General

Cyber Career Master Plan Book Review:

August 26, 2023

Sharing notes from Mr. Gerald Auger’s book. This book has inspired me to start a blog as I explore the field of Cybersecurity. The key takeaways from the book are as follows:

1. Choosing the Right Career Field in Cybersecurity – Cybersecurity roadmap & understanding cybersecurity domains.

  • Offensive Security (Penetration Testing) – Ideal if you’re curious, enjoy exploring and improving systems. Involves legally attacking systems to find vulnerabilities and prevent future attacks.
  • Governance and GRC (Governance, Risk, and Compliance) – Suitable if you’re interested in cybersecurity laws and regulations. Involves aligning and ensuring effective GRC within organizations.
  • Threat Intelligence (Internal and External) – A good fit if you enjoy research, analysis, and strategic planning. Requires staying updated on national and international cybersecurity news and trends.
  • Security Operation and Incident Response – Suitable if you’re a planner, investigator, and can handle long hours. Involves preparing for and responding to security incidents to ensure business continuity.
  • Security Architecture and Cloud Security: – – Fits those who can integrate technical and business aspects. Security Architects design and work with different architectures.

2. Exploring Cybersecurity Certifications ā€“ Choosing a Track/Roadmap to a Desired Career:

Red certification:

  • eLearnSecurity Junior Penetration Tester (eJPT).
  • EC-Council Certified Ethical Hacker (C|EH).
  • GIAC Penetration Tester (GPEN).
  • CompTIA Pentest+.
  • eLearnSecurity Certified Professional Penetration Tester (eCPPT).
  • Offensive Security Certified Professional (OSCP).

Blue teaming certifications:

  • Security Blue Team Level 1 (BTL1).
  • eLearnSecurity Certified Incident Responder (eCIR).
  • eLearnSecurity’s Certified Threat Hunting Professional (eCTHP).
  • GIAC Certified Incident Handler (GCIH).

Auditing certification:

  • Certified Information Systems Auditor (CISA).

GRC/management certifications:

  • CompTIA Project+.
  • Project Management Professional (PMP).
  • Certified Information Security Manager (CISM).

3. Getting Hands-On Experience – The author emphasizes the significance of home labs in gaining practical experience that complements theoretical knowledge. This leads to a comprehensive understanding of technical subjects. Setting up labs using Raspberry Pi, Webgoat, and learning Wireshark are highlighted. Attending conferences is also beneficial.

4. Personal Branding – The book discusses how personal branding can aid professional growth and help build a network through social media. It advises determining your passion and what you enjoy learning about and sharing with others. Mr. Auger’s story of growing from 600 to 50K followers on LinkedIn is mentioned. Your motivation (why) will evolve through this process, keeping you focused on your passion. The book explores different social media platforms, including Twitter, Discord, Instagram, LinkedIn, and YouTube, and how they can enhance your brand.

5. Trusting the Process:

The book explains the SMART goal-setting framework:

  • Specific (what, who, where, and why).
  • Measurable (motivational).
  • Attainable (realistic).
  • Relevant (aligned with the overall dream).
  • Time-based (end date and time-driven).

Additionally, finding a mentor is highly beneficial, and the book discusses the mentor and mentee relationship.

Quotes:

No matter what path you’ve walked in life there is an opportunity
for everyone in cybersecurity. ā€“ Dr. Gerald Auger

Amazon: https://www.amazon.com/Cybersecurity-Career-Master-Plan-cybersecurity/dp/1801073562

Hi, Iā€™m Ron