Hacking Your Way To The Job

Of Your Dreams:
The Cybersecurity Career Handbook

To l u l o p e M i c h a e l
 Copyright © 2023 by Tolulope Michael. All Rights Reserved.
No Part of this publication may be reproduced, stored in a retrieval
system or transmitted, in any form or by any means electronic,
mechanical, photocopying, recording or otherwise without prior
written permission from the publisher, except for the inclusion of brief
quotations in a review.
 Table of Contents

Foreword
Preface
INTRODUCTION
Chapter 1
An Overview of Cybersecurity..................................................................1
Chapter 2
Network Security......................................................................................27
Chapter 3
Building a Strong Foundation: Computer Science Essential Concepts.......60
Chapter 4
Gaining Hands-on Experience: What You Should Know About Internships,
Hackathons and Online Resources ...........................................................76
Chapter 5
Cybercrime Investigation In Cybersecurity................................................92
Chapter 6
Networking and Professional Development...............................................114
Chapter 7
Leadership and Management in Cybersecurity..........................................131
Chapter 8
The Future of Cybersecurity: Emerging Trends and Technologies ..............149
Chapter 9
Future-Proofing Your Career: Career Progression in Cybersecurity ............165
Bibliography
About The Author
Foreword

In today’s rapidly evolving digital world, cybersecurity has become a

critical issue that affects us all. From individuals to governments and large
corporations, everyone is vulnerable to cyber threats, and protecting our
data and systems from these threats has never been more important. It
is no surprise, then, that the demand for cybersecurity professionals has
skyrocketed in recent years. The field of cybersecurity is complex and
challenging, but also incredibly rewarding, providing individuals with the
opportunity to make a real difference in the world by helping to protect
against cyber threats.

As a leader in the cybersecurity industry, I have seen firsthand the impact

that this field can have on individuals and organisations. With the
increasing importance of cybersecurity, it has become clear that there is a
growing need for knowledgeable and skilled professionals who can help
to mitigate the risks associated with the ever-evolving threat landscape.
However, many individuals who are interested in pursuing a career in
cybersecurity may not know where to start or what skills they need to
acquire. This is where this book comes in.

“Hacking Your Way To The Job Of Your Dreams : The Cybersecurity

Career Handbook” is a comprehensive guide that provides readers with
the information and guidance they need to succeed in this exciting and
dynamic field. Through its pages, the author expertly guides readers
through the different aspects of cybersecurity, the skills required to be
successful in this field, and the steps to take in order to start a successful

i
cybersecurity career. The book provides a solid foundation for those who
are just starting to explore the cybersecurity field, as well as valuable
insights for those who are already working in the industry and looking to
expand their knowledge and skills.

The author has done a fantastic job of breaking down the complex and
often intimidating world of cybersecurity into simple and understandable
terms. He provides a clear and concise overview of the key concepts,
technologies, and best practices that are essential for success in this field.
Whether you are a recent graduate, a professional looking to make a career
change, or a student just starting to explore the cybersecurity field, this
book will provide you with the information and guidance you need to
succeed.

In addition to providing a comprehensive overview of the field of

cybersecurity, the author also offers practical advice and tips for navigating
the job market and building a successful career. He provides guidance
on how to build a strong resume and online presence, how to network
effectively, and how to stay up-to-date with the latest developments in the
industry. These practical tips and insights will be invaluable for anyone
looking to start a career in cybersecurity.

In conclusion, I highly recommend this book to anyone who is interested

in pursuing a career in this field. The author has done a fantastic job
of providing a comprehensive guide that is accessible, informative, and
actionable. Whether you are just starting out or already working in the
industry, this book will provide you with the information and guidance
you need to succeed. So, what are you waiting for? Start your journey
towards a successful and rewarding career in cybersecurity today!

Babatunde Stephen
Senior Cybersecurity Consultant.

ii
Preface

Cybersecurity is one of the fastest-growing and most important fields in the

modern world. With the increasing reliance on technology, the demand
for cybersecurity professionals has never been higher. Whether you are a
recent graduate, a mid-career professional looking to make a change, or
a complete novice, this book is designed to help you understand what it
takes to start a career in cybersecurity.

Cybersecurity is a broad and complex field, encompassing many

different specialties, technologies, and practices. This book provides a
comprehensive overview of the key concepts and skills that are essential
for a successful career in cybersecurity. You will learn about the different
types of cybersecurity roles and the skills required for each, as well as the
best ways to gain experience and certifications in the field.

The book is written in an accessible and straightforward manner, making

it suitable for people of all levels of experience and knowledge. Whether
you have a technical background or not, the concepts and techniques
covered in this book will be easy to understand and apply. Whether you
are looking to launch a new career in cybersecurity or simply want to gain
a deeper understanding of the field, this book is the perfect starting point.

So let’s begin this exciting journey together and explore the world of
cybersecurity.

iii
INTRODUCTION

The world is becoming increasingly reliant on technology, and as a result,

cybersecurity is becoming an increasingly important field. As companies
continue to digitise their operations and individuals rely more and more
on digital devices, the demand for cybersecurity professionals is on the
rise. In fact, the Bureau of Labor Statistics projects that employment in
information security is projected to grow 31% through 2029, which is
much faster than the average for all occupations.

The field of cybersecurity is broad and encompasses a wide range

of specialties, including network security, information security, and
cybersecurity analysis. Cybersecurity professionals protect computer
systems and networks from malicious attacks, identify and fix security
vulnerabilities, and develop and implement strategies to prevent future
attacks. The role of a cybersecurity professional is a critical one, as they are
responsible for safeguarding the sensitive information of companies and
individuals.

If you’re interested in starting a career in cybersecurity, this book is for you.

This guide is designed to provide you with the knowledge and resources
you need to pursue a successful career in this exciting and constantly
evolving field. In this book, we will explore the different cybersecurity
roles, the skills and knowledge required to succeed in these roles, and the
steps you can take to build a successful career in cybersecurity.

iv
In this book, you will learn the basics of cybersecurity. You will gain an
understanding of what cybersecurity is, why it is important, and the
various types of cyber-attacks. You will also learn about the different types
of cyber threats, including malware, phishing, and ransomware. You will
gain foundational understanding of the cybersecurity industry and see
why this field is so crucial in the modern world.

There are a variety of jobs available in the cybersecurity industry, and you
will find in this book an overview of the most common roles. You will learn
about the different types of cybersecurity jobs, including security analyst,
penetration tester, security architect, and more. You will get to know the
responsibilities of each role, the skills and qualifications required, and the
average salaries in each position.

To succeed in the cybersecurity industry, you need to have the right

qualifications and skills. This book also covers information on the various
qualifications and certifications that are available, including the Certified
Information Systems Security Professional (CISSP), Certified Ethical
Hacker (CEH), and more. You will also learn about the technical and
soft skills that are essential for success in this industry, including critical
thinking, problem-solving, communication, and attention to detail.

Additionally, you will also come across a roadmap for building your career
in cybersecurity. You will learn about the various steps you need to take
to launch your career, including networking, gaining experience through
internships or volunteer work, and creating a strong resume and cover
letter. The importance of ongoing education and professional development
in the cybersecurity industry is also explained in detail.

There are many areas of specialisation within the cybersecurity industry.

An overview of some of the most popular specialisations are also discussed
in this book. You will learn about the different types of specialisations,
including digital forensics, incident response, and cloud security. You will
also gain an understanding of the skills and qualifications required for
each specialisation and the career paths that are available.

v
The job market in the cybersecurity industry is competitive, and the author
has provided you with tips and strategies for navigating it. You will learn
about the different types of job search strategies, including networking,
online job boards, and recruiters.

Several other useful tips have also been included in this book to ease you
into this new and exciting phase of your career. Remember, a better version
of you is always waiting at the other side of discipline so get ready to work.

vi
 Chapter 1
An Overview of Cybersecurity

In today’s world, starting a career in cybersecurity is somewhat akin

to joining the ranks of the military. Your role as an expert in this field
assigns you the very important and increasingly fragile duty of protecting
individuals, companies and the government from the onslaught of
cybercrime. Providing protection for these three categories of internet-
connected system users is driven by the ever-growing data risk and threats
- much of which is sensitive and confidential.

Cybersecurity as one of the leading niches of information technology refers

to the process of protecting devices, networks, and data from unauthorised
access by implementing specific tools, frameworks and practices. Our
skyrocketing dependency on technology for almost every aspect of our
lives such as communication, entertainment, health, transportation and
even shopping contributes to the extent of our exposure to cyber threats
and a very urgent need for more professionals in this field.

Contrary to popular belief, cybersecurity is not a field that is new on the

scene or a new term that is just coming into the limelight. Its origin can
be traced as far back as the 1970’s when researcher Bob Thomas created a
computer program called Creeper that could move across the Advanced
Research Projects Agency Network (ARPANET). The innovator of the
email, Ray Tomlinson, then wrote the program ‘Reaper’ to chase down

1
 Chapter 1: An Overview of Cybersecurity

and delete the Creeper. As a result, Reaper has been cited as the very first
example of checking malware antivirus and also the first self-replicating
program.

The purpose of hacking in its early days wasn’t for financial gain or to
access people’s information as there wasn’t much of such data in abundance
to begin with. The reason for it was to find out what was possible and
how much mess could be created. As technology progressed, and more
individuals, businesses and government needed to take their activities
online, threats also multiplied alongside. Attackers discovered gains that
could be financial, a power-move or an act of holding computer-system
users to ransom. Data breach became the goldmine for criminals hiding
behind keyboards.

To compound the problem of data breach further, cyber attacks and

attackers are getting more sophisticated by the day. Cyber attackers are
constantly improving their capabilities by broadening their scope of
operations and taking advantage of the obvious limited knowledge on
cybersecurity among computer system users.

Recognized security control measures such as two-factor authentication

have easily been bypassed by cyberattacks giving security providers and
companies more to do towards ensuring their approaches are tailored to
provide maximum security and stay ahead of methodologies developed by
attackers. As a result, cybersecurity in the future will require researchers
and security experts directing their efforts towards leveraging the benefits
created by emerging technologies.

In 2021, reports showed that cybercriminals targeted “critical

infrastructure, including information technology, financial services, health
care and energy sectors.” Of all these sectors, healthcare and government
organisations have been at the receiving end of these attacks the most.
More than $6.9 billion was lost to it via these various means surpassing
the $2billion of 2020 – according to the Internet Crime Report of 2021
by the FBI.

2
 The Cybersecurity Career Handbook

Also, the Data Breach Investigations Report (DBIR) published by

Verizon, analysed data on cyber incidents and breaches from various
sources, including their own incident response investigations and data law
enforcement agencies. The report found that financially motivated cyber-
attacks e.g., ransomware attacks are on the rise and that many breaches are
still caused by simple, preventable security failures.

With a threat of this magnitude which is expected to increase in coming

years, investment in cybersecurity has become a focal point for all who
stand at risk of being on its receiving end. While it may be impossible to
entirely secure systems from being breached, more and more users have
discovered that it is possible to stay one step ahead of attackers by making
adequate allowance for modern safeguarding tools and well-trained cyber
security personnel to man the forte.

The fact that the dangers to security are constantly changing is probably
one of the most challenging obstacles to cybersecurity. New attack vectors
are generated as a result of the emergence of new technologies and the
novel and unconventional ways they are used. It might be difficult to
keep up with these constant changes and advancements in assaults and
to update procedures to defend against them. While bigger organisations
can easily improve on making sure that all cybersecurity components
are regularly updated to guard against any vulnerabilities, smaller firms
without the workforce or internal resources can find this very challenging.

Additionally, education has been found to play a pivotal role in

cybersecurity. End-users such as staff members may unintentionally
introduce malware into systems via their laptops and mobile devices.
Employees who regularly receive security training also help protect their
firms against cyber threats.

According to the World Economic Forum, the threat to cybersecurity is

ranked one of the top five global risks facing nations of the world today.
Fears are on the rise for possible attacks on core functions of the economies
in nations across various levels of government. National security of many

3
 Chapter 1: An Overview of Cybersecurity

nations also depends on their ability to proactively guard against the

infiltration of military assets, communication, intelligence and command
systems.

Advancement in technology has also brought about the ease with which
we can share, store and transmit data through the use of technologically
enabled devices. The risk to this process however is that storage and
transmission of sensitive data across these various computer systems can
be very difficult to safeguard thereby increasing the need for vigilance and
the individuals who are trained to oversee it. Necessary precautions need
to be taken to ensure that what we consider to be private information to
us can not be accessed by prying individuals.

Providing the requisite protection for computer systems can be complex.

These systems which include operating system software, databases,
networks, applications and programs and hardware components all
require different methods and approaches towards protecting them. Their
protection also needs to be multi-layered to create an effective defence
from digital attacks. As a result of the growing pains of cyber threats, well-
trained professionals and skilled individuals are in very high demand.

A career in cybersecurity has without doubt become very desirable with

employers willing to pay top dollar for dexterous hands. Finding a job role
to suit any one is not difficult either as there are several options to pick
from.

Types of Jobs Available in Cybersecurity: The Facts And The

Figures

Prior to now, jobs in the cybersecurity industry were limited to governments

agencies, defence contractors and the likes but as more sectors are taking
their businesses online, hiring for cybersecurity personnel has now
extended into other communities of business. Reports have shown clearly
that hiring has boomed in industries such as finance, healthcare and retail
in recent times and the reasons are not far fetched.

4
 The Cybersecurity Career Handbook

Reports show that by 2024, the information security technology market is

estimated to be worth $174.7 billion worldwide. So far, growth has been
on a steady increase across all segments as a result of the ever-expanding
nature of IT security. Security services being a major market and the
biggest IT security segment is forecast to reach an estimated value of
$300.01 billion by the year 2025.

Anyone interested in starting a career in cybersecurity has a variety of

directions they can look towards. This is because as the years progress, many
more job titles and specialised roles are being created in the cybersecurity
industry as the need for them arises.

Some of the job types available within the cybersecurity field include;
1. Computer Forensic Analyst:
A computer forensic analyst is the person who assesses devices and
systems and finds a method for recovering data. They use forensic
tools and investigative approaches to find specific data. These data can
be in the form of internet use history, word processing documents,
images and other files. The data they retrieve can be used in criminal
investigations, evidence in cases of cyber crime e.t.c. This role stands
at the intersection of cybersecurity and criminal justice.
2. IT Security Specialist:
An individual in this role works with a team of IT professionals to
develop innovative ways of protecting devices and systems within an
organisation from cyber attacks. They are well versed in the various
aspects of information security and the challenges that come with
network security. The IT security specialist is charged with the task of
assessing a system and identifying areas of weaknesses where a breach
may easily occur and also where they can be strengthened. They may
also perform test attacks to better understand how the current security
strategies perform.

5
Chapter 1: An Overview of Cybersecurity

3. Security Manager:
A security manager deals with high-level IT security issues. They serve
as a leader who oversees security measures within an organisation.
Their duties include hiring new employees, management of IT teams,
developing strategies for cybersecurity efforts, overseeing budgets,
evaluating new security tools and technologies and they may also be
in charge of writing rules and regulations regarding any cybersecurity
decision that may be taken in an organisation.
4. Security Engineer:
Security engineers are technical professionals With in-depth knowledge
of computer networking and operating systems. Their focus is on how to
constantly implement important security measures in an organisation.
They also resolve problems with technology such as IT software and
equipment. A more specific explanation of this role is that they are in
charge of installing firewalls, implementing breach detection systems
and working with other professionals to solve security-related issues.
Also, a security engineer tests security systems, conducts assessments,
analyses risks and suggests ways to prevent breaches in the future.
5. Security Consultant:
Also known as the Security Analyst is the person who helps to detect
vulnerabilities in computer systems, software programs, networks
and provides solutions towards strengthening them against hackers.
They help organisations identify ways in which an existing setup is
not functioning optimally and how they can be improved. A security
consultant may advise on specific systems and products depending on
the needs of the organisation.
6. Director of Security:
A director of security leads both managers of security and information
technology staff. This role is often only found in large companies
that have a higher number of professional team members dedicated
to maintaining system security. The director is expected to provide
leadership and guidance by administering and maintaining policies
to ensure security at all times. They also serve as the middleman who

6
 The Cybersecurity Career Handbook

handles communication between the company executives and security

team concerning security situations.
7. Security Administrator:
The security administrator oversees the overall security of an
organisation’s network. They help organise information and efforts
and map out plans for implementing new security measures. Their
role may also involve developing training documents to help enlighten
team members about new cybersecurity procedures and policies.
Asides creating a guideline to maintain security, they may also be
responsible for helping others adhere to security policies and perform
damage control in cases where they are not followed.
8. Penetration Tester:
Penetration testers are also referred to as Ethical Hackers. As the name
suggests, it is the job of a penetration tester to infiltrate computer
systems to detect and evaluate areas most susceptible to breaches that
an attacker could exploit to cause havoc. This position requires a very
good ability to ‘think like the enemy’ in order to effectively anticipate
a non-ethical line of action, strategies they may employ and the
techniques they are most likely to use. A tester must possess excellent
technical and analytical skills to spot flaws in a system and likely ways
they may be taken advantage of.
9. Cybersecurity Specialist:
This is a professional responsible for providing security during and
after development stages of software networks. They search for risks
in hardware and software systems by managing and monitoring any
attack or intrusion. A cybersecurity specialist can respond to an attack
in real time to prevent or minimise damage by using security measures
to repel attacks and maintain information security.
10. Information Security Analyst:
This role entails planning and carrying out security measures to
protect the systems and computer networks of an organisation. They
gather and assess data to learn more about the organisation’s security

7
 Chapter 1: An Overview of Cybersecurity

profile and help provide preventative measures such as a firewall. An

information security analyst also has to collaborate with other security
and information technology professionals to implement security
measures and assess their performance.
11. Network Security Engineer:
Protection of systems against cyber threats including bugs, malware
and hacking attempts is the area of specialty for a network security
engineer. They help put security measures in place for devices and
computers and how they are connected using the internet. These
security measures apply to connections to the network an organisation
uses and how a computer protects its information over the internet.
12. Machine Learning Engineer:
A person in this role is assigned the task of designing, creating and
implementing algorithms for artificial intelligence. They act as a
very important member of a data science team as they also conduct
research on ways to improve existing artificial intelligence systems.
The algorithms they create can also gather information which can
then be used in making critical cybersecurity decisions.
13. Network Administrator:
A network administrator’s role is focused on handling the day-to-day
operations of the network in an organisation. They are also in charge
of analysing the needs of the organisation, installing and maintaining
the necessary hardware and software to meet those specific needs and
solving problems that may arise along the way.

