March 29, 2021

What are the most useful Windows tools for a security employee to be an expert on?

I’m early in my career and want to be very targeted in my skill building. What Windows skills are most in demand?

Comments

Ghawblin

1. Active Directory Users and Computers (commonly referred to as AD). You’ll be hard pressed to find any organization with more than 20 computers that doesn’t use this. Every IT person, CyberSecurity or not, needs to know this like the back of their hand. This is where you have “domains”, so that you can then add users and computers to that domain. From there, it allows you to setup categories, groups, etc to classify and organize your environment. How does a business keep track of 10,000 users, 5000 computers, and 1000 servers? Active Directory.

2. Group Policy. This sorta goes with AD. This is essential to establishing baselines in an AD environment, which is critical not only for Sysadmins mental health, but CyberSecurity to ensure users and computers in AD follow the set policies.

3. Azure/Office365. Nearly every business is using Azure/O365 in some capacity. Some larger businesses may even be using AzureAD, which is a cloud version of Active Directory. Knowing how this integrates with AD and business flow as a whole is very important. Many older IT/InfoSec folks ignore this one and write it off as “too annoying to bother with”. I agree that it’s super annoying, but things are heading this way. After this recent exchange zero-day, tons of businesses are going this way.

4. Powershell (Thank you u/zeealex). It’s a scripting language that is used to integrate with AD, PC’s, Azure, etc. Knowing how to use Powershell will make your life WAY easier. It allows you to make broad changes, or even custom rules that GPO can’t do. For example, many organizations will have a powershell script to see when the last time a user logged in; if it’s more than 3 months, the script will disable that user and move them to a “inactive” OU (folder) in AD to prevent stale accounts.

Topic 1 and 2 I cannot stress enough are critical. This is where cybersecurity degree programs and “bootcamps” fail to train people. I’ve seen tons of InfoSec people with masters degrees fail to get jobs because they get to a technical interview and have zero idea how to operate in AD or use GPOs. This is why I preach having 1-2 years sysadmin experience, because the knowledge you gain will slam dunk interviews in the CyberSec world.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.