Kickstart Career in Vulnerability Management

1. Create Theoretical Base

Learn the following terms/concepts (at least basics):
a. Vulnerability, Threat, Exploit, Risk, Attack Vector etc.
b. Threat Intelligence.
c. OSI Model and CIA Triad.
d. Types of Encryptions (Symmetric/Asymmetric).
e. OWASP Top 10.
f. Vulnerability Management Lifecycle.
g. Patch Management Lifecycle.
h. Vulnerability Scoring Systems such as CVSS from FIRST.
i. Types of Vulnerability Scans
(Discovery/External/Internal/Vulnerability/Compliance/Authenticated/Unauthenticated)
j. Vulnerability Databases (NVD, VulnDB, Vulners)
k. Phases of a Vulnerability Scan.
l. Exploit Prediction Scoring Systems such as EPSS from FIRST.
m. Windows and Linux operating systems basics.
n. Networking basics (Cisco ISE/WLC/Router/Switch/Firewall/Subnetting).
o. Storage basics (SAN/NAS).
p. Virtualization basics.
q. Web Application basics.
r. Basic protocols such as HTTP, DNS, DHCP, ARP, HTTPS, SSH, SSL, TLS, POP, IMAP, SMTP,
Telnet, FTP, SMB, NetBIOS, SNMP, LDAP, NTP, REST, SOAP, SPF, DKIM, DMARC etc.
s. False Positive, False Negative, True Positive and True Negative.
t. Types of architectures (Agent based/Scanner based/Cloud based/On premise).
u. Dashboards in Vulnerability Management.
v. Standard data formats in Cybersecurity.
w. SCAP protocol (CVE/CPE/CCE/OCIL/XCCDF/ARF).
x. Types of vulnerabilities (Known/Zero day/Application/Network).
y. Types of TCP scans.
z. Difference between Protocol, Standard, Dialect and Specification.
aa. Difference between Process, Thread and Service.
bb. Windows Authentication Arcitecture (Kerberos/NTLM).
cc. CIS Controls.
dd. Organizations such as NIST, MITRE, CISA, FIRST etc.
ee. Cloud basics (IaaS/PaaS/Saas).
ff. Basic Scripting (Shell/PowerShell/Python).
gg. Widely exploited vulnerabilities (Log4j, PrintNightmare, Follina, Spring4Shell, ProxyShell,
Zerologon etc.)
hh. Regex
ii. KPIs and KRIs in Vulnerability Management.
jj. Vulnerability Management Policy
kk. Vulnerability Management - BAU (Business As Usual) and Ad hoc tasks
ll. Container Security
mm. DevSecOps
nn. Various vendors in Vulnerability Management domain.
2. Perform Practical
a. Install Nessus scanner and initiate a scan. You can also use Qualys. You can setup a lab
using hypervisors like Oracle Virtual Box where you can scan multiple systems (A
Windows and Linux OS segregated by a firewall).
b. Install Kali Linux. Learn Nmap, Metasploit and Burp Suite.
c. Study what each column header means in vulnerability report.
d. Setup authentication before initiating a vulnerability scan and observe differences
between an authenticated and unauthenticated scan.
e. Learn to use CVSS calculators.
f. Once you have vulnerability reports, learn to prioritize vulnerabilities.
g. Practice OWASP Top 10 on intentionally created vulnerable applications such as DVWA
and OWASP Juice Shop.
h. Create scripts to enrich vulnerability data with EPSS Scores.
i. Practice Regex (Will be helpful in compliance scanning).
j. Prepare dashboards using Microsoft Power BI or Excel.
k. Subscribe to CyberSecurity news and articles (you will learn about new attack vectors).

3. Certifications
a. Qualys has a lot of free certifications.

4. Courses
a. Certified Vulnerability Assessor (CVA)

5. References
a. https://www.intruder.io/blog/agent-based-vs-network-based-internal-vulnerability-
scanning
b. Vulnerability Management - Correlation using CPE
c. Vulnerability Management - Interview Questions
d. Vulnerability Management - SCAP and DISA STIG
e. Vulnerability Management - False Positives
f. Cybersecurity - Architect vs Engineer vs Analyst
g. Threat Intelligence vs Threat Hunting vs Threat Modeling
h. Vulnerability Scanning vs Vulnerability Management vs Vulnerability Assessment vs
Penetration Testing
i. Vulnerability Response
j. Metasploit Payload Types
k. Parameters to consider while selecting Vulnerability Management Solution
l. How to Prioritize Vulnerabilities ?
m. https://regexone.com/
n. False Positives