Irrespective of any of these myriads of paths you may decide to toe, a

highly rewarding career awaits you. Doing your due diligence will require
that you do proper research and decide which path is right for you.

8
 The Cybersecurity Career Handbook

Mapping Out A Career Path In Cybersecurity

To get started as a cybersecurity expert, you have to be aware that there are
various career paths for newbies to think about. It is usually best to start
with an entry-level role the most common being Information Security
Analyst, Information Security Specialist, Security Engineer, Security
Consultant, Digital Forensic Examiner, IT Auditor e.t.c. Entry-level roles
typically require a bachelor’s degree in computer science or related field
plus a few years of relevant experience. Technical skills and familiarity
with programming languages are also key features for the perfect entry-
level employee. Many cybersecurity professionals often enter the field
after gaining ample experience in an entry-level IT role.

Similarly, you could start with feeder roles such as Networking, Software
Development, Systems Engineering, Financial and Risk Analysis, IT
Support or even Security Intelligence.

As you progress along your career in cybersecurity, the opportunity to

branch out and try other areas of specialisation appear every so often.
As you gain more experience in your entry-level role, it is quite easy to
advance into other specialised roles if you wish to. There are a few options
to consider for a mid-level role in cyber security. They include; Security
System Administrator, cybersecurity Analyst, Penetration & Vulnerability
Tester.

People in advanced level roles typically manage those in mid and entry
levels. For advanced levels, a cybersecurity professional may occupy
roles such as Cyber Security Manager, Cyber Security Engineer, Chief
Information Security Officer or Cyber Security Architect. Each of these
roles requires years of experience and has executive level responsibilities
attached to it.

To further simplify the process of picking a career path in cybersecurity,

there are 3 major categories any of your job prospects may have been
classified into.

9
 Chapter 1: An Overview of Cybersecurity

Management Career Path

This domain is focused on oversight and management of cybersecurity

within an organisation. It deals majorly with security governance and
organisational procedures that have been employed to ensure the security
of systems. While a sound knowledge of the technology and the technical
aspect of the industry is required, this area tends to require less technical
skills compared to its counterparts. Rather, your business acumen,
organisational management skills and other soft skills will come into play
more with a job in this area of specialisation.

Some of examples of opportunities in a management form include;

1. Audits and Compliance:
For security efforts to be effective, there are many rules and regulations
that must be adhered to. Professionals in this domain work to ensure
guidelines that outline cybersecurity requirements for companies
followed to avoid problems. They ensure compliance and act as the
watchman who ensures protocols are followed.
2. Training and Awareness:
As previously mentioned, to ensure security at all times within an
organisation, employees also need to be educated. Most of the cyber
breaches organisations have experienced are as a result of error and
misuse of computer systems. This necessitates the proper training and
awareness many organisations now have in place for their employees.
Having a career in this space would require you to create training
materials, design curricula and engaging content that will be used in
educating people on the risks in cyberspace and as a result promote
better and safer use of systems.
3. Project Management:
The processes involved in creating security strategies, designing and
implementing them requirements skills in project management. A
professional in this capacity ensures that solutions are efficiently and
effectively implemented.

10
 The Cybersecurity Career Handbook

Technical Career Path

The roles that require hands-on technical competence fall in this category.
As a technical expert, you will be required to comb through data and
display your knowledge of systems, networks and other tools to mention
a few. Your goal will be to prevent, detect and respond to cyber threats.

Opportunities here include;

1. Cloud Security:
The threat of security breach is ever-looming. No one knows who the
next victim may be or when the attackers may come knocking. Cloud
security entails a collection of security measures designed to protect
cloud-based infrastructure such as applications and data. Many
organisations are taking advantage of this option to store data away
from places they can be compromised. This ensures access control and
data privacy protection.
2. Ethical hacking:
With a career in ethical hacking, you help organisations spot the
weaknesses in their security systems before an attacker can get to it. In
this technical role, you will need to be analytical and be able to guess
how an attacker thinks and find ways to counter such efforts.
3. Security Operations:
A career in security operations encompasses a variety of things.
Knowing that attackers work round the flock to access systems, you are
tasked with keeping watch over the operations of the system, looking
out for intrusion attempts and maintaining a high level of vigilance.
4. Security Engineering:
A multi-layered approach is usually taken towards security engineering.
Professionals in this role design and build the necessary security
systems required to protect the organisation. They provide security
measures such as firewalls, email security systems, encryption systems
amongst other things.

11
 Chapter 1: An Overview of Cybersecurity

5. Identity and Access Management:

Access control serves as the bedrock for protecting confidentiality,
maintaining integrity and safeguarding data. A role in this domain
means you are responsible for ensuring people have access to what
they need only when they need it and unauthorised individuals will
not be able to do so.

Leadership Career Path

This encompasses roles that are focused on people. In any organisation,

leadership has a very important influence on the success of the business.
Opportunities in cybersecurity within a leadership context include:
1. Chief Information Security Officer:
Senior leadership is very essential to cybersecurity. A wide range of
experience is required to effectively carry out the duties assigned to this
role. The senior leader in this role champions the process for steering
the team towards building world-class cybersecurity systems. A set of
skills which includes excellent communication and people leadership
is also required to deliver the expected result in this capacity.
2. Managers/ Domain Directors:
A large company requires different individuals serving as leaders of
different domains and providing the requisite guidance to the team.
It is important that domain leaders are people who can balance the
understanding of key principles and best practices of the domain with
managing and motivating others. Both duties are equally important
to thrive in this role.

Cybersecurity provides a plethora of options for anyone who wants to dive

into it; there is no right or wrong answer in which career path you want
to take. It’s important that you gain exposure as much as the opportunity
presents itself to you and learn as much as you can as you decide on
which area of specialisation you want for yourself. You also do not need
to restrict yourself to just one domain because learning and growing all
through your journey should be your aim at all times.

12
 The Cybersecurity Career Handbook

The Job Market : Trends, Statistics and Projections

Job opportunities abound in cybersecurity with different types to pick from

as mentioned earlier. Statistics show that job postings for cybersecurity
openings have grown up to three times as fast as those available for IT
jobs and it takes much longer for companies to fill these roles compared
to other positions. Although these may be bad news for employers, those
already in the industry and potential cybersecurity workers are at an
advantage.

For someone looking to start a career here, this means that there is ample
opportunity for you to get into the cybersecurity space with minimal
struggle and loads of opportunities to grow, diversify and give great value
for your expertise.

The demand for talented and professional cybersecurity workforce is

ever growing but the supply definitely falls short. Both private industries
and government agencies are always on the lookout for highly skilled
individuals to prevent the next security breach they might encounter.

Having experience is considered very essential in the world of cybersecurity

as well. A master’s degree can further widen your horizon, give you a
competitive edge and expand one’s career opportunities in the job
market. Beginners are not left on the sidewalk in any way however, as the
willingness to learn and grow will eventually pay-off.

A special report from the University of San Diego’s online cybersecurity

master’s degree programs offers an insightful review of the current state
of the industry’s job market. According to the Academic Director of the
school, “strong cybersecurity capabilities have become absolutely essential
for all organisations today. Unfortunately, an industry-wide talent shortage
is making it extremely hard for employers to find qualified professionals.”
That being said, it is not surprising to know that cybersecurity is
experiencing zero percent unemployment.

13
 Chapter 1: An Overview of Cybersecurity

46% of cybersecurity professionals are contacted on a weekly basis

irrespective of whether or not they are actively looking for a job. This
figure is expected to continue on an upward climb as organisations become
more knowledgeable of security threats and are able to afford the necessary
preventive measures.

The current talent shortage has also created an edge for skilled cybersecurity
professionals in the sense that organisations all over the world are ready
to pay six-figure salaries for qualified individuals. The average salary of a
Cybersecurity Architect for instance is estimated at $130,000 while Cyber
Security Specialists can earn up to upwards of $91,000 per annum.

According to Mondo’s Tech Salary Guide as of January 2023, the six highest-
paid cybersecurity jobs can pay as high as $225,000. An Information
Security Manager can earn between $150,000 and $225,000. A Cyber
Security Engineer role nets between $126,000 and $213,000 per year.
Jobs in Application Security Engineering rakes in between $130,000 and
$200,000 while a Network Security Engineer can earn between $120,000
to $208,000. A Cuber Security Analyst and Penetration Tester (Ethical
hacker) fall within the range of $114,000 and $160,000.

The reason why employers are willing to pay this much for skilled hands
is not difficult to figure out at all. Between 2020 and 2021, the yearly
average data breach was said to have increased the most - a spike that was
most likely heavily influenced by the COVID -19 pandemic. In 2022
alone, the average data breach cost has been put at $4.35 million, a 2.6%
rise from the 2021 amount of $4.24 million. The idea is simply to pick
one’s poison.

The Projected Future of Cybersecurity Jobs

A need unmet invariably creates opportunities for those who can provide
solutions. Cybercrime is predicted to cost the world $10.5 trillion annually
by the year 2025. To prevent or at least prepare to wage war against this
kind of threat, new jobs are continually being generated to build the army
needed to take up arms against cyber attacks.

14
 The Cybersecurity Career Handbook

Statistics show that employer’s demand for cybersecurity workers in 2022

grew 2.4 times faster than the overall rate in the United States alone.
The same pattern applies to other countries around the world where
cybersecurity professionals are in high demand.

According to Grand View Research, the cybersecurity market reached a

value of $179.96 billion in 2021 and is expected to grow much more and
hit a likely $372.04 billion by 2028. This directly translates into a very
bright future for job seekers in the cybersecurity industry. In the coming
years, career growth is also expected to continue rising exponentially.

Rodney Petersen, Director of the National Initiative for Cybersecurity

Education (NICE) on the need to encourage more people to start a career
in the field said, “ The data should compel us to double-down on efforts to
raise awareness of cybersecurity career opportunities to youths and adults.”

Now is definitely the time to start accumulating the most in-demand

cybersecurity skills to fulfil the demand of the future. Let’s take a close
look at some of these skills and the technologies that enable them.

Skills and Technologies of the Future

Cybersecurity is one of the most complex fields to work in. From

mitigating threats to identifying weaknesses in networks and recovering
data after cyber attacks, there is always a demand for experts to be on top
of their game.

Opportunities to diversify and the life-long learning involved in the

cybersecurity business makes it a very rewarding career path even more
so for self-motivated tech professionals who don’t mind putting in the
necessary work to grow.

As the future of the industry shines brighter, some skills become more
sought after than some others. Listed below are 10 cybersecurity positions
you should look into acquiring for the future.

15
 Chapter 1: An Overview of Cybersecurity

Cloud Security Skills

A good understanding of cloud security is essential in building the

architecture necessary for security interactions between applications and
cloud. Organisations are constantly on the lookout for professionals with
security expertise suitable for public and hybrid cloud platforms like AWS,
GCP and Azure.

To prevent future loss, organisations now store their data in the cloud.
The cloud also provides a safe haven for data from cyber attacks. For
such attacks to take place, research has shown that most breaches happen
as a result of human-errors and not due to mistakes from cybersecurity
professionals who must be able to design and implement security controls
that protect cloud infrastructure.

To build expertise for cloud security, you need to be skilled in Web

Application Firewall (WAF) as well as Identity Access and Management
(IAM). IAM technologies such as multi-factor authentication, privileged
access management, password less authentication and single sign-on are
vital to guarding against data breach resulting from credential theft and
several other ways user accounts can be compromised.

Network and System Administration Skills

To become a cybersecurity professional at all, a solid understanding of

networking, data transmission procedures and services lay the foundation
for your ability to protect any organisation’s data. Network protocols such
as HTTP, DNS, TCP/UCP, ICMP and network security device functions
such as firewalls, proxy and load balancer must all be part of your skill
set as well.

As a professional in network security, you will be responsible for creating

and implementing secure network architectures that are fortified against
cyber attacks. Other network technologies that will be of immense benefits
in your arsenal also include Secure Access Service Edge, Network Access
Control, Network/Endpoint/Extended Detection and Response systems
(NDR/EDR/ XDR).

16
 The Cybersecurity Career Handbook

Common operating systems such as Linux and Windows are also needed
knowledge bases you need to touch. All these different tools and many
others are part of the skills that will definitely stand you out anywhere in
the world.

Penetration Testing

Alongside strong network skills, application security and operating

systems, penetration testing is another domain you should be familiar
with. You should have adequate knowledge of standard hacking tools and
techniques too.

Penetration testing is regularly carried out for organisations that store

sensitive data while searching for weaknesses in their security network.
The ability to think like the hacker and checkmate malicious attacks
beforehand is a capability employers look out for.

When a test hack turns out successful, the cybersecurity team uses such data
to develop better strategies to resolve potential points of vulnerabilities.
Some testing tools you should be familiar with include Nessus, Metasploit,
Jawfish, SQLMap.

Application Security Skills

In the next five years, the demand for software developers and engineers is
expected to grow by 164% according to Burning Glass. A good candidate
for application security will need to have outstanding skills in building,
implementing and maintaining secure applications.

To start with, such candidates must possess good working knowledge of

software and application development processes and also be familiar with
common security threats to web and software applications and how to
mitigate such threats.

17
 Chapter 1: An Overview of Cybersecurity

Digital Forensics and Incident Response (DFIR)

The next course of action after a data breach is an investigation into how
the attack occurred. Digital forensics as to do with examining data to
decipher the origin of a cyberattack and how to prevent future occurrence.

Critical thinking skills also come to play here asides a proficiency in

networking and programming. These skills will help you recover lost data,
verify the source of an attack and buff up the company’s defence systems.
Some common forensic software you should master include Helix,
EnCase, FTK, XRY

Programming and Database Language

Proficiency in at least one programming language is a very critical

requirement for most employers. Most cybersecurity job roles also need
you to know your way around them so there is very little possibility that
you won’t need to learn them.

HTML, MySQL, Python, PHP, JavaScript and Ruby are just a few of the
most common ones you should improve your skills with.

Risk Assessment and Management Skills

Risk assessment helps to identify weak points in a system and work towards
fixing them. It is an integral part of any professional’s cybersecurity skill
set. Artificial intelligence is also sometimes employed to gather data from
numerous nodes throughout networks after which the collected data is
evaluated in real time to detect patterns of abnormal activities.

To improve your skills in this role, you need to have a good understanding
of Security Incident, Event Monitoring technologies such as Splunk which
can be used to collect data for continuous monitoring.

18
 The Cybersecurity Career Handbook

Data Security Skills

A beginner in cybersecurity is expected to master configuring, running

and maintenance of databases in order to deal with threats to data in an
organisation.

In data security, overseeing the continuous development of the

organisation’s data security program, audits and assessments are required
skills. You need to be able to measure the effectiveness of existing data
security controls and report the results of your audits to the management.

Most countries also require organisations to provide protection for their

customer’s personal information with strict penalties imposed on those
who experience breaches. It doesn’t matter if the breach occurs as a result
of lax protocols, inaction or outdated hardware and software, necessary
precautions are expected to be put in place and monitored.

Some of the data security regulations organisations are expected to adhere

to include the General Data Protection Regulations (GDPR), HIPAA
and FIPS. Candidates are sometimes also required to be familiar with one
or more of these regulations.

Business Leadership Skills: A Necessity?

Building cybersecurity awareness among employees has become a very

critical aspect of ensuring system security. This is because the first line of
defence against any attack is usually the user. Employees need to be trained
on how to recognize suspicious behaviour and how to protect themselves
and the organisation from cyberattacks.

A professional in this role determines the best way to communicate this

with employees but using easy to understand language. Most employees are
easy targets for cyber criminals due to unsafe browsing behaviour, falling
target to social engineering and other practices that put the organisation
at risk.

19
 Chapter 1: An Overview of Cybersecurity

Cybersecurity teams need to portray the necessary business leadership skills

in the form of excellent written and verbal communication explaining
actions and consequences concisely, ability to positively influence
employees to take necessary precautions and emotional intelligence in
order to build trust.

Emerging Technologies

At the very top of this list is Artificial intelligence also known as AI. It is one
of the most advanced security programs experts employ in understanding
the cyber environment and identifying abnormal activities.

In the last few years, AI has proliferated into various industries. These
days, AI coupled with machine learning algorithms are used in crunching
data, computerising tasks and speed up the process of taking decisions
very quickly on the next line of action. We will delve deeper into this
later on.

More Skills Equals More Opportunities

Most entry level roles do not require you to have coding capabilities or a
good grasp of programming languages but as you progress in your career
or switch roles as the case may be, you will be required to master and have
a really good knowledge of top programming languages.

Initially it might be confusing to decide which one you should learn,

but you should bear in mind several considerations which may include
whether or not you have any experience or knowledge of coding and
programming languages, level of difficulty and relevance to your career
path.

Employers are always ready to put their money on the best guy, what you
need to do is ensure you are the best guy or at least give yourself a fighting
chance. The right sets of programming language and coding skills can
make all the difference in your career growth and advancement.

20
 The Cybersecurity Career Handbook

Let’s give you a head start by examining some of the top-tier programming
languages that employers are expected to be on the lookout for in the
coming years.

Key Programming Languages You Should Know About

According to Wikipedia,” A programming language is a system of

notation for writing computer programs.” In simpler terms, it is a way for
programmers to communicate with computers. They are made up of a set
of rules that allows a programmer to develop software programs, scripts
and other sets of instructions they want the computer to carry out.

Having the right set of programming language skills is always recommended

so you can diversify as mic as you want.

