how do I get to day one and be hired and what are the things that they might be looking for?
This ties to the “skill gap” notion in cybersecurity.
Miessler has other articles about the skill gap. In this article particularly, it seems he's indicating there is really no entry-level position in cybersecurity, because cybersecurity is not a single field.
John: Right.
Jonathan: There is this cybersecurity domain mapping that I found very interesting that breaks down every possible job that you could end up in cybersecurity and it's overwhelming. Right? So someone in this entry-level world says, "I want to do cybersecurity." The first thing they need to figure out is what area of cybersecurity?
John: This is interesting. I'm not even on this list. I don't see any incident response.
Jonathan: There is, on the bottom left, security operations and incident response, investigations...
John: Oh there it is, okay. Security operations.
Jonathan: ...forensics is my team, there's awareness, there's user education. Also, internally we have governance and risk assessment. We have career development, we have security architecture. As a person in this entry-level world, what you need to understand is you're not doing cybersecurity. You're doing something within the field of cybersecurity. And, this article particularly, some scenarios can be built and some tasks that are expected? I'm gonna pick on auditing. I learned on the job was preparing for an audit.
John: Everyone's favorite task.
Jonathan: Right. But usually, a junior entry-level person might end up on that team. And they need to understand what it means to do that and as a person hiring, that might be the thing that you want them to understand. And if they don't even know what that is then you're immediately going to eliminate them without considering their skills. They've just never done an audit. And I think what we get to in here that is not about the skill to do the audit, it's about the skills underneath you might be able to bring them up to an audit level speed.
John: Right.
Jonathan: And this is very interesting because it's things like understanding which kind of audit it is. Right? Is it an app |
| Envoyé | Oui |
| Condensat | “entry “feeder “skill some able about academic actually administration after ahead all along already also always analysis analyst another answer antivirus any api applicants application apply applying architecture are area areas article articles ask asking assessment at&t audit auditing audits automate automation awareness back background ballpark based because becoming before being better between blacklists blog bottom breaks bring built but called came can can't can subscribe care career case certain certificates chief coding college come coming commentary communicate company connect considering control cool core could cross cybersecurity cyberseek daniel data day definitely depending developer development did different dns does doesn't doing domain don't done down draw dues each easier education effective either eliminate emphasize emphasizing end engineering enjoy entry environment even ever every everyone's everything evolve example excellent expectations expected experience experiences explanation favorite feature features field fields figure figured find first five flavors footnote forensics formulated found foundation from function functions fundamental gain gap gap” general get girl's given gives going gonna gonzalez good governance guess guy guys hacked had happen happening hard harden hardening has have having he's heavy help helpful here him hired hiring his hogoboom how i'm i've idea ideas immediately incident indicating industry info information infosec ingrained intelligence interested interesting internally interview interviewing investigations it's it’s itself job jobs john john: jonathan jonathan: jump junior just kaiser kind kinda kinds know knowing knowledge lead learn learned least leave led left let's letting leve”l level level” like list look looked looking lot machines make makes making manager managers many mapping massage masters matt may maybe means meet mentions miessler might mind misleading more most move much myself necessarily need network networking networking: never news next not notion off office okay one operations opinion order org other out outputs overwhelming own particularly path pay people person pick pitching pivot pivoting places point position positions possible post potential practitioners pre preparing pretty preview principal problem proceed process produces professional programming programs protocols put python qualifications questions read really realm reassembled recent regular related report requirement requisites researchers respect response right risk role roles” run said say saying says scenarios script scripting scripts search secure security see seeing seems sense series servers set sets shift should show side simple single site situations skill skills small soc socs software some someone something sometimes sort speak specific speed start stay step stories story stream stuff such superstar sure system systems take talent talking task tasks teach team technology tell telling that's the youtube channel to them them; then there there's these they're they've thing things think those thought thoughts threattraq through tier ties time times tony tony: topic tortorici track training transcript true try trying two type types typical underneath understand understanding unfortunately updated use useful user usually versa versus vertical verticals very vice video vulnerability walks want wanting watching way we'll we're week well went what what's whatever when where which who who's whoever whole why will wireshark within without work worked working works world would write yeah years yet you're you’re your |
| Tags | Vulnerability Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.