Red Teaming
ltnbob,
Jul 11
2023
With millions of unfilled positions worldwide the demand for cybersecurity professionals continues to grow. If you’re a beginner interested in getting a foothold in the industry, where should you start?
When we polled 11,498 members of the community on LinkedIn about the best entry-level cybersecurity jobs, SOC analyst, system administrator, and IT support roles received the most votes.
After polling the community, we followed up with Hack The Box (HTB) staff and friends to get their insights on these entry-level cybersecurity jobs for beginners early on in their careers.
It depends on the kind of beginner you are.
Someone starting with zero IT knowledge will have a different journey from someone who’s completed cybersecurity certifications like HTB CTPS, participated in CTFs, and demonstrated real skills through a platform like HTB.
A way to identify your starting point is to use the following ESE framework (experience, skills, and end goal) to assess your current skills and experience against your cybersecurity career goals:
Experience: Your current level of experience with IT-related tasks.
For example, have you built, supported, or administered a network? Do you have any experience working in IT environments?
Skills: Your practical skills, certifications, and overall domain knowledge.
This could range from academic degrees to practical certifications from a trusted upskilling platform like HTB.
End goal: Your short and long-term goals for your career in cybersecurity.
Let’s say your long-term goal is to become a penetration tester, but you don’t have the required skills and experience. You might set a mid-term goal of working in an entry-level SOC analyst role to build your foundational skills first, and then transition into a penetration testing/offensive role over the long term.
With that said, let’s look at what many of the experts, content developers, leaders, and friends of HTB have to say about the best entry-level cybersecurity jobs.
I’ll also share my own answers to the “where do I start?" question, which I’ve received a lot as an IT and cybersecurity instructor and researcher.
💡Note: There are many entry points into cybersecurity depending on where you want to go and what your starting point is. The insights below are based on the unique experiences of contributors.
If you are an absolute beginner, I recommend you work as an IT support specialist for at least six months and apply security to what you do every day.
Develop a security mindset while you intentionally strengthen your foundations and continually work through challenges on HTB Labs and the HTB Academy (this will certainly accelerate the growth process).
I personally believe you’ll be better prepared to serve and secure people and organizations if you start in a support role; it helps you develop an intimate understanding of how information technologies support business functions.
My first job in the IT industry was as an IT Support Specialist and Backup and Disaster Recovery Manager (BDR) for a service provider serving hundreds of business clients with all their IT and cybersecurity needs.
Some of my responsibilities were: remote IT support, server support, network design and administration, incident response (mostly ransomware), cloud configuration and monitoring, and overall IT security administration. (Perhaps I wore too many hats, as many of us in the industry often do 😊.)
Expanding on the skills beginners learn with support or helpdesk roles, Vladimir Zaha (0ne_nine9), Information Security Analyst and former IT Support Specialist at HTB, shares that “You learn the importance of documentation, the technical troubleshooting mindset, the ability to decompile complex problems into simple singular elements, and how to read and follow instructions.”
Ben Rollin (mrb3n), HTB’s Head of Security, adds that support roles are a great launchpad for different cybersecurity jobs.
Not everyone can get into a junior sysadmin role right away. So another great path could be IT support --> Sysadmin --> Pentester. It is difficult to break into pentesting directly (but it can be done). That’s why I wholeheartedly recommend getting as much general IT experience as you can before making a shift into a technical infosec role.
Key skills you’ll learn as an IT support specialist
Basic Computer Operations.
Hardware.
Software.
Input devices.
Output devices.
Operating Systems.
Computer Networking Fundamentals.
TCP/IP.
How switches work.
How routers work.
VLANs and Network Segmentation.
Practical understanding of how network protocols operate.
Customer Service.
Communicating technical concepts in easy-to-understand ways.
Troubleshooting.
Investigation abilities (what is the actual issue?).
Operating ticketing systems.
Prioritizing problems.
Understanding that IT is a business function that enables other departments to keep working (The Business Value of IT).
Teamwork.
Windows Operating Systems Power User.
Navigating the OS and file system(s).
Configuring and troubleshooting networking.
Understanding how users are using Windows to do their jobs.
Active Directory fundamentals.
Creating and Managing User Accounts and Security Groups.
Joining Windows workstations to Windows Domains.