Below are some of the most popular programming languages that will be
in demand for a long time.
1. JavaScript:
This is one of the core technologies of the World Wide Web that is
highly sought after by employers. JavaScript is a high-level language
used as a client-side programming language by almost all websites.
It is also one of the most hacked tools since input from users and
browser data can easily be collected and webpage manipulation can
easily be done for any purpose. JavaScript must not be mistaken with
Java although they share similarity, there are distinctions between
them.
2. Python:
Python is a beginner-friendly programming language that is quite
popular among programmers. It is a free open-source programming
language that comes with extensive support modules and community
development. Security professionals often use python to automate
scripts which enables them to build programs instead of just buying.
It is also used in scientific and computational applications such as
Abacus and FreeCAD.

21
Chapter 1: An Overview of Cybersecurity

3. Java:
This is a high-level, programming language that is class-based and
object oriented. Developers use it to construct applications for data
centres, laptops, game consoles, cell phones, scientific supercomputers
and other related devices. It is also used in the backend of several
popular websites such as Amazon, Google, YouTube and Twitter. Due
to its complex nature, experienced developers with Java coding skills
are always in high demand.
4. Go:
Go or Golang as it is sometimes called is a statically typed, compiled
programming language designed by Google. It was created to aid
the work of programmers working on large projects. Go recently has
become one of the fastest growing programming languages due to its
ease-of-use and its ability to handle massive codebases. Its simple and
modern structure and syntax familiarity has made it quite popular
among many large IT companies.
5. PHP:
Created in 1990, PHP is an open-source programming language
many web developers find essential. It has been used to build more
than 80% of websites on the internet including popular ones like
Facebook and Yahoo. PHP is a powerful tool for making dynamic
and interactive web pages. It is considered a relatively easy language
to learn for a beginner with several communities online to follow for
support and guidance.
6. C#:
This multifaceted programming language is another popular general
purpose tool recommended to learn. It covers a variety of programming
disciplines hence the wide acceptability it enjoys. C# is best suited
for applications on Windows, Android and iOS and is used on the
backend of several popular websites such as Bing, Dell, Visual Studio
and many more.

22
 The Cybersecurity Career Handbook

7. Kotlin:
Kotlin is a modern cross-platform, statically typed, general purpose
programming language. It is used extensively for web applications,
desktop applications, Android apps and server-side application
development. It was built to be interoperable with Java and also
supports functional programming languages.
8. R:
This Programming language is most used for statistical computing
including linear and nonlinear modelling, calculation, testing,
visualisation and analysis. Unlike some other open-source
programming languages, R is not as easy for beginners to pick up but
there are several communities online where you will find developers to
aid your learning journey.
9. Swift:
Swift is an easy-to-learn open-source programming language that
supports almost everything from the programming language objective
-C. Compared to other programming languages, it requires fewer
coding skills and can be used with IBM Swift Sandbox and IBM
Bluemix. Popular iOS apps like WordPress, Mozilla Firefox and
SoundCloud use the Swift programming language.
10. MATLAB:
It is a programming language owned by MathWorks built specially for
scientists and engineers for programming and numeric computing.
MATLAB allows matrix manipulations, plotting of functions and
data, implementation of algorithms, creation of user interfaces and
interfacing with programs written in other languages. Programmers
use it to build machine learning and deep-learning applications.
11. Ruby:
Ruby is another beginner-friendly programming language that is
focused on simplicity and productivity. It was designed to be flexible
from the standpoint of its object-oriented architecture that supports
procedural and functional programming notation. There is a growing

23
Chapter 1: An Overview of Cybersecurity

interest in Ruby because it is easy to learn and write in. You will also
find a community of programmers online for support and to provide
answers to questions you may have.
12. C and C++:
C is arguably the oldest and most popular programming language
and often referred to as the root of other languages like C#, Java and
JavaScript while C++ is an enhanced version of C. They are mostly used
in developing applications where performance is a critical issue such as
client/server applications, video games and commercial products like
Firefox and Adobe.
13. TypeScript:
Developed by Microsoft, TypeScript is relatively new compared to
other programming languages. It is well suited to large code bases and
is used to create JavaScript-based projects with typing in both client
and server-side development. This makes it quite useful for spotting
errors and preventing systemic issues.
14. SQL:
SQL is short for Structured Query Language. It allows you to access
and manipulate databases and is the world’s most widely used
database query language. Although it is quite challenging to learn,
its benefits far outweigh the difficulties of using it. E-commerce
applications, web applications and data warehouses adopt its usage for
improved performance, better data integrity and more accessible data
manipulation.
15. HTML:
HTML stands for HyperText Markup Language. It is the standard
markup language for documents designed to be displayed in a
web browser. It can be used to add images, links and other types
of content to be displayed on a web page. HTML is quite simple
to learn and doesn’t require you knowing much about it to create
a basic web page. It supports the creation of structured documents
by indicating structural semantics for text elements such as headings,
lists, paragraphs, quotations and other objects.

24
 The Cybersecurity Career Handbook

16. Scala:
Scala is a strong statically typed general-purpose programming language
that combines both object-oriented and functional programming. It
helps avoid bugs in large and complex applications. Scala can be used
for any task Java does. Companies that use Scala include Twitter and
Netflix.
17. NoSQL:
NoSQL are non-relational databases that provide high performance
adaptability to a range of capabilities. They are often used in big data
applications that require data to be distributed across many nodes.
Some types of NoSQL databases include key-value stores, pure
document databases, graph databases and Column databases.
18. CSS:
CSS means Cascading Style Sheet. As the name implies, it is a stylesheet
language that instructs the browser on how we want our HTML to
appear. This means, it is used to describe how a page produced in
markup language is presented. It helps developers create a responsive
and accessible website that looks good on any device. With CSS,
you can style how you want components, grid elements and images
to appear, even making the website easy to navigate for people with
disabilities.
19. Perl:
Sometimes interpreted to mean Practical Extraction and Report
Language, Perl is a high-level, general purpose programming language
originally designed for text manipulation. It is used for system
administration, networking and other applications that involve user
interface. Perl is also lauded for its power and versatility.
20. Rust:
This is another multi-paradigm high-level, general-purpose
programming language. It is a memory-efficient tool that lays
emphasis on type safety, performance and concurrency. Rust runs very
fast, prevents segfault and guarantees thread safety. Professionals often

25
 Chapter 1: An Overview of Cybersecurity

rely on its use for mission-critical software because of its safety and
reliability.

There are several other programming languages apart from the 20 listed
here but to start your journey into programming, learning any of these will
be an excellent place to start. You can also find several platforms online
offering bootcamps and courses that will equip you with the necessary
skills in a short time.

Asides learning the language, you will also be issued a certificate for
credibility and pave your way better to landing a well-paying programmer
job.

26
 Chapter 2
Network Security

Network security is a broad term that encompasses many different

technologies, devices and processes. In simple terms, network security refers
to the set of rules and configurations designed to protect your network
and data from breaches, threats or intrusion by using both hardware
and software technologies. It ensures the integrity, confidentiality and
accessibility of computer networks to only authorised persons.

Regardless of size, every organisation in the world to today is faced with

some amount of threat when using connected systems and require a degree
of network security solutions to protect from the constantly increasing
threats of attack.

There are many ways a system may be compromised and left vulnerable to
attackers. These vulnerabilities can appear in devices, data, applications,
users and locations. Due to this, providing security for each area of
weakness must be specific and in folds to guarantee that people with
malicious intent do not gain access.

A well designed network security ensures that client data and information
is protected and shared data is also secure in order to provide reliable
access and network performance.

27
 Chapter 2: Network security

Various network management tools are in use today to better address

individual threats and regulatory non-compliance.

There are typically three ways in which network security is controlled and
enforced. There are:
1. Physical Network Security.
2. Technical Network Security.
3. Administrative Network security.

Physical Network Security:

The physical network security is designed to prevent physical access by
unauthorised personnel to network components such as router, cabling
cup boards and other physical assets. Measures such as locks, controlled
access (biometric authentication) are employed in the strategy to enforce
physical network security.

Technical Network Security:

Technical Network Security safeguards data that may have been stored on
a network system or in transit in or out of the network. Effective technical
security puts different things into conservation: protecting data and
systems from unauthorised personnel and also against malicious activities
from employees.

Administrative Network Security:

This consists of policies and processes that control user behaviour. It
covers areas such as how user authentication is carried out, their level of
access granted to each staff and how IT staff implement changes in the
infrastructure.

28
 The Cybersecurity Career Handbook

Types of Network Security

Antivirus and Antimalware Software

Antivirus and Antimalware software helps to protect an organisation from
various types of malicious software including viruses, ransomware, Trojans
and worms. They are designed to detect, remove and prevent viruses and
malware as files are being scanned upon entry and thereafter.

Network Access Control

To prevent potential attackers from infiltrating a network system,
comprehensive access control policies must be instituted for both users
and devices. With access control, the system is denied access to any user or
device that has not been sanctioned already. Access control can be placed
even on the most basic activities on a network system.

Firewalls
A firewall acts as a barrier between an external untrusted network and
an internal trusted network. It is adopted in controlling incoming and
outgoing traffic on networks with predetermined security rules. To keep
out unfriendly traffic into a network system, firewalls are configured by
administrators to block or permit entry or exit to a network.

Virtual Private Networks (VPN)

Virtual private networks or VPN allows an administrator to create a
connection to the network from another endpoint or site. The privacy
and integrity of sensitive information is ensured through multi-factor
authentication, endpoint compliance scanning and also encryption of all
transmitted data

29
 Chapter 2: Network security

Intrusion Prevention Systems

Intrusion prevention system or IPS is a system that detects or prevents
network security attacks such as Denial of Service (DoS) attacks, brute
force attacks and exploits of other known vulnerabilities. An exploit is an
attack which takes advantage of a vulnerability in the form of a loophole
or weakness in a software system. An intrusion prevention system takes
effect in the time it takes an attacker to exploit a weakness before a security
patch is applied.

Cloud Network Security

Cloud providers often have add-on cloud security tools provided at
an extra cost. Since protecting data in the modern world now requires
innovation and flexibility, cloud network security offers a very good option.
The cloud provider monitors the overall security of its infrastructure and
offers tools for the user to protect their instances within the overall cloud
infrastructure.

Data Loss Prevention

This is a cybersecurity methodology that combines technology and best
practices to prevent the exposure of confidential information outside of
the organisation. Tools in this category monitor data in use, in motion
and at rest to detect and prevent data breaches.

Hyperscale Network Security

Hyper scale is the ability of an architecture to scale appropriately, as
increased demand is added to a system. By tightly integrating networking
and compute resources in a software system, it is possible to fully utilise
all hardware resources available in a clustering solution.

30
 The Cybersecurity Career Handbook

Sandboxing
The practice of sandboxing refers to a process where organisations scan
for malware by opening a file in a safe and isolated environment before
granting it access to their network. Sandboxing first observes the files or
code as they are opened and looks for malicious behaviour to prevent
threats from getting on the network.

Zero-Trust Network Access (ZTNA)

Zero-trust network access works similarly to access control. This model
states that a user should only have access and permissions that they require
to fulfil their role only. It grants users just the access they must have to
perform their duties while blocking other permissions. It is also called
Software Defined Perimeter (SDP). This solution permits granular access
to an organisation’s applications from users who require that access to
perform their role.

Networking and Security Protocols

For security to be possible, there are certain things that must be put in
place. This is where Network Security Protocols contribute to security
endeavours being successful. Network protocols are a type of protocol
that ensures the security and integrity of data in transit over a network
connection. It defines the processes and methodology that are applied to
secure network data from any illegitimate attempts to extract or review the
content of such data.
In order to make sure that organisations are protected, various software
and protocols are combined to act as a shield in the event of malicious
attacks. Since there are a number of ways an attacker can gain access to
networks, systems or sensitive data, one must as a matter of necessity also
employ more than one security measure. Moreover, these measures must
also be updated and reviewed on a regular basis.

31
 Chapter 2: Network security

While these security measures are expensive to implement, the results of

not implementing them leaving access for an attack is even costlier. Cyber
attack threats on businesses around the world today portend bigger losses
than the expenses involved in ensuring security.

Each protocol defines the techniques and procedures required to protect

the network data from unauthorised or malicious attempts to read or
infiltrate information.

Networking and Communication

The field of networking and communication includes the analysis, design,

implementation, and use of local, white area, and mobile networks
that link computers together. An example of a network is the Internet
itself which makes it possible for nearly all computers in the world to
communicate.

The challenge for computer scientists has been to develop protocols that
allow processes running on host computers to interpret the signals they
receive and engage in meaningful conversations in order to accomplish
tasks on behalf of users. These Network protocols also include flow
control, which helps keep a data sender from swamping a receiver with
messages that it hasn’t been processed yet or stored due to space shorts and
error control.

A computer network is the process of creating connectivity between

two or more computers with the purpose of sharing data, providing
technical support or communication. Networking technology has played
a revolutionary role in the development of the world and how we are able
to connect with one another across the globe.

32
 The Cybersecurity Career Handbook

Security and Cybersecurity Threats

Security refers to the protection of information and systems from

unauthorised access, use, disclosure, disruption, modification, or
destruction. The field of security encompasses a wide range of technologies
and practices designed to safeguard sensitive information and critical
infrastructure from cyber attacks and other digital threats.

Cybersecurity threats are types of attacks that aim to exploit vulnerability

in computer systems, networks, or software in order to steal, disrupt or
damage sensitive data, assets and/or infrastructure. Cyber threats can
originate from a variety of courses, from hostile nation states and terrorist
groups, to individual hackers, to trusted individuals like employees or
contractors, who abuse their privilege to perform malicious acts.

Common Sources of Cyber Threats

Threats to control systems can come from various sources. These threats
are constantly evolving and new ones are emerging all the time, so it
remains essential for organisations and individuals to stay informed and
take proactive measures to protect themselves against these threats. Some
common sources of threats include:
1. Nation States:
Hostile countries may launch a cyber attack against companies or
institutions with the aim of interfering with communications, cause
disorder and inflict damage.
2. Terrorist Organisations:
Terrorist organisations are often known to conduct cyber attacks
with the aim of destroying or abusing critical infrastructure, threaten
national security, disrupt economies, and cause bodily harm to citizens.
3. Hackers:
These are individuals or groups who use their expertise to gain
unauthorised access to computer systems and networks. They may
target an organisation using a variety of attack techniques. Hackers

33
 Chapter 2: Network security

are motivated by personal gain, revenge, financial gain or some sort

of political activity. They are known to often develop new threats in
order to advance their criminal ability and also improve their status in
the hacker community.
4. Criminal Groups:
Hackers may come together and form a criminal group with the I’m of
breaking into computing systems for economic benefit. These kinds of
groups use phishing, spam, spyware and malware for extortion, theft
of private information and online scams.
5. Malicious Insiders:
Employees with legitimate access to company assets sometimes prove
to have ulterior motives and malicious intents. They may abuse their
privilege to steal information or damage computing systems for
personal or economic gain. Insiders in this sense can be staff members,
contractors, suppliers or partners. Many times, they collaborate with
attackers on the outside to grant unauthorised access to them. They
can also be outsiders who have compromised a privileged account and
are impersonating its owner.

Some common ways in which access can be gained into a computer or

network system include:
- Removable media such as a flash drive.
- Web or email attacks.
- Brute force attack using trial and error methods to decode
encrypted data.
- Unauthorised use of one’s organisation system privilege’s.
- Loss or theft of devices containing confidential information.

Types of Cybersecurity Threats

Like we have mentioned before, cyber threats can take many forms or
shapes. One of the most common and often used types are Malware
Attacks.

34
 The Cybersecurity Career Handbook

Malware Attacks
A malware short for malicious software is a software that is designed to
harm or damage computer systems and networks. It infiltrates a system
usually via a link on an untrusted website, email or an unwanted software
download. It then deploys on the target system, collects sensitive data,
manipulates and blocks access to network components and may even
destroy data or shut down the system altogether. Some well-known types
of malware include:
1. Viruses:
A visual is a self-replicating program that can attach itself to another
program or file in order to reproduce. When executed it replicates
itself by modifying other computer programs and inserting its own
code into those programs. If the process of replication is successful,
the affected areas are then said to be infected with a computer virus.
They generally need a host program in order to take action. The virus
writes its own code into the host program and when the program
runs, the written virus program is executed first, causing infection
and eventual damage. As a result of the millions of dollars worth of
damages caused by viruses each year, an industry of antivirus software
has cropped up either selling or freely distributing protection to users
of various operating systems.
2. Worms:
A worm is a malware that seeks to exploit software vulnerabilities and
back doors to gain access to an operating system. Unlike the virus,
a worm is a stand-alone malware that does not require a code to
replicate itself and spread to other computers. Instead, it relies on a
computer network to spread itself, relying on security failures on the
target computer to access it. It uses this machine as its host to scan
and infect other computers. Once these worm-invaded computers are
controlled, the worm will continue to scan and infect other computers
using these computers as hosts with the same pattern of behaviour
continuing. Worms almost always cause some amount of damage to
a network, even if only by consuming bandwidth, whereas viruses

35
Chapter 2: Network security

almost always corrupt or modify files on a targeted computer.

3. Trojans:
Also known as Trojan horse is any malware that misleads users of its
true intent. Initially, a Trojan poses as an innocent program, hiding
in apps, games or email attachments. An unsuspecting user then
downloads the Trojan thereby granting it access to their device. Unlike
viruses and worms, Trojan generally does not attempt to inject itself
into other files or otherwise propagate itself. Since individual Trojans
typically use a specific set of ports for communication to command
and control, it can be relatively simple to detect them. Other malware
may also take over a Trojan and use it as a proxy for malicious acts.
4. Ransomware:
This is one of the most widely used methods of attacks. Ransomware
is a type of malware from crypto virology that threatens to publish
the victims personal data and permanently block access to it unless
a ransom is paid off. It enters a computer network and encrypts files
using public-key encryption. Unlike other malware, the encryption
key stays on the cyber criminal’s server who will then request that a
ransom be paid for a private key. Organisations are often advised to
focus on prevention efforts as ransomware are hard to detect and they
keep evolving.
5. Crypto jacking:
With crypto jacking, an attacker hijacks a computer to mine
cryptocurrency against the users will. They do this by deploying
software on a victim’s device and begging using their computing
resources to generate cryptocurrency. Affected systems can become
slow and crypto jacking kits can affect system stability or even end in
a crash due to straining of computational resources.
6. Spyware:
A spyware is a software with malicious behaviour that aims to gather
information about a person or organisation and send it to another
entity in a way that harms the user. A malicious actor often gains access

36
 The Cybersecurity Career Handbook

to an unsuspecting user’s data, including sensitive information such as

password and payment details. Desktop browsers, mobile phones and
desktop applications are often affected in a spyware attack.

