**Getting Into Security: A Guide for Non-Traditional Backgrounds**

Many people think that getting into security means having a specific background or experience, but this couldn't be further from the truth. In fact, many security professionals have come from non-traditional backgrounds, such as software development, network administration, or even stock analysis.

**Analytical Thinking is Key**

One of the most important skills for anyone looking to get into security is analytical thinking and problem-solving ability. This means being able to break down complex problems into smaller parts, identify patterns and anomalies, and develop creative solutions. In many IT roles, such as network administration or software development, these skills are already well-honed, making it easier to transition into a security role.

**Stock Analysts: A Unique Perspective**

For example, stock analysts often work with financial data, identifying trends and patterns in order to make informed investment decisions. These same skills can be applied to security, where analyzing network traffic or system logs requires similar attention to detail and analytical thinking. In fact, many companies are looking for people with a non-traditional background in IT roles, as they bring a fresh perspective and new ways of thinking to the table.

**Network Administration: A Stepping Stone**

Another example is network administration, which may seem like an unrelated field at first glance. However, network administrators spend their days troubleshooting network issues, configuring systems, and optimizing performance - all skills that are highly transferable to security. Many companies use this as a stepping stone into security roles, where the same analytical thinking and problem-solving skills can be applied in a more critical environment.

**The Importance of Certifications**

When it comes to getting into security, certifications can be incredibly valuable. Having a certification like Security+ or CISSP demonstrates that an individual has a certain level of knowledge and expertise in the field. However, many certifications also require experience and training, which can be obtained through online courses, boot camps, or even on-the-job training.

**Linux Distributions: The Tools of the Trade**

One of the most important tools for any security professional is Linux distributions like Cali-LiNx or Kali. These distros contain a wide range of tools and software that are used to analyze network traffic, configure systems, and identify vulnerabilities. Many security professionals use these tools on a daily basis, and having experience with them can be a major asset in the field.

**Understanding Network Tools**

Finally, understanding basic network tools like subnetting, TCP/IP, and traceroute is essential for any IT professional looking to get into security. These tools are used to analyze network traffic, identify vulnerabilities, and optimize system performance - all critical skills for security professionals.

**Don't Miss Out: The Value of Network Plus Certification**

One of the most important things an individual can do when looking to get into security is to obtain a Network Plus certification. This certification demonstrates that an individual has a certain level of knowledge and expertise in network administration, which is highly transferable to security roles. By obtaining this certification, individuals can demonstrate their skills to potential employers and increase their chances of success in the field.

**Getting Started: Where to Begin**

So, where do you begin when looking to get into security? The most important thing is to start by developing your analytical thinking and problem-solving skills. Look for online courses or training programs that focus on these skills, such as penetration testing or reverse engineering. Additionally, consider obtaining a certification like Security+ or CISSP, which can demonstrate your expertise in the field.

**Conclusion**

In conclusion, getting into security doesn't have to mean having a specific background or experience. With analytical thinking and problem-solving ability, individuals from non-traditional backgrounds can make a successful transition into the field. By obtaining certifications like Security+ or CISSP, developing skills like Linux distribution expertise, and understanding basic network tools, individuals can position themselves for success in this exciting and rewarding field.