Linux Operating Systems Power User
Navigating the OS and file system(s).
Configuring and troubleshooting networking.
Discovering various ways businesses use Linux to conduct business.
Security Awareness
Understanding what common mistakes get made that lead to breaches.
Teaching users how to value security and what to watch out for in friendly ways.
Please know that depending on the size of the organization, many of these skills may also be shared by the system or network administrator. Typically larger teams will specialize more whereas smaller teams will have each member performing the tasks of several roles.
💡Related read: The best programming languages for cybersecurity
If you want to go straight into security from a non-technical role or from school, without first going into IT, the SOC analyst role is your best bet according to Ryan Gordon, Customer Operations Manager at Hack The Box. “It's what is most widely available for an entry-level person to get hired.”
Working in a SOC is about actively defending the organization. Within the SOC team, an analyst is responsible for keeping an eye on an organization's computer systems 24/7, looking for any suspicious activity, potential threats, or security breaches.
If something looks fishy, it's the SOC analyst's job to investigate it and determine if it's a real threat or just a false alarm.
David Forsythe (0xdf), Training Lab Architect at HTB, shares that the “SOC is the most accessible entry-level position, as there are tons of positions out there.”
Even at the most entry-level position, you get hands-on experience triaging alerts, understanding false positives and what causes them, and how to respond. There's a clear path to climb to more and more complex and advanced positions (don't stay in a role that doesn't offer this).
Related read: What is a SOC analyst? (Career Q&A with Sebastian Hague).
Gary Ruddell, Head of Cyber Threat Intelligence and a former military operator, adds that “there’s no better way to learn cybersecurity than spending time in the trenches on the front lines. That’s what the SOC is. They will work closely with threat intelligence, engineers, and incident responders to make sure the network stays safe. From there, you can go anywhere.
Key skills you’ll learn as a SOC analyst
How a SOC works and why they exist.
Different positions held in a SOC.
Defensive mindsets.
General SOC operations.
Knowing the enemy (this is where having the hacker’s mindset can really make a difference).
Networking fundamentals (similar to most positions in IT and cybersecurity.
TCP/IP.
How switches work.
How routers work.
How firewalls (hardware, host-based and web application-based) work.
Network segmentation and zoning.
How IDS/IPS’s work.
Analyzing packet captures.
Various network monitoring protocols and solutions.
Asset management (knowing what technologies need to be protected at any given time. This is harder than it seems).
Logging, event, and data analysis.
Log aggregation.
Properly implementing and working with a Security Information and Event Management system (SIEM).
Data visualization.
Endpoint Detection and Response (EDR).
Extended Detection and Response (XDR).
Incident Response.
Effectively implementing, continuously updating and using an incident response plan.
Windows forensics.
Linux forensics.
Network forensics.
Precisely documenting events that occurred during the incident.
Acting with precision and urgency.
Ippsec, Senior Training Lab Architect at HTB, says that for hands-on roles, the administrator or helpdesk route is ideal because you learn about general IT and get hands-on access to systems.
“This hands-on access translates well into pentesting/red teaming because once you exploit a system and get a shell, your general IT experience will take over and the shell won't seem so foreign to you.”
“I think a great word that sums up exactly why this job is absolutely perfect for a beginner is ‘exposure,’’ shares Sebastian Hague (Sebh24), HTB’s Defensive Content Lead.
As a system administrator, you are likely to be exposed to numerous differing systems, applications, and networks. The hands-on experience and knowledge you pick up here can seen as the "foundations" that allow for the ongoing pursuit of knowledge within infosec. Without them, the house will simply topple over.
Assuming that someone wants to get into pentesting, Ben Rollin also considers sysadmin experience a powerful advantage before moving into a technical security role such as penetration testing.
You’ll understand both the offensive/defensive sides of cybersecurity and "why" certain things are done in a network environment. This is a huge help when you’re dealing with different teams within your client companies because you have “walked in their shoes.”
Sysadmin experience also helps you make more informed decisions when assigning risk to findings and then recommending remediation strategies. You'll have a strong understanding of why certain choices are made within a corporate network, why certain limitations exist, and potential workarounds to advise them better.
Key skills you’ll learn as a system administrator
Windows Server and Endpoint Administration.
Active Directory.
