April 21, 2021

From Law to CyberSecurity

Hi,

I hold a BS and MS degrees in law, and practice it for ~6 years, 2 out of which I also do asset tracing and investigations using OSINT techniques. However, besides OSINT part, I have never felt that law is my thing in terms of personal satisfaction.

Since my early years I’ve been interested in computers, networks, cyber security and corresponding cyber crime issues, and later in life – incident response and cyber crisis management, as well as everything related to cyber security in general, including reading blogs of CS experts, and cyber culture in a broader sense. Even though I’ve tried to bring more cybersecurity into my legal career (as part of my master studies I wrote a thesis, researching issues of legal attribution of state-sponsored cyber-attacks, which I really enjoyed), it actually feels that I only walk around the topic I like, without getting my hands on the technical side of CS.

During COVID I started to seriously consider making a move from law to ‘real’ cyber security, where my legal/consulting skills could also be of good use at a later career stage. So I think about joining a 6 month full-time ‘SOC analyst’ bootcamp (4 month education + 2 months internship at SOC). Here is the syllabus they gave me, which I believe must be standard for CS bootcamps.

1. SQL injection
The hacker mindset Kali Linux
Malware attacks
Brute Force attacks (inc. dictionary attacks)
2. SEIM (security Information & Event Management) & IR (Incident Response)
SOC simulation exercises
3. Programming/scripting:
Python
Working with DBs (SQL & NoSQL) DevOps
4. OS
1. Windows:
Windows API, Win32, and windows subsystem model
Debuggers and Sysinternal tools
2. Linux:
Intro to Linux & Distributions
Memory system
Linux API

After the bootcamp I plan to get a job as a SOC Analyst, moving to IR and Threat Intelligence. In simple words, I wish to help clients to defend against cyber attacks, build resilient systems and manage cyber incidents.

My questions are:

1. Is it possible to learn topics advertised topics mentioned in the syllabus sufficiently enough during 6 month period to be able to jump into the CS field (like SOC analyst) without a technical degree?
2. The program costs about USD 5k (plus the money I won’t be earning, which is much higher). Do you think getting certain certs instead would be better investment – If yes, why, what certs (besides Security+) and in which order you’d recommend taking?
3. If I won’t be able to make a swith to a pure technical job, in what CS positions/companies my legal/consulting and technical skills could be valuable?
4. Any general piece of advice would be really appreciated

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.