Social Engineering Attacks

Social engineering involves the use of psychological manipulation to
influence individuals or groups to divulge sensitive information or perform
actions that may compromise security. It is a tactic used by attackers to
trick individuals into giving away sensitive information such as passwords,
or financial information or, to perform actions that may compromise
security, such as clicking on a malicious link.

There are several types of social engineering tactics that attackers use to
manipulate individuals into divulging sensitive information or performing
actions that may compromise security. Some of the most common types
are:
1. Phishing:
This is a type of social engineering in which attackers use email or text
messages to trick individuals into providing sensitive information. The
attacker may send an email pretending to come from a trusted source
in order to lure individuals to divulge information such as passwords
or financial details.
2. Vishing:
Vishing meaning voice phishing is when an attacker uses phone calls
to trick an individual into providing sensitive information or into
performing actions that may compromise security. It typically targets
people in the older age spectrum but can be employed against anyone.
3. Baiting:
This is the type of social engineering where an attacker uses the promise
of something desirable such as a prize or a reward to trick individuals
into providing sensitive information or to take action that may leave
weakness in security they can exploit.

37
 Chapter 2: Network security

4. Pretexting:
Similar to baiting, the attacker pressures the target into giving
up information under false pretences. This typically involves
impersonating someone with authority whose position will compel
the victim to comply.
5. Shareware:
This is a type of social engineering in which attackers use fear,
uncertainty, and doubt to trick individuals into providing sensitive
information or into performing actions that may compromise security.
6. Piggybacking:
Piggybacking is when an authorised user provides physical access
to another individual who piggybacks off the user’s credential. For
example, an employee may grant access to someone posing as a new
employee who misplaced their credential card.

SQL Injection
SQL injection is a type Injection cyber attack that targets databases by
injecting malicious SQL code into web application’s input fields. The goal
of the attack is to gain unauthorised access to sensitive data stored in the
database, such as user passwords or financial information. SQL injection
attacks can be used to steal data, modify data, or even delete data from
a database. It is important to use prepared statements and parameterized
queries to prevent SQL injection attacks. Additionally, using a web
application firewall can help protect against these types of attacks.

Some types of SQL injection attack include:

1. Tautologies:
In this type of attack, the attacker uses a tautology , or a logical statement
that is always true, in the WHERE clause of a SQL statement. This
allows the attacker to bypass security checks and access sensitive data.

38
 The Cybersecurity Career Handbook

2. Union-based:
This type of attack allows the attacker to combine the results of
multiple SELECT statements into a single result set. This can be used
to gain access to data that is not normally visible to the attacker.
3. Blind:
Blind SQL injection attacks do not reveal the results of the injected
SQL code, making them more difficult to detect. These types of attacks
can be used to extract sensitive data over time by repeatedly making
small changes to the injected SQL code.
4. Error-based:
This type of attack leverages error messages returned by the database
to extract sensitive data.
5. Inferential:
This type of attack uses a series of true or false queries to infer data
from a database without directly accessing it.

Other type of Injection attacks include:

- Code Injection.
- OS Command Injection.
- LDAP Injection.
- XML eXternal Entities(XXE) injection.
- Cross-site Scripting (XSS).

Man-in-the-Middle Attack
A man-in-the-middle (MitM) attack refers to a cyber attack where an
attacker intercepts and alters communication between two parties
without their knowledge or consent. The attacker is able to read, insert,
and modify messages as they pass through the network, potentially
stealing sensitive information or injecting malware. MitM attacks can be
mitigated through the use of encryption and secure protocol, as well as by
using trusted networks and verifying the identity of the parties involved
in the communication.

39
 Chapter 2: Network security

Some examples of this type of attack include:

1. Wi-Fi eavesdropping:
This happens when an attacker sets up a Wi-Fi connection and poses
as a legitimate actor, e.g a business that users may connect to. This
gives the attacker access to monitor the activity of connected users and
intercept data such as login credentials or payment card details.
2. Email hijacking:
Email hijacking is when an attacker spoofs the email address of a
legitimate organisation such as a bank, and uses it to trick unsuspecting
users into giving up sensitive information or making a money transfer
to the attacker thinking they are in conversation with the bank.
3. HTTPS spoofing:
Compared to HTTP, HTTPS is considered to be the more secured
option but it can as well be used to trick a browser into believing a
malicious website is safe. Using HTTPS, the attacker is able to conceal
the malicious nature of the website.

Denial-of-Service Attack
A denial-of-service attack is one in which the perpetrator seeks to
make a machine or network resource unavailable to its intended users
by temporarily or indefinitely disrupting service of a host connected to
a network. This kind of attack overloads the target system with a large
volume of traffic, thereby hindering the ability of the system to function.
An attack that involves multiple devices as the target is known as a
distributed denial-of-service (DDoS). There are several types of DDoS.
Some of them are SYN flood DDoS, UDP flood DDoS, HTTP flood
DDoS, ICMP flood, NTP amplification.

40
 The Cybersecurity Career Handbook

Basic Security Measure

With some of the threats identified and several others security experts are
discovering regularly, ensuring we put security measures in place is the
obvious first place to begin. Listed below are some popular ones;
1. Using a strong and unique password:
A strong password is one that is difficult for others to guess or crack.
It should be at least 12 characters long and include a mix of uppercase
and lowercase letters, numbers, and special characters. It is also
important to use a different password for each of your accounts, in
case one password is compromised, the others won’t be put at risk too.
2. Enabling two-factor authentication:
Two-factor authentication (2FA) adds an extra layer of security to your
accounts by requiring a second form of verification, such as a code
sent to your phone or a fingerprint scan, in addition to your password.
This makes it much more difficult for someone to gain unauthorised
access to your accounts, even if they have the password.
3. Keeping software and operating systems up to date:
Software and operating system vendors regularly release security
patches for known vulnerabilities. By keeping your software and
operating system up to date, you can ensure that your devices and
network are protected against the latest threats.
4. Being cautious of suspicious emails or links:
Phishing emails are a common tactic used by attackers to gain access to
sensitive information. These emails may contain links or attachments
that when clicked, will install malware on your device or take you to a
fake website designed to steal your login credentials.
5. Using a firewall:
A firewall is a security system that monitors and controls incoming
and outgoing network traffic based on a set of security rules. It helps
to prevent unauthorised access to a network and can also be used to
clock certain types of traffic, such as incoming traffic from known
malicious IP addresses.

41
Chapter 2: Network security

6. Regularly backing up important data:

Backing up day regularly ensures that one will not lose any important
information in case of a security incident, such as a cyber attack or a
hardware failure. It is best to store your backups in a secure location,
separate from your primary data storage.
7. Using antivirus and anti-malware software:
Antivirus and anti-malware software can help to detect and remove
malware from your device. These programs can also help to prevent
new malware from being installed by monitoring for suspicious
activity and blocking it.
8. Restricting access to sensitive information:
Implementing the principle of least privilege means that each user
is given only the minimal level of access necessary to perform their
job functions. This helps to prevent unauthorised access to sensitive
information and reduce the risk of a security incident.
9. Reviewing security logs:
Regularly reviewing security logs can help you to detect any suspicious
activity on a network, such as failed login attempts or traffic from
known malicious IP addresses. This can help you to quickly identify
and respond to any security incidents.
10. Encryption:
This is the process of converting plain text into a coded format that can
only be accessed by someone with the decryption key. It helps to protect
sensitive information from being read or modified by unauthorised
parties , even if intercepted or stolen. Encryption is often used in
conjunction with other security measures, such as firewalls, antivirus
software, and access controls. For example, sensitive data may be
encrypted when it is stored on a device or transmitted over a network,
and access to the decryption key may be restricted to authorised users.
Encryption can also be used to protect data at rest and in transit, this
way even if the data is intercepted, it will be unreadable.

42
 The Cybersecurity Career Handbook

11. Educating oneself and employees about security best practices:

Regularly educating oneself and employees about security best practices
can help to ensure that everyone is aware of the risks and knows how
to protect against them. This can include training on topics such as
strong password creation, recognizing phishing attempts, and safe
browsing habits

The OSI Model

The Open System Interconnection (OSI) is a reference model for how

applications communicate over networks. It is a conceptual model created
by the internationalisation for standardisation which enables diverse
communication systems to communicate using standard protocols.

That means the OSI provides the standards for different computer systems
to be able to communicate with each other. It can be seen as a universal
language for computer networking and is based on the concept of dividing
a communication system into seven abstractly as each one stacked on top
of the last.

Each layer of the OSI model takes care of a specific job and communicates
with the layers above and below itself.

The OSI model guides technology vendors on the design of software and
hardware that can be operated together, providing a clear framework that
describes the capabilities of a network communication or system. It can
also be seen as a universal language for computer networking.

The OSI model is very useful for troubleshooting network problems Even
the most modern Internet does not strictly follow its methodology. One
very good use of the model is the fact that it’s easier to trace problems
due to the nature of the model. When there’s a challenge in the network
system, it is easier to narrow down and isolate the source of the trouble. If
the problem can be narrowed down to one specific Layer of the model, a
lot of unnecessary work can be avoided.

43
 Chapter 2: Network security

The 7 Layers of the OSI Model

The seven abstraction layouts of the OSI model identified from top to
bottom are as follows:
1. Application Layer:
Of all the layers in the OSI model, this is the only layer that directly
interacts with data from the user. This is because at this layer, both
the end-user and application layer interact directly with the software
application. Software applications like web browsers and email
clients rely on the application layer to initiate communications. It is
important to know that client software applications are not part of
the application layer; rather the application layer is responsible for
the protocols and data manipulation that the software relies on to
present meaningful data to the user. The application layer identifies
communication partners, resource availability, and synchronises
communication. Examples of this include HTTP and SMTP.
2. Presentation Layer:
This layer prepares data for the application layer. In other words, it
makes the data presentable by formatting or translating it for the
application layer based on the syntax or semantics that the application
accepts. It is also responsible for encryption and compression of data.
For instance, if two communication devices communicating are using
different encoding methods, layer six is responsible for translating
incoming data into a syntax that the application layer of the receiving
device can understand. In the process of compressing data for the
application layer, The presentation layer improves the speed and
efficiency of communication by minimising the amount of data that
will be transferred.
3. Session Layer:
This layer is responsible for opening and closing communication
between two devices. A session refers to the time between when the
communication is opened. The session covers when a connection
between machines is set up, managed and terminated. The session

44
 The Cybersecurity Career Handbook

layer ensures that the session stays open long enough to transfer all the
data being exchanged and then promptly closes the session in order
to avoid wasting resources. Additionally this layer also synchronises
data transfer with checkpoints. This is applicable for example if a
file is being transferred and there’s a disconnect during the session.
Without the checkpoints, the entire transfer will have to begin again
from scratch instead of where it left off.
4. Transport Layer:
Transport layer manages the delivery and error check of data packets. It
provides the functional and procedural means of transferring variable-
length data sequences from a source host to a destination host from
one application to another across the network, while maintaining
the quality of service functions. This layer also controls the reliability
of a given link between a source and destination host through flow
control, error control and acknowledgment of sequence and existence.
Flow control determines an optimal speed of transmission to ensure
that a sender with a fast connection remains at pace with a receiver
with a slow connection.
5. Network Layer:
This layer facilitates data transfer between two different networks. It
is responsible for the functional and procedural means of transferring
packets from one node to another connected in different networks.
This layer is not necessary if the two devices communicating are on
the same network. Packets which refer to segments from the transport
layer which are broken up into smaller units are reassembled on the
receiving device by the network layer. In addition, the network layer
is responsible for routing which refers to the best physical path for the
data to reach its destination.
6. Data Link Layer:
The data link layer provides node-to-node data transfer. It is quite
similar to the network layer except that the data link layer facilitates
data transfer between two devices on the same network. It’s responsible
for detecting and possibly correcting errors that may occur in the

45
 Chapter 2: Network security

physical layer. This layer takes packets from the network layer and
breaks them into smaller pieces called frames. Similar to the network
layer, the data link layer is also responsible for flow control and error
control in intra-network communication.
7. Physical Layer:
The physical layer is responsible for the transmission and reception
of an unstructured raw data between a device, such as a network
interface controller, ethernet hub or network switch and a physical
transmission medium. It includes the physical equipment involved in
the data transfer such as the cables and switches. This is also the layer
the data gets converted into bit streams which are a string of 0s and 1s.

In conclusion, for information to be transferred over a network from one

device to another and for it to be understandable, The data must first travel
down to seven layers of the OSI model on the sending device and then
travel up the seven layers on the receiving end. This means for information
to be transferred from one end to another it must first be broken down
through the various layers of the model and then reassembled on the other
end.

The TCP/IP Model

The Internet protocol suite, commonly known as TCP/IP, is the

framework for organising the set of communication protocols used in the
Internet and similar computer networks according to functional criteria.
The foundation of protocols in the suites are the Transmission Control
Protocol (TCP) , the User Datagram Protocol (UDP) and the Internet
Protocol (IP).

It can be viewed as a set of communication layers with each layer solving

a set of problems involving the transmission of data provided as a well-
defined service to the upper layer protocols based on using services from
lower layers. The upper is closer to the user and deals with more abstract
data, relying on lower layer protocols to translate data into forms that can
be physically transmitted later.

46
 The Cybersecurity Career Handbook

The suite provides end-to-end data communication specifying how data

should be packetized, addressed, transmitted, routed, and received. Unlike
the ISO mode with six abstraction layers, the functionality of the internet
protocol suite is organised into four abstraction layers which classify all
related protocols according to each protocol’s scope of networking.

The four layers of the Internet Protocol Suite are:

1. The Application Layer:
The application layer performs the functions of the top three layers of
the OSI model, that is, Application, Presentation and Session layer.
It handles node-to-node communication and controls user-interface
specifications. This is the layer in which all application protocols such
as HTTP, SMTP, FTP. SSH operates. Processes are addressed via ports
which essentially represent services.
2. Transport Layer:
This layer performs host-to-host communication functions on either
local network or remote networks separated by routers. The message
from the application layer is built on this layer. The transport layer
helps to control the links reliability through error control, flow
control, segmentation and de-segmentation.
3. Internet Layer:
The internet layer exchanges datagrams across network boundaries. It
is also known as the network layer and its primary function is to send
packets from the source or computer to their destination irrespective
of their route. This layer defines and establishes the internet.
4. The Link Layer:
Also known as the Network Access layer, the link layer specifies the
physical transmission of data over the network. It corresponds to the
OSI data link layer and may include similar functions as the physical
layer. This layer handles data transmission between two adjacent
devices on the same network and determines how bits should be
optically signalled by hardware devices that interface directly with a
network media.

47
 Chapter 2: Network security

Non-Technical Skills Your Need To Thrive In Cybersecurity

Technical skills in cybersecurity are often insufficient to protect a system

or adequately defend against an attack as most errors involve humans who
make mistakes. To address the human factors, cyber security professionals
need a range of both technical and non-technical skills to enable them to
effectively protect cyber-assets.

To fill unique niches and role requirements, a cybersecurity personnel

needs to make themselves as versatile as possible. A combination of
technical and non-technical skills enables a professional to provide all-
encompassing solutions within and outside their roles.

Some of these skills include:

1. Communication and Leadership Skills:
Security experts need to develop skills that are useful in explaining
technical concepts in ways business people can understand. It may
be difficult to advance your career if you are unable to explain basic
security concepts in terms that business leaders can relate with.
Concepts such as risks and possible solutions need to be properly
communicated for good decision- making outcomes.
2. Creativity:
While creativity is probably the least technical skill one can think of,
it is a key factor that can contribute to career progression. Creative
security people have the unique capability of thinking like the hacker.
They are able to envisage many what-if scenarios and stay one step
ahead of cyber criminals.
3. Management Skills:
If your aim is to reach the upper echelons of your career in cybersecurity,
then improving your management skills can boost your progress
significantly. Experts who can manage time, people, assets and projects
are often set-up to later on take up managerial roles where their skills
are better appreciated.

48
 The Cybersecurity Career Handbook

4. Security Awareness:
A career in cybersecurity is one that requires the highest level of
security awareness. To curtail the activities of cyber criminals who
are regularly on the prowl and looking for weaknesses to exploit, a
professional should be knowledgeable about the current ways systems
can be exploited and what can be done to breach-proof it.
5. Problem-Solving Skills:
The ability to solve problems is a major part of many job roles but even
more so in cybersecurity. To be a good problem-solver, you need an
analytical mind as well as an ability to view situations from different
angles, think laterally and try new things.
6. Teamwork:
If there was ever a place where a tree does not make a forest, the cyber
job space would be it. There is often a misconception that a job in
cybersecurity is a solo task, but upon closer look, you will find that it
is not so. The ability to work independently is definitely an important
one but for the majority of scenarios, the ability to collaborate with
others both inside and outside of your department is a necessity. These
collaborations can range from building defence solutions as a team to
consulting with business units and working with their feedback.
7. Adaptability:
In cybersecurity, the ability to adjust to situations as they change can
make all the difference. Being flexible and adorable means you are
quick to embrace new ideas and not get hung up on existing solutions
8. Learning Capabilities:
Cybersecurity is one space that requires you to be a life-long learner.
Security professionals are expected to be up-to-date on trends and
vulnerabilities so they can quickly learn to adapt and apply the skills
they have gained in a new context.

49
 Chapter 2: Network security

During interviews, having examples of all these skills and how you have
displayed them previously can help you stand out to employers and make
you all the more employable for your dream job.

Ethical Considerations in Cybersecurity

Ethics in broad terms refers to the concerns humans have always had for
figuring out how best to live. It deals with our concepts of what is generally
believed to be right or wrong.

