I’m early in my career and want to be very targeted in my skill building. What Windows skills are most in demand?
1. Active Directory Users and Computers (commonly referred to as AD). You’ll be hard pressed to find any organization with more than 20 computers that doesn’t use this. Every IT person, CyberSecurity or not, needs to know this like the back of their hand. This is where you have “domains”, so that you can then add users and computers to that domain. From there, it allows you to setup categories, groups, etc to classify and organize your environment. How does a business keep track of 10,000 users, 5000 computers, and 1000 servers? Active Directory.
2. Group Policy. This sorta goes with AD. This is essential to establishing baselines in an AD environment, which is critical not only for Sysadmins mental health, but CyberSecurity to ensure users and computers in AD follow the set policies.
3. Azure/Office365. Nearly every business is using Azure/O365 in some capacity. Some larger businesses may even be using AzureAD, which is a cloud version of Active Directory. Knowing how this integrates with AD and business flow as a whole is very important. Many older IT/InfoSec folks ignore this one and write it off as “too annoying to bother with”. I agree that it’s super annoying, but things are heading this way. After this recent exchange zero-day, tons of businesses are going this way.
4. Powershell (Thank you u/zeealex). It’s a scripting language that is used to integrate with AD, PC’s, Azure, etc. Knowing how to use Powershell will make your life WAY easier. It allows you to make broad changes, or even custom rules that GPO can’t do. For example, many organizations will have a powershell script to see when the last time a user logged in; if it’s more than 3 months, the script will disable that user and move them to a “inactive” OU (folder) in AD to prevent stale accounts.
Topic 1 and 2 I cannot stress enough are critical. This is where cybersecurity degree programs and “bootcamps” fail to train people. I’ve seen tons of InfoSec people with masters degrees fail to get jobs because they get to a technical interview and have zero idea how to operate in AD or use GPOs. This is why I preach having 1-2 years sysadmin experience, because the knowledge you gain will slam dunk interviews in the CyberSec world.
Your email address will not be published. Required fields are marked *
Save my name, email, and website in this browser for the next time I comment.
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Username or Email Address