Group Policy administration.
DNS.
DHCP.
File server.
Automating administrative tasks on Windows endpoints.
PowerShell scripting.
Maintain user account and system security.
Microsoft Exchange (yes many companies do still host exchange servers. on-premise)
Hardening.
Linux System Administration.
Bash scripting.
User account, group account, and permissions management.
Web servers operations and management (Apache, Nginx, and more).
Hardening.
Network Administration (many sysadmins are also network admins).
Configuring, troubleshooting and managing routers, switches and wireless APs.
Firewall and VPN administration.
Hypervisor Administration.
Windows Hyper-v.
VMware ESXi.
Nutanix.
Creating and managing Virtual Machines.
Migrating, Cloning, and Deploying VMs.
Interacting with leadership and other important miscellaneous tasks.
Recommending and Managing hardware upgrades and utilization of new. services to leaders that make purchasing decisions.
Developing and writing standard operating procedures.
Maintaining a knowledge base.
Cloud Systems Administration (this can be a completely separate job in some companies).
Understanding how businesses use IaaS, PaaS, and SaaS cloud offerings.
Microsoft 365 (also referred to as Office 365).
Azure.
Google Cloud.
Amazon Web Services.
Alibaba Cloud.
Hack The Box was originally built to upskill penetration testers. But is pentesting actually an entry-level role?
Traditionally, penetration testing is not considered an entry-level role due to the level of technical skill and experience required to be proficient at it.
But we are now seeing a new generation of pentesters and cybersecurity professionals coming from Hack The Box directly, which is in many ways breaking the traditional mold and career path into cybersecurity.
In fact, when HTB asked the cybersecurity community on LinkedIn if securing a pentesting role as a first job was possible, 67% said yes:
Many of the well-informed minds that shared their perspective throughout this post, however, admittedly did not have resources like Hack The Box when they were beginning their careers, myself included.
HTB flattens the learning curve substantially and can create unique opportunities as you work through content and connect with members of the community.
I can personally attest to this as I’ve gotten interviews, opportunities, established friendships, and fruitful career connections as a direct result of learning with Hack The Box. We can even see that innovative security firms like Synack are seriously considering Hack The Box experience when assessing candidates to join their red team.
More companies are starting to view Hack The Box as a source of talent and not just a training solution for those already employed. Some even post jobs on Hack The Box’s Talent Search, which allows players to apply for jobs (often based on HTB rank) directly through the job board.
That said, none of us can learn these skills, capture flags, complete challenges, and live experiences for you. You will need to rise to the occasion and own your learning process.
HTB has a variety of curated pathways and content for learners to begin or advance their cybersecurity careers. I’d recommend the following resources to build some learning momentum and support your career goals:
The beginner’s bible on how to learn hacking.
Ippsec's and 0xdf’s joint guide on using write-ups to learn and improve your skills.
The Information Security Foundations Path on the HTB Academy.
Hack The Box Starting Point.
The HTB Academy Penetration Tester Job Role Path and pass the penetration testing certification.
Supplementing your HTB Academy module studies with boxes from the main platform (HTB Labs) is an ideal learning experience. Starting Point Boxes have guiding questions that can clue you into what to try next when attempting to get flags and learn critical concepts.
(Be sure to read the walkthroughs even if you don't need to use them during a challenge, you will learn even more by seeing different ways to solve a Box.)
Finally, don't forget to add skills to your resume and LinkedIn as you grow. It’s important to consistently practice your ability to communicate skills and knowledge gained in written and verbal form.
Complete the quiz and discover which cybersecurity career is the best for you! Embrace your inner hacker, start training, and level up your skills to land the infosec job of your dreams.
Author bio: Robert Theisen (LTNB0B), IT Program Director/Cybersecurity Professor Robert loves learning, but he loves to empower others even more. He never takes off his IT/infosec professional hat and never will so long as he is preparing others to succeed by mastering the various tactics, techniques, procedures, and tools at their disposal. He has been in the industry for over ten years, accumulated over ten certifications, and assisted thousands of people around the world with entering and leading successful careers in the industry. None of his accomplishments would be possible without great mentors, friends, family, the Internet, and God. You can connect with him on LinkedIn. |
Blue Teaming
Odysseus (c4n0pus), Dec 20, 2024