In cybersecurity today, ethical issues are at the core of practices that are
targeted towards ensuring the protection of data, networks and computer
systems. These data, systems and networks all have their own economic
or other value but what experts seek to protect the most is the integrity,
functionality and reliability of human practices and institutions that rely
on them. In protecting these institutions and practices, security experts
by extension are protecting the lives and well being of the human beings
who depend on them.

For instance, a professional who is responsible for securing the network

and critical data of a hospital indirectly helps in maintaining the safety
of patients in that hospital. In similar fashion, preventing hackers from
accessing people’s financial assets, credit cards and other confidential
information, a security professional helps to ensure the well-being of
everyone.

The goal of ethics is not to dictate what professionals must do when faced
with every ethical dilemma but to instil a strong sense of principles that
govern behaviour or conduct in order to prevent grave repercussions for
both the professional, the organisation and the individual.

Ethical issues in the context we are addressing here refer to consequences

whether damages or benefits that can come from the decisions and choices
of a cybersecurity professional. Access to sensitive data gives professionals
access to power that must be monitored and and managed properly.

50
 The Cybersecurity Career Handbook

The security of any network has a lot more to do with ethics than we
realise. Many security breaches among IT experts have been traced to
ethical lapses from cybersecurity professionals. This makes it all the more
important and necessary that ethics in this space are enforced for the
benefit of all.

Important Ethical Issues in Cybersecurity

1. Harm to Privacy:
Privacy harm is often explained as the negative consequences of a
violation of privacy. One of the most common cyber threats to privacy
is identity theft. This is a situation in which personally identifying
information is stolen and used to impersonate victims in financial
transactions or other illegitimate purposes. The continued growth
of our global data system further amplifies the poor and unethical
cybersecurity practices around the world. Even those who have stayed
off the digital grid are not protected from the effects of privacy harm.
Friends and family members of people who even practise stringent
personal data security may unwittingly generate their data and
share online. Cybersecurity professionals are therefore pressured to
increase efforts by employing advanced cybersecurity tools and taking
specialised training.
2. Harm to Property:
The threat or attack on cybersecurity do not only cause damage to
digital properties. Physical assets may also be lost when a breach
occurs. Oftentimes, property can be directly targeted through cyber-
intrusions that may seek to misappropriate electronic funds, passwords
or even remotely cause damage to these properties. These forms of
exploitation can sometimes be instigated by criminals motivated
individuals or even politically affiliated groups.
3. Cybersecurity Resource Allocation:
Cybersecurity is expensive and this should also serve as a motivation
for professionals to keep their guards up at all times. The imposing
cost of system resources such as data storage capacity, power efficiency

51
 Chapter 2: Network security

and maintaining system usability/reliability and their vulnerability

leads to even higher cost. Ethical use of these resources therefore
means that a justifiable balance is found in their allocation as well as a
careful reflection on the harms, benefits, rights and values involved in
reaching that decision.
4. Transparency and Disclosure:
A lot of risk management is involved in cybersecurity, An obligation
to practise transparency weighs heavily on a cybersecurity professional
as it is their duty not only to identify risks but also to fulfil the ethical
duty of disclosing such risks to those that may be affected with the aim
of helping them make informed decisions. Still, the appropriate mode
and extent of disclosure and what counts as timely notification is still
largely debatable. In managing transparency issues, there is no one way
or instruction that one can follow to guarantee appropriate transparent
cybersecurity practice. As a result, each case must be examined with
the utmost ethical motivation to identify risks, benefits, trade offs and
stakeholder interests and make an ethical judgement on what is best
to do given the current situation.
5. Cybersecurity Roles, Duties and Interests:
There is an ongoing debate about the hacking community. With
divergent roles and subcommunities, it has become difficult to truly
state the ethical standard of a hacker. Other roles in cybersecurity
face similar complications in identifying standards for practices and
ethically acceptable behaviour. Finding cybersecurity solutions that are
justifiable by reasonable professional standards can be challenging and
requires care consideration, ethical reflection, analysis and problem-
solving.

Cybercrime: Laws and Legalities of Cybersecurity

Cybercrime means any criminal act that involves the use of a computer or
a Computer network. Such criminal acts may include identity theft, fraud,
trafficking in child pornography and intellectual property or violating of
privacy.

52
 The Cybersecurity Career Handbook

According to Wikipedia, there are many privacy concerns surrounding

cyber crime when confidential information is intercepted or disclosed,
lawfully or otherwise. Internationally, both governmental and non-state
actors engage in cybercrimes, including espionage, financial assistance,
and cross-border crimes. Cybercrimes crossing international borders and
involving the actions of at least one nation-state are sometimes referred to
as Cyberwarfare.

Categories of Cybercrimes

There are four broad categories of cybercrime:

1. Cybercrime against persons (Examples are: harassment, spoofing,
carding, stalking).
2. Cybercrime against property ( examples are: IPR, Data theft,
trespass, squatting).
3. Cybercrime against infrastructure ( Example: attack on critical
infrastructure).
4. Cybercrime against society (Example: pornography, gambling,
cyber trafficking, forgery e.t.c)

Types of Cyber Threats

1. Email account hacking.

2. Credit card fraud.
3. Online share trading fraud.
4. Theft of confidential information.
5. Software piracy.
6. Music piracy.
7. Phishing.
8. Online sale of illegal articles.
9. Use of the Internet by terrorists.
10. Viruses, worms and Trojans.
Virtually every country in the world has some form of set of law governing
their use of the internet and data. Unfortunately, there are still several
where these laws are very weak especially in developing countries.
Cybercriminals have been known to hide and strike internationally while

53
 Chapter 2: Network security

remaining undetected. Even when identified, these criminals avoid being

punished or extradited to a country such as the USA, that has developed
laws that allow for prosecution.

There are keys relevant to the field of information security and of particular
interest those that live and/or work in the USA. The Computer Fraud and
Abuse act of 1986 (CFA Act) is the cornerstone of many computer-related
federal laws and enforcement efforts. In October 1996, it was amended
by the National Information Infrastructure Protection Act of 1996. This
modification covered several sections of the previous act and increased the
penalties of several crimes. Punishment for offences prosecuted under this
statute varies from fines to imprisonment of the 20 years of both.

The three criteria for determining the severity of punishment under this
law depends on the value of information and whether it was carried out
for the purpose of ;
- Commercial advantage.
- Private financial gain.
- In Furtherance of a criminal act.
Another key law is the computer security act of 1987. It was one of the first
attempts to protect federal computer systems by establishing minimum
acceptable security practices. The responsibility of developing these
security standards and guidelines fell to the National Bureau of Standard
in cooperation with the National Security Agency.

The United Nations Office on Drugs and Crime (UNODC) in 2013

made some submissions after a comprehensive study on cybercrime. The
organisation proposes 14 acts that may constitute cybercrime organised in
those same three broad categories:
1. Acts against the confidentiality, integrity and availability of
computer data or systems:
♦ Illegal access to a computer system.
♦ Illegal assets, and deception or acquisition of computer data.
♦ Illegal interference with a computer system or computer data.

54
 The Cybersecurity Career Handbook

♦ Production, distribution of possession of computer misuse tools.

♦ Breach of privacy or data protection measures.
2. Computer related hacks for personal or financial gain or harm:
♦ Computer-related fraud of forgery.
♦ Computer-related identity offences.
♦ Computer related to copyright or trademark offences.
♦ Sending or controlling the sending of spam.
♦ Computer-related acts causing personal harm.
♦ Computer-related solicitation or grooming of children.
3. Computer content related acts:
♦ Computer related acts involving hate speech.
♦ Computer related production, distribution of possession of child
pornography.
♦ Computer-related acts in support of terrorism offences.

Privacy and Security Laws

Privacy and Security Laws refers to the laws regarding collecting,

accessing, using, disclosing, electronically transmitting, securing, sharing,
transferring and storing personally identifiable data, including federal,
state or foreign laws or regulations regarding :
- data privacy and information security.
- data breach notification (as applicable)
- trespass, computer crime and other laws governing unauthorised
access to or use of electronic data.
Over 80 countries and independent territories, including nearly every
country in Europe and many in Latin America and the Caribbean, Asia,
and Africa, have now adopted compressive data protection laws. The
universal principles for the privacy and protection of consumer citizen
data are as follows:

55
 Chapter 2: Network security

1. For all data collected, there should be a stated purpose.

2. Information collected from an individual cannot be disclosed to
other organisations or individuals unless specifically authorised
by law or by consent of the individual.
3. Records kept on an individual should be accurate and up-to-date.
4. There should be mechanisms for individuals to review data about
them, to ensure accuracy. This may include periodic reporting.
5. Data should be deleted when it is no longer needed for the stated
purpose.
6. Transmission of personal information to locations where
equivalent personal data cannot be assured is prohibited.
7. Some data is too sensitive to be collected, unless the extreme
circumstances.
Some recognized laws in data protection and privacy include:
1. 1974 U.S Privacy Act.
2. 1986 U.S Computer Fraud Act (amended in 1986, 1994, 1996
and 2001).
3. 1986 U.S Electronic Communication Privacy Act ( ECPA).
4. 1990 United Kingdom Computer Misuse Act.
5. 1995 Council Directive on Data Protection for the European
Union (EU).
6. 1996 Health Insurance Portability and Accountability Act
(HIPAA) ( requirements added in December 2000)
7. 2002 Homeland Security Act (HSA).
8. 2002 Federal Information Security Management Act of 2002.

Challenges and Opportunities in Cybersecurity

Asides the obvious and persistent skill gap and staffing issues in the
cybersecurity space, there are several other challenges that make working
in the field an uphill task for professionals. Everyday seems to unveil
even more trouble as the world experiences more progress in science and
technology.

56
 The Cybersecurity Career Handbook

With the amount of personal and sensitive information the internet carries
about every single one of us such as home address, banking card details
and much more and the ever-present threat of breach on the horizon,
cybersecurity becomes even more indispensable and with a possibility of
major trouble lurking in every corner.

To remain vigilant about the data security sensitivity, businesses and

individuals must constantly be aware of the top five emerging cybersecurity
challenges:
1. Ransomware Attacks:
Ransomware is a type of malware from cryptovirology that threatens
to publish the victims personal data or permanently block access
to it unless a ransom is paid off. In the year 2021, there were an
unprecedented number of ransomware attacks and the trend only
grew from there. Simple ransomware may lock the system without
damaging any files, more advanced malware uses a technique code
Cryptoviral extortion. It encrypts the victim’s files, making them
inaccessible then demands a ransom payment to decrypt them. They
are typically carried out using a Trojan disguised as a legitimate file
that the user is tricked into downloading or opening when it arrives as
an email attachment.
2. Internet of Things Attacks (IoT):
The internet of things is the most vulnerable to data security threats. The
IoT describes physical objects or groups of such objects with sensors,
processing ability, software and other technologies that connect and
exchange data with other devices and systems over the internet or
other communication networks. With items like this all around us,
cybercriminals can easily hack into gadgets, implant malware on it or
gain access to additional information belonging to us.

57
 Chapter 2: Network security

3. Cloud Attacks:
A cyberattack that is channelled towards remote service providers
using their cloud infrastructure to offer hosting, computing or storage
services is called a cyberattack. Cloud storage providers are constantly
on the lookout as they are responsible for keeping data secure,
protected and running.
4. Phishing Attacks:
Phishing attacks have become increasingly sophisticated and often
transparently mirror the site being targeted , allowing the attacker
to observe everything while the custom is navigating the site. This
form of social engineering where attackers deceive people into
revealing sensitive information is one of the major challenges faced by
cybersecurity professionals.
5. Cryptocurrency and Blockchain Attacks:
Blockchain-based systems are off subject to internal and external
attacks these days. Despite the high level of security that Bitcoin and
Cryptocurrencies claim, cybercriminals have found a way to exploit
system loopholes and steal from unsuspecting users.

Despite all the various challenges that plague the Cybersecurity industry,
it is still one with a very promising future. Our world will forever be
reliant on technology creating boundless opportunities for those working
to make it secure.

Here are three key reasons why cybersecurity is expected to continue

thriving:
1. Data-driven Economy:
With the availability of advanced technology such as Machine Learning
and the Internet of Things, the accumulation and analysis of data is
expected to grow and drive new insight and products. While this is
happening, cybersecurity will form a fundamental building block in
providing a supportive, innovative and foundation for economies to
thrive and grow safely.

58
 The Cybersecurity Career Handbook

2. Job Growth:
Presently, cybersecurity experts are some of the most sought after
in the world and the trend is not going to change any time soon.
Cybersecurity represents one of the industries where professionals will
enjoy challenging roles with equally rewarding gains.
3. BYOD Policy:
This means Bring Your Own Device and is a policy that is expected
to boost opportunities in cybersecurity even more. As more businesses
are allowing employees to work remotely on their personal devices,
they are all the more vulnerable to cyber attacks. As a result businesses
are turning to cybersecurity to secure sensitive data by monitoring,
classifying and resolving various types of threat fueling market growth.

59
 Chapter 3
Building a Strong Foundation:
Computer Science Essential Concepts

Computer science is a broad field that involves the study of computers

and computing. It involves the study of computers and computational
systems including their theoretical and algorithmic foundations, hardware
and software, and the uses for processing information.

The field of Computer Science also includes the study of algorithms

and data structures, computer and network design, modelling data and
information processes, and artificial intelligence.

It draws some of its foundations from mathematics and engineering and

therefore incorporates techniques from here such as queuing theory,
electronic circuit design, probability and statistics. Hypothesis testing
and experimentation are also heavily used concepts in computer science
during the conceptualization, design, measurement and refinement of
new algorithms, information structures, and computer architectures.

Computer science is part of a family of five separate yet interrelated

disciplines: computer engineering, computer science, information systems,
information technology, and software engineering. All five have become
known collectively as the discipline of computing. They are interrelated
in the sense that their object of study is computing but are separate since
each has its own research perspective curricula focus.

60
 The Cybersecurity Career Handbook

Major areas in the study of computer science include the traditional

study of computer architecture, programming languages, and software
development. Additionally, they also include computational science (the
use of algorithmic techniques for modelling scientific data), graphics and
visualisation, human computer interaction, databases and information
systems, networks, and the social and professional issues that are unique
to the practice of computer science.

The Background of Computer Science

Computer science emerged as a distinct academic discipline in the 1950s

and early 1960s although the digital computer which was the object of its
study was created two decades earlier. The origin of computer science lies
in the related fields of mathematics, electrical, engineering physics, and
management information systems. Mathematics play the major rules in
the development of the computer - the idea that all information can be
represented as sequences of zeros and ones and the abstract notion of his
third program

Electrical engineering provides the basics of security design – namely, the

idea that electrical impulses impute to a system can be conveyed using
Boolean algebra to produce arbitrary outputs. Advertisements in electrical
engineering physics later and later on led to the creation of transistors
alongside other circuits.

On the other hand, management information systems, originally called

data processing systems, provided early ideas from which various computer
science concepts such as certain searching, databases, information retrieval,
and graphical user interfaces evolved.

Data Structures and Algorithms

Data structure and Algorithms focuses on the study of commonly

used computational methods and their computational efficiency. Its
components include Analysis of algorithms, Algorithm design, Data
structures, Combinatorial optimization, Computational geometry and
Randomised algorithms.

61
 Chapter 3: Building a Strong Foundation

Data Structure

This is the process of collecting and organising data in such a way that we
can easily perform operations on them in an effective way. It involves data
organisation, management and storage format that gives the most efficient
access to data.

Different data structures are suited to different kinds of application with

some more specialised to specific tasks. It allows for the management of
large amounts of data for uses such as databases and internet indexing
services. Efficient algorithms can only be achieved with efficient data
structures .

Basically, data structures are structured programmes arranged in such a

way that various operations can easily be performed on it. This is to help
reduce complexity as much as possible, especially in large data.

The implementation of a data structure usually involves writing a set of

procedures that create and manipulate instances of that structure. The
efficiency of a data structure cannot be determined separately from those
operations.

Types of Data Structures

There are various types of data structures used to store large and connected
data but are built upon simpler primitive data types. Some of the most
common ones are:
1. Array:
This is among the oldest and most important data structures used in
almost every program. It consists of a collection of elements (values or
variables) , each identified by a minimum of one array index or key.
The storage of the array is such that the position of each element can
be computed from its index title by a mathematical formula. A linear
array which is also called a one-dimensional array is the simplest type
of data structure. The two- dimensional array is also called matrices
because it has a mathematical concept of a matrix. Elements of an array
data are required to have the same size and should use the same data

62
 The Cybersecurity Career Handbook

representation. Arrays are used in implementing other data structures

such as heaps, lists, hash tables, deques, queues, stacks, strings
and Vlists. In programs, arrays can be used in determining partial
or complete control flow as a compact alternative to the repetitive
multiple IF statements.
2. Linked List:
A linked list is a very commonly used linear data structure which
consists of groups of nodes in a sequence. Each mode carries its own
data and the address of the next node as a result forming a chain-like
structure. This structure allows for efficient insertion or removal of
elements from any position in the sequence during iteration. Linked
lists are among the most common and simplest data structures. They
are often used in implementing several other common abstract data
types like lists, stacks, queues, associative arrays and S-expressions. The
advantage of using a linked list over a conventional array is that the
list elements can be easily inserted or removed without reallocation
or reorganisation of the whole structure because the data items do
not need to be stored contiguously in memory or on a disk saving the
expense of restructuring at run-time.
3. Stacks:
A stack is a last in first out (LIFO) structure which can be found
commonly in many programming languages. As with a stack of physical
objects, this structure makes it easy to take an item off the top of the
stack, but accessing a datum deeper in the stack may require taking
off multiple other items first. It is considered a linear data structure or
more abstractly a sequential collection. The two basic operations that
can be performed on a stack are Push (to insert an element on the top
of the stack) and Pop (to delete the topmost element and return it). To
check a stack’s status, additional functions that are provided are Peek
(to return the top element of the stack without deleting it), is Empty
(to check if the stack is empty), is Full (to check if the stack is full).
A stack is usually used for expression of evaluation and to implement
function calls in recursion programming.

