Whats up guys eh, long time and i haven’t posted anything recently. Yeah i know i have been busy with a ton of work at the company where we have been doing something amazing almost every day. Recently, we have been working on various cutting-edge vulnerability research and product development projects and my end of the day is like never-ending. Anyways, there have been many students asking me one common question every time i login to facebook or any other social media that “I am a B.tech/BCA/MCA/B. Sc IT student and to focus more on cybersecurity, which subjects i should focus on”. Well, your parents would say every subject :P, but some of the subjects do stand out from the crowd. Like i have always mentioned in my previous talks, articles that C is the mother of all programming languages, you should always keep C in the prime focus when it comes to programming. For those who suck at C or programming entirely, i am afraid that you may become a cybersecurity professional knowing nothing behind the picture and it will bite you someday or the other.
Well, there are two kinds of people in the cyber security industry, especially on the low profile jobs, ones who are dedicated, committed and research oriented, those who will try every possible way to attack the application or any stack by finding vulnerabilities, logical flaws etc and there is a completely different lot as well.
There is a unique bunch of people who are dedicated, committed but are more of “Bots”. Well sometimes bots can be cool, but they are generally hired to do only a single job that is to click some of the buttons on a vulnerability scanner. Well, the people i mentioned earlier (the one’s who suck at programming) are excellent candidates for Bots since they are paid for clicking few buttons a month, it sounds really easy. However, easy is sometimes dull. A dedicated cybersecurity professional can never be boring, he wakes up to a new challenge every single day. Yet, to change your fate from becoming a life sized bot, the changes have to be done in the past and especially at the level where you are still developing skills. Hence, it is essential to know what’s important and what’s not, which subjects to focus precisely. Therefore, let me list down some of the critical subjects and the skills they will help you with if you focus more on them. We will be starting with the very primary subjects:
- C/CPP Programming: Must for Everyone, developers, exploit researchers, pen-testers for logics etc.
- Data Structures: Must for Exploit researchers especially in Heap overflow bugs, doubly linked list concepts help you out a lot. May not be that important for pen-testers who limit their scope only to scanners
- Operating System: Yes, the book in red and with dinosaurs… Important, Very important for researchers, developers, exploit developers because you get to know the insights of the operating system, get to know about processes and threads.
- Computer Architecture: The most focused subject should be this one if you are planning exploit research or even if you are preparing for OSCP/OSCE. I frankly thought this subject is a pain, but i realised that if i would have put in a lil bit of the extra effort at the time i was studying, I would have not have learnt Assembly and computer organisation again.
- Automata Theory: Good for Researchers, developers
- Computer Networks: Good for Researchers/ Developers /Exploit Developers/ Vulnerability Researchers, Pen-Testers etc.
- Software Engineering: And the most boring subject of the century goes to… Anyways, though its boring, it will help you in learning the development stages, Models and plenty of other stuff. Mostly helpful for startup founders, solution researchers etc.
- Artifical Intelligence/ Machine Learning: if these make a cut in your syllabus, you should be thankful to your college. AI and ML is a booming domain especially when combined with cybersecurity products. Mostly for everyone but especially for Developers (Cater to the current market)
- Compiler Design: Good to know for developers and researchers, not too important for pen-testers
- Cryptography: Aah… You know this right.. However, i strongly believe that this subject should also throw some light on the cryptanalysis. Essential for researchers, developers and CTF players.
- Wireless Sensor Networks: Yes, required for everyone especially in network pentesting, distributed solutions and much more
- Computer Networks: Everyone should know this especially if you like playing with Hackrf, SDR etc. Why? Encodings… Modulation Types and much more
- Add-Ons: Linux Programming: I am always thankful to LPU for putting this in my course material. This subject taught me SYSCALLS while i was studying.
- Add-Ons: Visual Basic: I am grateful again to my university for putting this in.. i am able to develop a lot of security tools and malware due to this :P
- Add-Ons: C#: Good to know and very important for developers especially when you hate Java.
- Add-Ons: Java: I suck at Java!! Enough Said.. but for developers, app developers this is a must
- Add-Ons: Python: Oh Yeah!! This is the best thing that can happen to you.
- Add-Ons: Cyber Security: If you failed to select this on time, that would be sad…
- Add-Ons: a lot of self-study, don’t spend unnecessarily on Courses, learn from practical exposure such as Hack in the Box, VulnHub etc.
- Add-Ons: Attendance: You would learn all of the above if you will be present in the class.
- The Most Important: Patience: Dont cram, try to learn. Dont go for cyber security if you think your friend has done it and so should you. Fall in love with it first.
Hope this helps and answers your questions. Yes, there are a ton of courses online and available freely as well which will aid your learning process. Don’t just be in the cybersecurity field for the job, be in the job because you know cyber security. I am happy that after completing my M.tech i am working in an area where my hobby changed to my profession and it feels like i am never working :) Post your queries in the comments if you think i left something out. Thanks
2018-08-26 16:53 +0530