"WEBVTTKind: captionsLanguage: enlooking at logs looking through logs to identify potential threats and attacks and then understanding how to mitigate those someone who understands how to look at a screen and look at alerts for example and then pick out an alert to understand what that is and what to do and then either deal with it or escalate it to the next level very common question any i.t related background skills are transitive at least some of them to security any kind of um you know like help desks you know service desks kind of work administration work even better like a sys admin or a network admin maybe you're a network guy it doesn't matter software developer you know application developer you know cloud specialists any of those it related jobs or roles can lend themselves to security because most i.t roles i.t related roles require the individual to have that analytical thinking and problem solving ability and that's really what it's about is having an analytical mind being able to solve problems and know where to go to solve solve an issue you know all of those help tremendously a lot of stock analysts uh positions are tend to be open quite a bit the turnover rate for sock analysts is something like uh i won't say two years maybe two and a half years and that's actually normal and there's nothing wrong with that because the soccer analyst position is like an entry-level role and it's not a role where you're supposed to be there for more than three or four years it's actually designed for people to be introduced to the field and learn you know learn about threat actors learn about red team and blue team and that sort of thing and learn about hacking tools and techniques and how to recognize them ideally sock analysts will after three years or so want to move on to something else like maybe an architect role or eventually an engineer role which is more senior um but yeah i would say sock analysts uh there are other titles like cyber security specialists you know they use the words like a specialist analyst those are typically used interchangeably lead cyber security lead those words are typically used interchangeably as entry-level type positions or maybe one to two years experience and it'll say i.t security or cyber security cloud security is another one cloud security specialist focusing on you know obviously the cloud azure aws and so on those are the big ones right now yeah i would say so the cocktail has has the security plus um but they also have network plus and others you know don't focus just on security but look at the other it related certifications out there because it shows you a little more well-rounded so for example if you have security plus i would also get like network plus there's something else to demonstrate that you actually understand networks you're not just a security person you you also understand networking you want to demonstrate that you have sort of a well-rounded knowledge and experience and that's why i i suggest the not just the security certifications but also more i.t related you know if you feel like getting one of the cisco certifications great you know palo alto fortinet microsoft get a microsoft certification or aws those go very well with a security plus or even a cissp and azure microsoft and amazon both offer their own security certificates as well understanding of networking tcp application security your common application security vulnerabilities and knowing how to deal with those analytical skills and problem solving skills and understanding how to escalate problems as you see them experienced with logs and monitoring a lot of people ask about penetration testing and ethical hacking and how do we get to do that typically that's considered a more advanced activity most employers and i'm one of them will not hire an entry-level pen tester we just won't because of liability one of the premier tool sets is cali kali kali linux is a linux distribution especially a hacker's toolkit it contains so many different tools that hackers use and pen testers use to do their work so knowing cali being familiar with cali is really good another one is parrot like the bird it's similar to to cali you know black arch i mean there are several linux distributions that are security specific that contain you know the tool sets and so at that point you have a personal preference to cali or parrot or black arch or something so that's that's a big one there that's helpful some interviewers will ask you questions about mmap and how to properly use map so i would be very familiar with that if i were you know a candidate and then metasploit is is also commonly used as well so you're scanning tools like nmap and then metasploit and then you know beyond that there are others like burp suite that are handy to know and it demonstrates that you understand how they work and you're familiar with them because they're they're commonly used you know a lot of people miss this is understanding just your regular network tools you know subnetting for example tcp subnetting you know what does subnetting mean explain it why why do companies do it what is traceroute why would you use traceroute pain why would you use pain your basic network tools and this is why i go back to maybe having that network plus certification is good because i've seen security people just not know basic general i.t commands you know how would you go about looking at this or looking at that what would you use to gather this information like some of the windows net commands for example uh you know they're not security specific but they can be used to gather you know information for security purposeslooking at logs looking through logs to identify potential threats and attacks and then understanding how to mitigate those someone who understands how to look at a screen and look at alerts for example and then pick out an alert to understand what that is and what to do and then either deal with it or escalate it to the next level very common question any i.t related background skills are transitive at least some of them to security any kind of um you know like help desks you know service desks kind of work administration work even better like a sys admin or a network admin maybe you're a network guy it doesn't matter software developer you know application developer you know cloud specialists any of those it related jobs or roles can lend themselves to security because most i.t roles i.t related roles require the individual to have that analytical thinking and problem solving ability and that's really what it's about is having an analytical mind being able to solve problems and know where to go to solve solve an issue you know all of those help tremendously a lot of stock analysts uh positions are tend to be open quite a bit the turnover rate for sock analysts is something like uh i won't say two years maybe two and a half years and that's actually normal and there's nothing wrong with that because the soccer analyst position is like an entry-level role and it's not a role where you're supposed to be there for more than three or four years it's actually designed for people to be introduced to the field and learn you know learn about threat actors learn about red team and blue team and that sort of thing and learn about hacking tools and techniques and how to recognize them ideally sock analysts will after three years or so want to move on to something else like maybe an architect role or eventually an engineer role which is more senior um but yeah i would say sock analysts uh there are other titles like cyber security specialists you know they use the words like a specialist analyst those are typically used interchangeably lead cyber security lead those words are typically used interchangeably as entry-level type positions or maybe one to two years experience and it'll say i.t security or cyber security cloud security is another one cloud security specialist focusing on you know obviously the cloud azure aws and so on those are the big ones right now yeah i would say so the cocktail has has the security plus um but they also have network plus and others you know don't focus just on security but look at the other it related certifications out there because it shows you a little more well-rounded so for example if you have security plus i would also get like network plus there's something else to demonstrate that you actually understand networks you're not just a security person you you also understand networking you want to demonstrate that you have sort of a well-rounded knowledge and experience and that's why i i suggest the not just the security certifications but also more i.t related you know if you feel like getting one of the cisco certifications great you know palo alto fortinet microsoft get a microsoft certification or aws those go very well with a security plus or even a cissp and azure microsoft and amazon both offer their own security certificates as well understanding of networking tcp application security your common application security vulnerabilities and knowing how to deal with those analytical skills and problem solving skills and understanding how to escalate problems as you see them experienced with logs and monitoring a lot of people ask about penetration testing and ethical hacking and how do we get to do that typically that's considered a more advanced activity most employers and i'm one of them will not hire an entry-level pen tester we just won't because of liability one of the premier tool sets is cali kali kali linux is a linux distribution especially a hacker's toolkit it contains so many different tools that hackers use and pen testers use to do their work so knowing cali being familiar with cali is really good another one is parrot like the bird it's similar to to cali you know black arch i mean there are several linux distributions that are security specific that contain you know the tool sets and so at that point you have a personal preference to cali or parrot or black arch or something so that's that's a big one there that's helpful some interviewers will ask you questions about mmap and how to properly use map so i would be very familiar with that if i were you know a candidate and then metasploit is is also commonly used as well so you're scanning tools like nmap and then metasploit and then you know beyond that there are others like burp suite that are handy to know and it demonstrates that you understand how they work and you're familiar with them because they're they're commonly used you know a lot of people miss this is understanding just your regular network tools you know subnetting for example tcp subnetting you know what does subnetting mean explain it why why do companies do it what is traceroute why would you use traceroute pain why would you use pain your basic network tools and this is why i go back to maybe having that network plus certification is good because i've seen security people just not know basic general i.t commands you know how would you go about looking at this or looking at that what would you use to gather this information like some of the windows net commands for example uh you know they're not security specific but they can be used to gather you know information for security purposes\n"