63
Chapter 3: Building a Strong Foundation

4. Queues:
A queue is a collection of entities that are maintained in a sequence and
can be modified by the addition of entities at one end of the sequence
and the removal of entities from the other end of the sequence. It has
a first in first out (FIFO) structure which can commonly be found in
many programming languages as well. This structure is named a queue
because it resembles a real-word queue. The queue’s basic operations
are ‘enqueue’ ( to insert an element to the end of the queue) and
‘dequeue’( to delete an element from the beginning of the queue).
Some applications of queues are in managing threads in multithreading
and implementing queueing systems.
5. Hash Tables:
Hash table also known as hash map is a data structure that implements
an associative array or dictionary. It stores values which have keys
associated with each of them. A hash table uses a hash function to
compute an index, also called a hash code, into an array of buckets
or slots, from which the desired value can be found. It efficiently
supports lookup when one knows the key associated with the value.
In an ideal situation, the hash function will assign each key to a
unique bucket, but most hash table designs employ an imperfect hash
function, which might cause hash collisions where the hash function
generates the same index for more than one key. Hash tables are used
to implement database indexes, implement associative arrays and to
implement the ‘set’ data structure.
6. Trees:
A tree is a widely used, non-linear data structure that represents a
hierarchical tree structure with a set of connected nodes. Each node in
the tree can be connected to many children ( depending on tree type),
but must be connected to exactly one parent, except for the root noise
which has no parent. This constraint means there are no cycles or
loops ( no node can be its own ancestor ) and also that each child can
be treated like the root of its own sub tree, making recursion a useful
technique for tree reversal. Tree data structures are applicable in binary

64
 The Cybersecurity Career Handbook

trees which are used to implement expression parsers and expression

solvers, binary search trees used in many search applications where
data are constantly entering and leaving, heaps used in Java Virtual
Machine to store Java objects and treaps used in wireless networking.
7. Heaps:
A heap is a special case of a binary tree where the parent nodes
are compared to their children with their values and are arranged
accordingly. The heap is a very efficient implementation of an abstract
data type called a priority queue. In a heap, the highest or lowest
priority element is always stored at the root and although it is not a
sorted structure, it can be regarded as being partially ordered. Heaps
can be of 2 types: Min heap and Max heap. The min heap is one in
which the key of the parent is less than or equal to those of its children
while the max heap is one in which the key of the parent is greater
than or equal to those of its children. Heaps can also be used in heap
sort algorithm, implementation of queue functions.
8. Graphs:
This is an abstract data type that is meant to implement the undirected
graph and directed graph concepts from the field of graph theory in
mathematics. It consists of a finite set of vertices or nodes and a set of
edges connecting these vertices. The order of a graph is the number
of vertices in the graph. A graph data structure may also associate
to each edge some edge value, such as a symbolic label or a numeric
attribute (cost, capacity, length, e.t.c). Graphs are applicable for use
to represent social media networks, to represent web pages and links
by search engines, to represent locations and routes in GPS. Locations
are vertices and the routes connecting locations are edges.

65
 Chapter 3: Building a Strong Foundation

Relevance of Computer Science to Cybersecurity

Computer science and Cybersecurity are closely related as both involve the
use of computers and technology to solve problems and protect against
potential threats. Computer science provides the foundational knowledge
and tools needed for cybersecurity. In addition, many cybersecurity
professionals have a background in computer science, as they need to
understand how computer systems and networks operate in order to
identify and defend against potential vulnerabilities and attacks.

Some of the ways that computer science is relevant to cybersecurity

include:
1. Algorithm and data structure:
Understanding algorithms and data structure is essential for creating
secure systems and networks, as well as for identifying vulnerabilities
and weaknesses.
2. Programming languages:
Knowledge of different programming languages is important for
developing secure software and systems, and for undertow to exploit
vulnerabilities.
3. Network and system design:
Computer science principles such as network and system design are
critical for creating secure and resilient networks and systems that can
withstand attacks.
4. Cryptography:
Cryptography is a fundamental part of cybersecurity and computer
science provides the mathematical foundations for encryption and
decryption techniques used to protect sensitive information.
5. Machine learning:
Machine learning techniques are increasingly used in cybersecurity to
detect and respond to cyber attacks in real-time, and computer science
provides the theoretical foundations for machine learning.

66
 The Cybersecurity Career Handbook

6. Information theory:
In the context of cybersecurity, information theory provides a way
to model the trade-offs between different security goals, such as
confidentiality, integrity, and availability.

In summary, computer science provides the foundation for cybersecurity

by giving the knowledge and tools necessary to design, build, and maintain
secure systems, networks, and applications. It also provides the theoretical
foundations for many of the security technologies and practices used in
cybersecurity today.

Algorithms

An algorithm is a specific and systemic procedure or finite sequence of

rigorous instructions for solving a well-defined computational problem.
Algorithms are used as specifications for performing calculations and
data processing. More advanced algorithms can use conditionals to divert
the code execution through various routes and deduce valid inferences,
achieving automation eventually.

In computer science, algorithms are used to perform a wide range of tasks

such as sorting data, searching for information, and manipulating images
and videos. Some key points to know about algorithms in computer
science include:
1. Efficiency:
The efficiency of an algorithm is measured by the amount of resources
(such as time and memory) it requires to complete a task. Algorithms
can be classified into different categories based on efficiency, such as
time, logarithmic time, linear time, and polynomial time.
2. Complexity:
The complexity of an algorithm is a measure of how the performance
of the algorithm changes as the input size increases. Some common
complexities include constant, logarithmic, linear and polynomial.

67
 Chapter 3: Building a Strong Foundation

3. Common algorithms:
There are many different types of algorithms (such as quick sort
and merge sort), searching algorithms (such as binary search and
linear search), and graph algorithms (such as Dijkstra’s shortest path
algorithm and Prim’s minimum spanning tree algorithm).
4. Big O notation:
Big O notation is used to describe the time complexity of an algorithm,
which describes the upper bound in the number of operations it
performs as the size of the input increases.
5. Recursion:
Recursion is a technique where a function calls itself in order to solve
a problem. Some problems are naturally recursive and are more easily
solved using recursion.
6. Heuristics:
Heuristics are methods that are used to make decisions or solve
problems that may not have a clear optimal solution. Heuristics are
widely used in optimization problems, where the goal is to find the
best solution among many possibilities.
7. Divide and conquer:
Divide and conquer is a technique that involves breaking down a large
problem into smaller sub-problems and solving them independently.
This technique is often used in sorting and searching algorithms.
8. Dynamic programming:
Dynamic programming is a technique that is used to solve problems
by breaking them into smaller overlapping subproblems and then
reusing solutions to these sub-problems.

It is important to frequently know how much of a particular resource

(such as time and storage) is theoretically required for a given algorithm.
Methods have been developed for the analysis of algorithms to obtain
such answers (estimates).

68
 The Cybersecurity Career Handbook

Algorithms play a crucial role in cybersecurity by providing the foundation

for many security technologies and practices. Some examples of how
algorithms are used in cybersecurity include:
- Encryption.
- Authentication.
- Intrusion detection and prevention.
- Firewalls.
- Malware detection.
- Blockchain.
- Machine learning.
- Graph theory.
New algorithms are constantly being developed and existing ones being
improved to adapt to new and sophisticated cyber threats.

List of Algorithms
All fields of science have their own problems and need efficient algorithms.
Listed below are some of the different aspects of algorithms:
- Search algorithm.
- Merge algorithms.
- Sorting Algorithms.
- Numerical algorithms.
- Graph algorithms.
- Computational geometric algorithms.
- String algorithms.
- Combinatorial algorithms.
- Medical algorithms.
- Machine learning.
- Cryptography.
- Data compression algorithms.
- Parsing techniques.

69
 Chapter 3: Building a Strong Foundation

Let’s examine one of the most popular types, Sorting Algorithms. There
are many different types of sorting algorithms, each with its own set
of characteristics and trade-offs. Some of the most common sorting
algorithms include:
1. Bubble sort:
A simple sorting algorithm that repeatedly steps through the list to be
sorted, compares each pair of adjacent items and swaps them if they
are in the wrong order. It is a basic algorithm and not very efficacies
for large data sets, but it is easy to understand and implement.
2. Insertion sort:
This is another simple sorting algorithm that builds the final sorted
list one item at a time by repeatedly removing one element from the
input data, finding the location it belongs within the sorted list, and
inserting it there. It is more efficient than bubble sort and is often used
for small data sets or data sets that are already partially sorted.
3. Selection sort:
This is a sorting algorithm that divides the input list into two parts:
the sorted part at the left end and the inserted part at the right end.
It repeatedly finds the minimum element from the unsorted part and
moves it to the sorted part. Like bubble sort and insertion sort, it is
not efficient for large data sets.
4. Merge sort:
A sorting algorithm that divides the input list into two sublists,
recursively sorts each sublist, and then merge the two sorted sublists
to produce the final sorted list. It is highly efficient and can handle
large data sets and data sets with many unique elements.
5. Quicksort:
This algorithm uses a divide-and-conquer strategy to partition the
input list into two sublists: one containing items smaller than a chosen
‘pivot’ element, and the other containing items greater than the pivot.
It then recursively sorts the sublists. It is very efficient, especially for

70
 The Cybersecurity Career Handbook

large data sets, but it can be slow on data sets with many unique
elements.
6. Radix sort:
The radix sort is one which sorts the elements of an array by first
grouping the individual elements of the array by their radix(i.e their
digits when represented in some base) and then sorting the elements
in each group. It is useful in sorting large data sets of integers, but may
not work as well for other types of data.
7. Heap sort:
A sorting algorithm that builds up a heap from the input list, and then
repeatedly extracts the maximum element from the heap and places it
at the end of the sorted list. It is efficient for large data sets and can be
implemented using a priority queue data structure.
8. Bucket sort:
This sorting algorithm distributes the elements of an array into a
number of ‘buckets’, and then each bucket is sorted individually,
either using a different sorting algorithm or recursively using the
bucket sort. It is efficient for large data sets with a limited number of
possible values.
9. Counting sort:
The counting sort algorithm is one that takes advantage of the fact
that the input consists of integers in a small range by counting the
number of occurrences of each value and then using this information
to determine the position of each value in the output array.

One needs to bear in mind that depending on the characteristics of the

input data, some sorting algorithms will be more efficient than others, so
it is important to choose the right one for the specific use case. Also, new
sorting algorithms are regularly being developed and studied, so this list
is not exhaustive.

71
 Chapter 3: Building a Strong Foundation

Every algorithm must satisfy a set of properties which include definiteness

(each step must be clear and well defined), input (there should be 0 or
more inputs supplied externally to the algorithm), output (at least, there
should be one output obtained), finiteness (the algorithm should have
finite number of steps) and correctness( every step of the algorithm must
generate a correct output).

Introduction to Object-Oriented Programming

Object-oriented programming (OOP) is a programming paradigm based

on the concept of objects, which can contain data or code. The data is in
the form of fields (often known as attributes or properties), and the code
is in the form of procedures (often known as methods). It is the use of
predefined programming modular units ( objects, classes, subclasses and
so forth) in order to make programming faster and easier to maintain.
Object-oriented language helps to manage complexities in large programs.

In OOP, computer programs are designed by making them out of objects

that interact with one another. OOP languages are diverse, but the
most popular ones are class-based, meaning that objects are instances of
classes, which also determine their types. It focuses more on the objects
that developers want to manipulate rather than the logic required to
manipulate them.

Some widely known and used object-oriented languages include: C++,

Ada, ActionScript, C#, Dart, Eiffel, Haxe, Java, JavaScript, Kotlin, logo,
MATLAB, Perl and many others.

Structure of Object-Oriented Programming

The structure or foundation is object-oriented programming is made up

of the following:
1. Classes:
This is an extensible program-code-template for creating objects,
providing initial values for state and implementations of behaviour.

72
 The Cybersecurity Career Handbook

They are user-defined data types that act as the blueprint for individual
objects, attributes and methods.
2. Objects:
These are instances of class created with very specific and defined data.
Objects can either correspond to things found in the real world or
they can represent abstract entities. When a class is defined initially,
the description is the only object that is defined.
3. Methods:
Methods are functions that are defined inside a class which describe
the behaviour of an object. Each method contained in a class
definition starts with a reference to an instance object. In addition,
the subroutines contained in an object are called instance methods.
Programmers use methods for reusability or keeping functionality
encapsulated inside one object at a time.
4. Attributes:
These are defined in the class template and represent the state of an
object. Objects usually have their data stored in the attributes field. A
class attribute belongs to the class itself.

The Main Principles of OOP

The four pillars of object-oriented programming are:

1. Encapsulation:
The principle of encapsulation states that all important information is
held inside an object and only select information is exposed. It prevents
an external code from being concerned with the internal workings of
an object. This facilitates code refactoring, for example allowing the
author of the class to change how objects of that class represent their
data internally without changing any external code. Encapsulation
helps to add security to codes by hiding important information from
threats such as phishing. Some other benefits of encapsulation is that
it protects against common mistakes by making only public fields and

73
Chapter 3: Building a Strong Foundation

methods accessible and also hides complexity so no one can see what’s
behind the object’s curtain.
2. Inheritance, Composition and Delegation:
Inheritance, composition and delegation are always that objects in
a program can relate to one another, but they are distinct concepts.
Inheritance is a mechanism where a new class (called a derived class
or child class) is created from an existing class(called a base class or
parent class). The derived class inherits properties and methods from
the base class and can also add new properties and methods. This
allows for code reuse and a clear hierarchy among classes. Rather than
utilising database tables and programming subroutines, the developer
utilises objects the user may be more familiar with: objects from their
application domain. Composition is when an object contains one or
more other objects as its properties. The composed object does not
inherit from the other objects but it can access their properties and
methods. This allows for code reuse and a way to model complex
relationships among objects. Object compositions is used to represent
“has-a” relationship for instance every employee has an address, so
every employee object has access to a place to store an address object
(either directly embedded within itself, or at a separate location
addressed via a pointer). Delegation on the other hand is a mechanism
where an object is passed as a parameter to another object, which then
uses the methods and properties of the passed object. This allows for
code reuse and a way to model complex relationships along objects.
3. Polymorphism:
This is the ability for a single function or method to operate on
multiple types of data, allowing for greater flexibility and code reuse.
Objects are designed in such a way that they can share behaviours
and they can take one more than one form. The program determines
which meaning or usage is necessary for each execution of that object
from a parent class, reducing the need to duplicate code.A child class
is then created, which extends the functionality of the parent class.

74
 The Cybersecurity Career Handbook

4. Abstraction:
This is the ability to focus on essential features of an object and
ignore the unimportant details, simplifying the design process and
making the code more readable. Here, objects only reveal internal
mechanisms that are relevant for the use of other objects, hiding any
unnecessary implementation code. The derived class can have its
functionality extended. This concept can help developers more easily
make additional changes or additions over time.

Programming Languages Theory and Formal Methods

This is the branch of computer science that deals with the design,
implementation, analysis, characterization, and classification of
programming languages and their individual features. Programming
language theory falls within the discipline of computer science, both
depending on and affecting mathematics, software engineering, and
linguistics.

Formal methods are a specific kind of maths- based technique for the
specification, development and verification of software and hardware
systems. It forms one of the foundational principles of software engineering,
especially where security and safety is involved. Formal Methods have
been employed in software testing since they help avoid errors and can
also give a framework for testing.

However, because of how expensive it is to use the Formal Method, they

are reserved for use only in the development of high-integrity and life-
critical systems, where safety and security is paramount.

75
 Chapter 4
Gaining Hands-on Experience:
What You Should Know About
Internships, Hackathons and
Online Resources

Relevant experience in the field of cybersecurity is credited as one of the

easiest ways to rise through the ranks in any organisation. Employers
are always on the lookout for skilled individuals who have proven track
records with hands-on experience. Some of the most common ways one
can gain the kind of experience employers are looking for include:

Internship and Co-op Programs

Internship and co-op programs in cybersecurity provides students with

hands-on experience working in the field of cybersecurity. These programs
are typically offered by companies, government agencies, and educational
institutions, and they can range from a few weeks to several months in
length. Participants in these programs may work on projects related to
network security, digital forensics, incident response, penetration testing,
and other areas of cybersecurity. These programs can be a great way for
students to gain practical knowledge and build their skills in the field, as
well as to make industry connections that can help launch their careers.

76
 The Cybersecurity Career Handbook

In a highly- competitive and dynamic industry like cybersecurity, the ever-

changing trends necessitates that a person seeking a career in such a field
be versatile, a quick learner and capable of mastering top-tier technologies.
You also need to form connections with experts who are more experienced
and fellow beginners like yourself.

Additionally, hiring managers get loads of resumes when new roles are
posted. How does one then stand out in a pile of resumes from more
experienced applicants or even beginners like yourself? Some amount of
experience gained through internships or co-op increases your odds of
being selected by a very wide margin.

Roles for a Cybersecurity Intern

Depending on the company or agency where you get a placement with, an

intern’s position can vary and they can expect to be asked to do a variety of
things. According to the educational and job-search portal, Cyber Intern
Academy, a cybersecurity internship role can include both fundamental
administrative work connected to technology and data security. This
involves reading and responding to emails, organising documents and/
or other digital resources, assessing and researching the company’s current
IT rules and regulations, and exploring new security products and tactics.

An intern may also be placed in a team to participate in projects that

are more directly focused on cybersecurity. This role may require you to
assist in the development of a new platform or digital system, network
maintenance, engaging in or helping to lead security awareness training,
and system audits and many other similar roles.

The skills an intern gains in both an administrative or cybersecurity project

role are equally essential. Strengthening your professional communication
skills and working on operational information systems with industry
professionals are abilities that have advantages in the whole course of one’s
career.

