As promised, here are some short ideas of what to do and how to prepare for actual cybersec assessment in real life.
Please note that I’m currently working on xRED certification (pentesting – PWK, forensics – CHFI, analytics – IBM), so it’s going to be a bit messy but bear with me.
First off – networks, web applications, OS’ – Windows, OS X, Linux. Terminal is inevitable, but unlike Thanos you can pull off impressive things without GUI, and you got to know it – clients usually don’t have any idea about what is going on.
Usually, any kind of assessment starts with audit – you got to know proper documentation from security standpoint – corporate policies, SoC policies, data management and so on. Audit is vital and if you mess you this part any kind of assessment is ruined from the beginning – I had a chance to look at one company that tried to sell automated scan as a whole CS assessment pack, and no further projects was sold.
Forensics – GDPR, you got to know what is going on, GDPR is vital as oxygen and water for anything related to cybersec. Also, you local regulation – for US it’s going to be a fun ride, and since I’m in Russia, my set of laws is weird but I’m fine with that – GDPR covers me all the time.
Pentesting – Kali/Parrot, curl, bash, nmap (buy an Android phone, install Termux and nmap over it, knowing nmap without sudo saves me from killing anything accidentally), netcat, BurpSuite, and anything you can find but NEVER TRY TO PENTEST RUNNING CITES SINCE ITS PROHIBITED BY LAW.
Also, pay attention and always dig deeper, buy some books related to history of CS, any kind of C hacking manuals can give you enough info about what to do with your line of training.
Certification – PWK, CEH, CHFI, IBM CSAPC (Coursera, 8 stages), so on.
Also, pay respect to others and don’t try to hack “InStAgRaM fur loooo00000lzzzz”, you’re going to jail and it’s something you should do a) after proper training b) as an official offer which is documented and packed with contracts c) as a CS team member
Modern world runs on mobile, if you know what I mean
This is my personal take, and since actual pentesting/forensics/analytics are way harder, some blacks could potentially read this so don’t worry – every black hacker should go to jail.
Take care, let’s make this world a safer place