77
 Chapter 4: Gaining Hands-on Experience

Types of Internship

When looking to get a placement for an internship, it is important you

bear in mind that not all internships are the same. You will need to closely
examine the options available to you and select the one that suits your
career goals. Asking someone with more experience can also help reach a
fast decision as well. There are basically four types of internship based on
where you are at the moment on your journey to becoming a cybersecurity
expert:
1. Paid Internships:
As expected, a paid internship is very appealing and is a more enticing
option for anyone seeking to be an intern. Unfortunately, they are
quite hard to come by compared to other types. A paid internship
most times leads to a full-time job offer unlike an unpaid one. Large
organisations and private companies are known to be the ones who
make this kind of offer available most times. An intern and be placed
on a lump sum salary to be collected at the end of their program or a
stated amount they will receive every month. These monthly payments
are usually lower compared to what a person can earn as a full-time
staff in a similar role.
2. Unpaid Internship:
Just as the name connotes, an unpaid internship is one where the
intern does not earn anything besides the hands-on experience and
preparedness to join the workforce. They are much easier to come
by and are often short-term. While this type of internship may not
provide physical or monetary compensation? The skills learned and
experience gained are invaluable for the future.
3. Externship:
This is the equivalent of job shadowing. Most times, the intern will
be asked to shadow a more knowledgeable person in the field. The
duration of an externship can vary from a day to weeks but are usually
not defined. The purpose of this kind of arrangement is for the intern
to see the day-to-day responsibilities and actions that need to be taken
for each in the role of the person they are shadowing.

78
 The Cybersecurity Career Handbook

4. Internship for Credits:

Most times while in the university, students are required to gain
first-hand experience through internships. Colleges and universities
will often award credits upon successfully completing an internship
program depending on the guidelines laid down by the school.

Preparing to Apply for an Internship

Just like an actual job, getting a placement for an internship has its
procedures. Organisations do not just offer the opportunity to anyone
who applies. A person looking for an internship will need to devise
means to stand out from the crowd of applicants seeking the same role.
For applicants who are still students, maintaining an excellent grade and
participating in extracurricular activities that pertain to cybersecurity is a
sure fire way to get the hiring manager looking at their direction.

Also, having a well-prepared resume is a must. Although students are often

not expected to have prior experience rather, their aim should be to regale
the hiring manager with activities they have taken part in or experiences
they have gained during their time in school. Some of these may include
projects, volunteering endeavours, side hustles or other skills they have
that are applicable in the industry.

Alongside this, a well-written cover letter should be presented too. This

cover letter is a way to showcase what sets you apart from the other
candidates in terms of skills, experience and other qualities that are unique
to you. Before developing a cover letter, it is important that you conduct
a thorough check on the company you are applying to and the industry
in general.

To boost your chances as well, developing some skills by taking online

courses or earning certifications related to cybersecurity can make the
journey a lot smoother. After taking online courses, building a strong
portfolio that showcases what you know and projects you have handled
are also key.

79
 Chapter 4: Gaining Hands-on Experience

Once you scale through the application process, you will need to prepare for
an interview. Most organisations like to get to know their interns through
an interview process. Your interview should be taken as seriously as an
interview for a full-time job. To prepare for this part of your application,
you can search the internet for commonly asked internship interview
questions or check job listing sites like LinkedIn.com and Glassdoor.com.

Government Internships

This largely depends on the country you live in. Government internships
can also be a fantastic way to gain the necessary experience, knowledge
and skills needed to kickstart your career in cybersecurity.

In the United State of America, one example of a government cybersecurity

internship program is through the Department of Homeland Security.
The DHS has a ten-week program which comes along with an offer of
compensation. Approximately $5,800 is paid to an intern for taking part
in the program.

The salary is also dependent on previous work experience, education among

other considerations. Interns will be allowed to work alongside some of the
leaders in cybersecurity within the U.S. department of homeland security.
This internship particularly focuses on forensic analysis, malicious code
identification, incident handling and intrusion detection and prevention.

To qualify for this internship, the applicant must be:

- a citizen of the United States.
- able to obtain and hold a security clearance.
- enrolled in a bachelor’s or master’s degree program in an
accredited university with a major in computer science, electrical
engineering, electronics engineering, computer engineering,
network engineering, information technology, software
engineering, software assurance, supply chain, systems research,
systems application, information assurance.
- able to demonstrate oral and written communication skills.
- able to demonstrate project leadership skills.

80
 The Cybersecurity Career Handbook

Apart from the department for homeland security, several other

government organisations offer similar opportunities all year round. Some
of them include the Central Intelligence Agency (CIA), National Security
Agency and the Federal Bureau of Investigation (FBI).

To get an internship role with a government organisation, you can visit

their website to find out what their application requirements are.

Non-government Internship

Outside of government internship opportunities, those interested in

working in a private organisation for one reason or other, can come across
ample opportunities through various means as well.

There are many websites accessible to anyone where you can find the
perfect internship program for you. Job listing sites are usually top on this
list:

♦ LinkedIn.com:
This a great resource for professionals in any industry throughout
their career. It provides an easy but effective way to create connections
that you will find help at any stage you may be in your career. You
can search for an internship by navigating the jobs page and search
for internships using the search bar. To make your search easy, using
specific keywords can help you narrow your search down to exactly
what you are looking for.

♦ Internships.com:
This is another fantastic place to locate the internship job of your
dreams. The website allows you to type in keywords and location to
filter out the program of your choice.

♦ Glassdoor.com:
This job listing site also offers a great way to find internship roles. You
can also find a review of prospective employers on the site as well.
It’s also one of the top sites to search for a full time job when you are
ready.

81
 Chapter 4: Gaining Hands-on Experience

♦ WayUp.com:
Previously known as InternMatch.com, this site was built specifically
to match individuals with their pretreat internship opportunity. The
site requires the creation of a personal profile and other necessary
information. The site then does the job of matching you with an
employer based on your information

Another way of landing an internship is also by checking top organisations

you might like to work at. Some popular multinational companies known
for their internship programs are:
- Cybersecurity Ventures.
- Raytheon Technologies.
- IBM.
- Cisco Systems.
- Deloitte.
- Kaspersky Lab.
- McAfee.
- FireEye.
- Symantec.
- PwC.
- EY.
- Accenture.
- Booz Allen Hamilton.
- Ernst &Young.
- KPMG.
- Lockheed Martin.
- Northrop Grumman.
- RSA Security
- Trend Micro
- Uber.
- Unisys.
- Verizon and many more

82
 The Cybersecurity Career Handbook

Keep in mind that these internships may be competitive and specific

qualifications or experience may be required. In addition, some of these
companies may have specific internship programs for cybersecurity
while others may have cybersecurity-related internships within a larger
technology or consulting internship programs.

Strategies for Making the Most of Your Internship

It is not merely enough that you land your dream internship program. The
benefits may be lost on you if you do not maximise the opportunity before
starting out. There are several strategies you can use to make the most of
an internship. They include:
1. Set clear goals:
Before starting your internship, take some time to think about what
you want to achieve. This will help you stay focused and make the
most of your time.
2. Be proactive:
Don’t be afraid to take initiative and ask for additional responsibilities
or projects. This will help you gain more experience and show your
interest in the company and the field.
3. Network:
Take advantage of the opportunity to meet and connect with
professionals in your field. Attend company events , and don’t hesitate
to reach out to colleagues for advice or mentorship.
4. Learn as much as you can:
Take advantage of the opportunity to learn from more experienced
professionals. Ask questions, take notes, and take on projects that
challenge you.
5. Be open-minded:
Be open to new experiences and be willing to try new things. You
never know what you might discover that you enjoy doing.

83
 Chapter 4: Gaining Hands-on Experience

6. Reflect:
Take some time to reflect on what you have learnt and accomplished
during your internship. This will help you identify areas where you
can improve and prepare for your next step.
7. Follow up:
Stay in touch with the people you met during your internship and
keep them updated on your progress, they can be of great help in the
future.

How to Leverage Hackathons to Start a Career in

Cybersecurity

According to Wikipedia , “a hackathon is an event where people engage in

rapid and collaborative engineering over a relatively short period of time
such as 24 or 48 hours. They are often run using agile software development
practices, such as sprint-like design wherein computer programmers and
others involved in software development, including graphic designers,
interface designers, product managers, project managers, domain experts,
and others collaborate intensively on engineering projects, such as software
engineering.”

Participating in hackathons is a great way to start a career in cybersecurity.

Hackathons provide an opportunity to learn new skills, network with
professional le in the field, and showcase your abilities to potential
employers.

Listed below are 5 ways hackathons boost your employability:

1. Opportunity for low-risk learning:
Hackathons provide a safe and easy avenue to dive into riskier projects
and learn about the different tools, techniques and approaches
without the resultant fear of ruining a live project. A participant gains
knowledge about the problem, the risks that are involved, and still
have a chance to win without putting anything at stake.

84
 The Cybersecurity Career Handbook

2. Opportunity to enhance soft skills and learn new ones:

Taking part in a hackathon is the best platform to meet like-minded
people, learn diverse tech skills, and enhance soft skills. As a participant,
you will learn new technology and tools while polishing up your
communication, presentation, collaborative, and team-player skills.
All this will eventually come in handy as bonuses to your resume. The
hands-on lab, webinars, and mentors will also help in expanding your
learning horizon.
3. Opportunity to convert concepts into action:
Your participation is also a great way to judge the ability of other
participants and their ability to transform the ideas into prototypes.
You also gain exposure to reach better employability through the
software development cycle.
4. Opportunity to be recognized:
Hackathons are exceptionally great for meeting, connecting and
collaborating with IT professionals that are already professionals in the
field and work in top companies. Through hackathons, you can move
forward through networking and get recognized for the contribution
of your own idea.
5. Opportunity to improve problem-solving skills:
The nature of a hackathon generally requires you to be able to develop
various ways of solving a problem under pressure. Participants need
to be able to think fast, work smartly and focus on key elements. This
is part of the consideration for most employers in cybersecurity when
they want to take on new employees.

Probably the most exciting thing about hackathons is the exposure to

meet top brands, skilled professionals in the field already and get the
opportunity to work closely with them as you begin your journey. Here are
a few tips on how to leverage hackathons to start a career in cybersecurity:

85
 Chapter 4: Gaining Hands-on Experience

1. Participate in as many hackathons as possible:

The more experience you have, the better your chances of standing out
to potential employers.
2. Focus on learning new skills:
Hackathons provide an opportunity to learn new technologies and
techniques that can be applied to cybersecurity.
3. Network with professionals in the field:
Hackathons are a great opportunity to meet other people in the
cybersecurity industry, who can provide valuable advice and potentially
connect you with job opportunities.
4. Showcase your abilities:
Hackathons are a great way to demonstrate your skills and abilities
to potential employers. If you do well in a hackathon, it can help you
stand out in a crowded job market.
5. Look for internships or apprenticeships:
Many companies participate in hackathons as a way to find and recruit
new talent. Performing well makes you more attractive for internship
or apprenticeship opportunities.
6. Don’t be afraid to ask questions and seek feedback:
Hackathons are great opportunities to learn, so don’t be afraid to
ask questions, seek feedback, and learn from more experienced
participants.

Online Learning Resources and Their Benefits

Technology has immensely impacted many aspects of our lives, learning

inclusive. With the web making the world a smaller place, people are
now able to work together across continents to achieve a common goal.
Online teaching and other learning resources have simplified the process
of acquiring skills and certifications to boost one’s career. In cybersecurity,

86
 The Cybersecurity Career Handbook

getting trained to get hands-on experience without leaving the comfort

of your home is one of the many advantages you stand to enjoy. Online
resources may encompass a variety of things as well.

Online learning resource by definition is any resource available on the

internet in an online educational environment. This could be in the form
of an HTML document such as course or chapter objectives, lecture
notes, assignments, or answers to chapter questions. They could also be
in the form of audio or video lessons, interactive exercises or exams, or
documents providing links to other websites.

Benefits of Online Resources

Some of the unique benefits of taking advantage of the thousands of

resources available online:
1. It’s convenient and flexible:
Online programs afford you the convenience and flexibility regular
in-person learning does not. It allows you to plan your study sessions
around the rest of your day meaning you can work and study at the
peak of your energy be it day or night. You also get easy access to
course material when you need them rather than waiting or visiting
the library.
2. Greater ability to concentrate:
While there is still some amount of contradicting evidence about the
participation level of online students, online learning has been found
to be more inclusive for students who are shy and reticent. Students
can also find it easier to concentrate as they won’t get distracted by
other students.
3. Less time spent in transit:
An important feature of online learning is that it comes to you. The
opportunity to learn conveniently from anywhere without the extra
time and expense of transportation makes it an ideal situation.

87
 Chapter 4: Gaining Hands-on Experience

4. Post-class availability:
Only few resources available with classroom-based training are also
usable after class. Online classes on the other hand make resources
available to you even weeks after. Irrespective of the sessions you might
have missed, you have the opportunity to go over it at your pace for
a longer time.
5. Continuous update:
Most classroom courses only have the opportunity to update the course
material only per semester. In the case of online classes however, new
updates in the real world can easily be applied to what is being learned
as they are happening.
6. Less expensive:
Most of the time, it costs less to take an online class rather than its
equivalent in physical classes. Materials such as textbooks are made
available in searchable PDFs and other similar expenses a traditional
class will incur are drastically reduced or excluded entirely.

Online Labs and Simulation

Online or virtual labs are a great way to practise and train in a safe online
environment. They are more than just basic cybersecurity training though.
Some are also designed to provide the latest certification from reputable
companies like Cisco and Microsoft. Virtual training labs have been
employed by companies as a way of keeping their r IT departments up to
date, certified, fluent with industry software and knowledgeable about the
latest threats in the world.

For beginners, they serve as another good opportunity to get worthwhile

experience. Through virtual science lab games and engineering simulation
software, you can learn to interact with elements, machines, and interfaces
before or instead of trying them in real life.

88
 The Cybersecurity Career Handbook

It is usually in the form of an on-screen simulator or calculator that helps

test ideas and observe results. A learner will get to use advanced technology
to perform a series of experiments that yield authentic results.

How It Works

Programming courses often use simulation to teach learners how to

code. This means, virtual training labs have compilers and code editors
embedded in HTML pages, which then enables write, edit, and run code
easily, all within an eLearning course.

Web designers can also take advantage of such tools. They can affect
major changes or create entirely new features in a safe web environment,
test them out, share feedback, and then move to the live version of their
product or website. Through this means, they easily avoid disruption to
clients and product performance.

Other industries that use the virtual labs for training are the mechanical
engineering and construction fields. For beginners, simulations provide a
perfect means of honing your skills without causing unnecessary hiccups
with projects.

Massive Open Online Courses (MOOC) and Other Learning

Resources

MOOCs or Massive Open Online Courses, are online classes that are open
to anyone, anywhere, and usually for free. In the field of cybersecurity,
MOOCs can provide a great way for individuals to learn about various
topics related to computer security and network defence. Some popular
MOOCs in cybersecurity include ethical hacking, cybercrime and cyber
defence. These courses often include video lectures, quizzes and hands-on
exercises, and can be a great way to gain a foundational understanding of
cybersecurity concepts.

89
 Chapter 4: Gaining Hands-on Experience

However, it’s important to note that prior to now, MOOCs were generally
not considered a substitute for a formal education or professional
certification in the field but now a few of them offer their own online
certificate programs, bundling a set of courses around a specific subject
and providing proof of completion similar to a degree program.

There are many online learning resources for cybersecurity. They include:
- Courses on platforms like Coursera, EdX, Udemy, Udacity and
Khan academy.
- Cybersecurity -specific online learning platforms like Cybersecurity
Ventures and SANS Institute.
- Online tutorials and guides from websites like Cybersecurity
Degree Hub, SANS Institute and Cybersecurity Ventures.
- Cybersecurity certification programs from organisations like
CompTIA and SANS Institute.
- Virtual labs and simulations to practise hands-on cybersecurity
skills.
- Online communities and forums where cybersecurity professionals
can connect and learn from each other.
Some of these resources may require payment or subscription and it is also
recommended that you do your research of the reputation of the resources
before taking any course.

How to Leverage Online Learning Resources For Your

Career

Here are a few steps you can take to leverage online learning resources to
start a career in cybersecurity:
1. Research the different types of cybersecurity roles and determine
which one aligns with your interests and skills. This will help you
focus your learning efforts and make the most of your time.
2. Look for online courses and certifications that are relevant to the
role you are interested in. These will provide you with a solid
foundation in the concepts and technologies you will need to
know for that role.

90
 The Cybersecurity Career Handbook

3. Practice hands-on skills using virtual labs and simulations. This

will give you the opportunity to apply what you have learned and
gain real-world experience.
4. Network with other cybersecurity professionals through online
communities and forums. This will give you the opportunity to
learn from others and make connections that can help you find
a job.
5. Continue to learn and grow by staying up-to-date with the latest
developments in cybersecurity. This will be necessary in order to
be competitive in the field.
6. Look for internships or entry-level jobs in the field, and be
prepared to start at the bottom and work your way up. Gaining
practical experience is the key to advancing in the cybersecurity
world.
7. Finally it is important to keep your resume and online presence
updated with your skills and certifications. This will make it
easier for potential employers to find and consider you for job
opportunities.

91
 Chapter 5
Cybercrime Investigation In
Cybersecurity

Cybercrime investigation is the process of identifying, collecting, analysing,

and presenting evidence of criminal activity that takes place in a digital
environment. This can include a wide range of criminal activities, such
as hacking, identity theft, online fraud, cyberstalking and distribution
of child pornography. It can even be as simple as password stealing and
phishing schemes.

Cybercrime has a lot of similarities with physical crime as they exist as

a digital version of criminal activities we know of in the real world. For
instance, the same way a person can be held hostage in the physical world,
a cyber criminal can hold the data of an organisation until a ransom is
paid. Several other similarities also exist along these lines.

However, cybercrime differs from traditional criminal activities in the sense

that digital technology such as computers, mobile devices, and networks
are usually the primary tools employed. Also, cyber crime is not physical
but involves information of individuals, organisations or government as
targets for malicious acts. Additionally, cybercrime is not bound by the
limitations of geographical locations. A cybercriminal be in one continent
targeting someone in another.

92
 The Cybersecurity Career Handbook

The Role of Cybercrime Investigators

A Cybercrime investigator is responsible for investigating cyber attacks

and works to stop cybercriminals. Cybercrime investigators play a crucial
role in trancing down and prosecuting criminals. They use a variety of
techniques and tools to identify and locate suspects, collect and analyse
evidence, and build cases against individuals and organisations engaged in
cybercrime.

Being a cybercrime investigator means that one is closely familiar with

the internal workings of computers and the softwares that runs on
them. In order to be effective, cybercrime investigators must have a deep
understanding of the technical and operational aspects of cybercrime, as
well as the legal framework surrounding it.

As a result of their vast knowledge and their ability to collect evidence and
ultimately understand how crimes are committed, they are often asked
to testify in court and therefore play an important role in prosecuting
cybercriminals. Many of them also help in cybercrime prevention.

Organisations who conduct cyber crime investigations include criminal

justice agencies, who are often behind prevention campaigns and the
investigation, monitoring and prosecution of digital criminals. National
security agencies also investigate crimes directly related to the agency
while private security agencies can also help in the prevention and
prosecution,especially during the investigation process.

Although government and national agencies run their own networks,

servers and applications, they make up just a small fraction of the large
infrastructure and code kept running by private companies, projects,
organisations and individuals around the world. Private agencies as a
result are able to investigate a wide range of cybercrimes which includes
hacking, cracking, virus and malware distribution, DDoS attacks, online
frauds, identity theft and social engineering.

93
 Chapter 5: Cybercrime Investigation In Cybersecurity

In conclusion, the role of cybercrime investigators in tracking down

and prosecuting cybercriminals can never be overestimated. The most
important thing is to have a deep understanding of the technical and
operational aspects of cybercrime

Key Skills and Technology in Cybercrime Investigation

Cybercrime Investigation Techniques

Techniques employed in crime investigations vary depending on the type
of crime being investigated and also who is running the investigation.
Usually, digital crimes are subject to the common techniques listed below:
1. Background Check:
This involves the process of creating and defining the background of the
crime based on known facts. This will help investigators set a starting
point in order to establish what they are dealing with, and how much
information they have when handling the initial cybercrime report.
2. Evidence and Information Gathering:
A good cybersecurity researcher understands the importance of
grabbing as much information as possible about the incident. The
investigation must first establish if the attack was automated, or a
human-based targeted crime? Was there any loophole or weakness
that left the system vulnerable to attack? What exactly is the scope
and impact of the attack? What skill set was required to carry out
this attack? Who are those who possess these skill sets? What digital
crimes were committed? Where can we find evidence and do we have
access to where the evidence is? These are some of the questions that
help gather valuable information after an attack. Many national and
federal agencies use interviews and surveillance reports to obtain proof
of cybercrime. These surveillance involves the use of security cameras,
videos and photos as well as electronic device surveillance to monitor
digital behaviours.

94
 The Cybersecurity Career Handbook

3. Tracking and Identifying the Authors:

The next step is sometimes performed during the information-
gathering process, depending on the quantity of information available
already. To identify the criminals behind a cyber attack, both private
and public agencies often work with ISPs and networking companies
to get valuable log information about their connections, as well as
historical service, websites and protocols used during the time they
were connected.

Skills and Expertise of a Cybercrime Investigation

A cybercrime investigator should possess a combination of technical, legal

and investigative skills to effectively conduct an investigation. These skills
include:
1. Computer Expertise:
Investigators need to have experience using a wide range of different
devices. They should be familiar with all the popular devices and also
have the capacity to understand new technology quickly.
2. Technical Expertise:
They must possess a knowledge of computer networks, operating
systems and various software applications. This includes understanding
of programming languages, encryption methods and digital forensic
tools.
3. Legal knowledge:
Understanding of the legal principles and laws related to cybercrime
investigations, including data privacy laws, computer crime laws, and
evidence collection and preservation. To investigate cybercrime, there
are also laws with regards to what an investigator can and cannot do
which they must be aware of.
4. Investigative Skills:
A key skill in an investigator’s repertoire is the ability to conduct
investigations, gather evidence and interview witnesses.

95
Chapter 5: Cybercrime Investigation In Cybersecurity

5. Analytical Skills:
This entails the ability to analyse data, identify patterns and draw
conclusions based on the gathered information.
6. Communication Skills:
This is the investigator’s ability to clearly and effectively communicate
complex technical information to non-technical audiences, including
legal and management teams. This skill is also required to be able to
properly document investigations.
7. Project Management Skills:
This refers to an investigator’s ability to manage and prioritise several
tasks and projects at the same time and be able work effectively in a
team.
8. Internet Research Skills:
A cybercrime investigator is also an expert at finding information
online. This is more than just using search engines but also about
knowing where to look and how to automate the process of searching
for people’s personal information they must have left online.
9. Familiarity with incident response and incident management
processes:
This includes knowledge of incident response plan, incident triage,
and incident reporting.
10. Understanding of threat intelligence and incident management
practices:
This will help investigators to track and respond to cyber threats.
11. Knowledge of cloud computing, virtualization and mobile devices:
Investigators must have a solid grasp of these aspects of cybersecurity
in other to effectively navigate their ways during investigations
12. Knowledge of cyber attacks and attack vectors:
Investigators have up to date knowledge of attacks and the patterns
including social engineering, malware and hacking techniques.

96
 The Cybersecurity Career Handbook

13. Familiarity with artificial intelligence/ machine learning-based

systems for detecting and mitigating cyber threats:
Same as cybersecurity professionals, investigators must evolve with
the times and stay knowledgeable about new technologies and how
criminals can exploit them.
14. Ability to stay in-the-know about current technologies and trends
in the field of cybersecurity:
Investigators must keep up with advancement in the field they aim to
enforce the law in.

Top Cybercrime Investigation and Forensic Tools

Cybercrime investigation tools include a lot of utilities depending on the

techniques being used. There are thousands of tools for different types of
cybercrime but the list covers a few of them that are quite known.
1. SIFT Workstation:
This is a free open-resource forensic tool created with the aim of
helping incident response teams and forensic researchers examine
digital forensic data on several systems. SIFT supports different types
of file systems such as NTFS, HTS+, EXT2/3/4, UFS1/2v,vmdk, swap
and many others. For evidence image support, it works perfectly with
single raw image files, AFF(Advanced Forensic Format), EWF(Expert
Witness Format, EnCase) e.t.c Other important features include
: Ubuntu LTS 16.04.64 bit base system, latest forensic tools, cross
compatibility between Linux and Microsoft Windows.
2. X-Ways Forensic:
This tool is one of the most complete forensic suites for Windows-based
operating systems. X-Ways is widely supported for almost any version
of Windows and as a result is one of the best for working with versions
such as Windows XP/2003/Vista/2008/7/8/8.1/2012/10 while also
supporting both 32 bit /64 bit. It is fully portable making it possible
to run from a memory stick and easy to take from one computer to
another. This software features the ability to perform disk cloning and

97
Chapter 5: Cybercrime Investigation In Cybersecurity

imaging, read partitions from raw image files, HDDS,RAID arrays,

LVM2 amongst others.
3. CAINE:
This is a professional open-source forensic platform that integrates
software tools as modules along with powerful scripts in a graphical
environment. It is highly applicable for digital forensic analysis and
works from the Live CD to help extract data created on multiple
operating systems such as Linux, Unix and Windows. CAINE does
file system, memory and network data extraction by combining the
best forensic software that runs on both common-line and GUI-based
interfaces.
4. PALADIN:
PALADIN is a modified ‘live’ Linux distribution based in Ubuntu
that simplifies various forensics tasks in a forensically sound manner
via the PALADIN toolbox. It is available in 64-bit and 32-bit versions
making it one of the most popular suites of its kind.
5. The Sleuth Kit:
This is an open source collection of Unix - and Windows-based
forensic tools that is used by researchers to analyse data disk images
and recover files from those devices. TSK’s features include full
parsing support for different file systems such as FAT/ExFAT, NTFS,
Ext2/3/4, ISO 9660, YAFFS2, which leads in analysing almost any
kind of image or disk for Windows-, Linux- and Unix-based operating
systems. The Sleuth Kit is a perfect tool for any investigator interested
in data recovery from file systems and raw-based disk images.

98
 The Cybersecurity Career Handbook

Digital Forensics

Digital forensics is the process of identifying, preserving, analysing and

presenting digital evidence in a manner that is legally admissible. This can
include recovering data from computers, mobile devices, and other digital
storage devices, as well as analysing digital networks and cloud computing
environments. It is often used in criminal investigations , but can also be
used in civil litigations, internal corporate investigations, and in other
contexts.

Once researchers have collected enough data about the cybercrime, they
examine the digital systems that were affected, or those supposed to
be involved in the origin of the attack. This process involves analysing
network connection raw data, hard drive, file systems, caching devices,
RAM Memory and more. During the forensic investigation, the researcher
follows up on all the involved trails looking for fingerprints in system files,
network and service logs, email, web-browsing history e.t.c.

Some of the key skills and tools used in digital forensics include data
recovery, data analysis, and understanding of digital devices and networks.
It is also important to have a good understanding of laws and regulations
related to the collection and handling of digital evidence.

Digital Forensic Framework

Digital Forensic Framework also known as DFF is a computer forensics

open-source software that allows investigators to discover and save system
activity on both Windows and Linux operating systems.
It allows researchers to access local and remote devices such as removable
drives, local drive, remote server file systems and also to reconstruct
VMware virtual disks. It can extract data from FAT12/16/32, EXT 2/3/4,
and NTFS on both active and deleted files and directories.

99
 Chapter 5: Cybercrime Investigation In Cybersecurity

Real-World Crime Investigations and How They Were Solved

1. The Yahoo Data Breach:
In 2016, it was revealed that Yahoo had suffered two major data
breaches in 2013 and 2014, affecting over 1 billion user accounts. The
breaches were investigated by the FBI and it was later discovered that
the attackers were carried out by a group of hackers working on behalf
of the Russian government. Techniques used in the investigation
included forensic analysis of the company’s servers and network logs,
tracking IP addresses and other digital artefacts, and interviewing
employees and contractors. Tools used in the investigation included
specialised forensic software, such as EnCase and FTK, as well as
network analysis tools, such as Wireshark and NetWitness.
2. The WannaCry Ransomware Attack:
In May 2017, a ransomware attack called WannaCry infected over
200,000 computers in 150 countries, causing widespread disruption
to businesses and individuals. The attack was traced back to a hacking
group believed to be based in North Korea. Techniques used in the
investigation included analysing the malware code and identifying its
command and control servers, as well as tracking bitcoin transactions
related to the ransom payments. Tools used in the investigation
included malware analysis tools, such as Cuckoo and OllyDbg, and
blockchain analysis tools, such as Chainalysis and Elliptic.
3. The Target Data Breach:
In 2013, Target suffered a data breach in which hackers stole the
credit card information of 40 million customers. The incident was
investigated by the Secret Service and it was later discovered that the
attackers had gained access to Target’s systems through a vendor’s
compromised credentials. Techniques used in the investigation
included analysing network traffic and identifying the point of entry,
as well as tracking the movement of the stolen data through the dark
web. Tools used in the investigation included network analysis tools,
such as Wireshark and NetWitness, and dark web intelligence tools,
such as Terbium Labs and Recorded Future.

100
 The Cybersecurity Career Handbook

4. The Ashley Madison Data Breach:

In 2015, the Ashley Madison dating website was hacked and the
personal data of its users was leaked online. The FBI investigated the
incident and later arrested and charged one individual with hacking and
extortion related to the breach. Techniques used in the investigation
included analysing leaked data and identifying the source, as well as
tracking the hacker’s online activity and identifying their IP address.
Tools used in the investigation included forensic software, such as
EnCase and FTK, and online investigation tools, such as Maltego and
OSINT frameworks.
5. The SolarWinds Hack:
In December 2020, it was discovered that a sophisticated cyber attack
had been launched against SolarWinds, a company that provides
IT management software to government and private organisations.
The attack was believed to have been carried out by Russian state-
sponsored hackers and resulted in the compromise of multiple US
government agencies and private sector firms. Techniques used in the
investigation included identifying the malware and the initial point
of compromise, as well as tracking the attacker’s movement through
the victim’s network. Tools used in the investigation included network
analysis tools, such as Wireshark and NetWitness, endpoint protection
tools, such as Carbon Black and Crowd strike, and threat intelligence
platforms such as Anomali and ThreatConnect.

Penetration Testing:
An Overview of The Role of Penetration Testers in Identifying and
Mitigating Vulnerabilities in Systems and Networks

The role of penetration testers is to identify and assess vulnerabilities

in systems and networks by simulating a real-world cyber attack. They
use a variety of tools and techniques to identify weaknesses that could
be exploited by malicious actors. Once vulnerabilities are identified,

101
 Chapter 5: Cybercrime Investigation In Cybersecurity

penetration testers then provide recommendations for mitigating those

vulnerabilities and help organisations to improve their overall security
posture.

Stages of Penetration Testing

The process of testing for penetration can be broken down into five stages:
1. Planning and Reconnaissance:
This stage involves defining the scope of a test; identifying the systems
to be addressed and the test methods to be used. Also during this
process, a tester would need to gather intelligence such as network
and domain names, to better understand the potential vulnerabilities.
2. Scanning:
The second step during a penetration test is to understand how the
target application will respond to various attempts at intrusion.
Typically, this process is done through static analysis and dynamic
analysis. Status analysis involves inspecting an application’s code to
estimate the way it behaves while running. Dynamic analysis also
involves inspecting an application’s code in a running state. This is a
more practical way of scanning, as it provides a real-time view into an
application’s performance.
3. Gaining Access:
This stage uses web application attacks such as cross-site scripting,
SQL injection and backdoors, to uncover a target’s weak points.
Testers then work on exploiting these vulnerabilities usually by
escalating privileges, stealing data, intercepting traffic and so on, to
better understand the amount of damage that can be caused through
such weakness exploitations.
4. Maintaining Access:
The purpose of this stage is to see if the vulnerability can be used
to achieve a persistent presence in the exploited system at least long
enough for a bad actor to gain in-depth access. The purpose of this

102
 The Cybersecurity Career Handbook

stage is to imitate advanced persistent threats, which often remain in

a system for months in order to steal an organisation’s sensitive data.
5. Analysis:
At the analysis stage, the results of the penetration test are compiled
into a report that shows the specific vulnerabilities that were exploited,
sensitive data that was accessed, the amount of time the penetration
tester was able to remain in the system undetected. All the information
is then analysed by the security personnel to help configure an
enterprise’s WAF settings and other application security solutions to
patch vulnerabilities and protect the system against future attacks.

Penetration Testing Methods

Penetration testing can be performed in various types of systems and
networks including:
1. External Testing:
This type of testing simulates an attack from outside the organisation’s
network, as if the attacker were an outsider trying to gain access to the
organisation’s resources. This type of testing can identify vulnerabilities
suave as weak passwords, misconfigured firewalls, and unpatched
software.
2. Internal Testing:
During an internal test, a tester with access to the firewall of an
application simulated an attack by a malicious insider. This is often
not necessarily in anticipation of an employee going rogue but also for
instances where an employee’s credentials are stolen due to a phishing
attack.
3. Blind Testing:
During a blind test, the tester only makes use of the name of the
enterprise that’s being targeted. Through this, security personnels can
have a real-time look into how a real application assault would take
place.

103
 Chapter 5: Cybercrime Investigation In Cybersecurity

4. Double-blind Testing:
In a double-blind test, the security personnel are not aware of the
simulated attack. This way, no prior arrangements can be made to
reinforce defences before an attempted breach.
5. Targeted Testing:
During this scenario, the tester and security personnel work together
and carry each other along as they work. This process provides the
security team with feedback from a hacker’s point of view in real-time.

Key Skills and Technologies Used In Penetration Testing

Some of the skills and technologies commonly used in penetration testing

include:
1. Scripting:
This is the ability to write and use scripts to automate tasks and perform
reconnaissance on a target system. Popular scripting languages used
in penetration testing include Python, Bash and PowerShell. These
languages can be used to automate tasks such as network scanning,
vulnerability assessment, and data exfiltration.
2. Exploit development:
Is the ability to develop or modify existing exploits to gain unauthorised
access to a system. It requires a deep understanding of operating
system internals, memory management, and vulnerability research.
A common framework for exploit development is Metasploit, which
provides a wide range of pre-built exploits and tools for creating
custom exploits.
3. Network scanning and reconnaissance:
This is the use of tools such as a Nmap, Nessus, and OpenVAS to
gather information about a target system and identify vulnerabilities.
This can include information such as open ports, services running,
and operating system version. You can also gather information about
a target organisation and its employees such as email address, social
media profiles and phone numbers.

104
 The Cybersecurity Career Handbook

4. Web application testing:

This is another important area of penetration testing. Web application
tools such as Burp Suite, OWASP ZAP, and sqlmap are used to test web
applications for vulnerabilities such as SQL injection and cross-site
scripting (XSS). These tools can be used to intercept and modify web
traffic, test for vulnerabilities, and automate the process of exploiting
those vulnerabilities.
5. Social Engineering:
This is the use of physical tactics to manipulate individuals into
revealing sensitive information or performing actions that may
compromise a system. This can be done through techniques such as
phishing, pretexting, baiting and vishing.
6. Post-exploitation:
Involves the process of using techniques and tools to maintain access
to a compromised system, escalate privileges, and exfiltrate data. This
can include techniques such as creating backdoors, pivoting through a
network, and using tools such as Metasploit and PowerSploit.

Finally, reporting is a key skill in penetration testing, as it allows testers

to dumber and communicate the results of a penetration test in a clear
and concise manner. This includes identifying the vulnerabilities found,
the impacts of those vulnerabilities, and recommendations for mitigating
those vulnerabilities. Reports should be tailored to the specific audience
and should be easy to understand and actionable.

Examples of Real-World Penetration Testing Engagements: Techniques

and Tools Employed

105
 Chapter 5: Cybercrime Investigation In Cybersecurity

Case study 1:
A government agency hired a penetration testing company to assess the
security of their network infrastructure. The testers used tools such as
Nmap, Nessus, and Metasploit to identify vulnerabilities in the agency’s
network devices, such as routers and switches. They also used social
engineering tactics, such as phishing emails and phone calls, to test the
agency’s employees’ susceptibility to social engineering attacks. The testing
revealed several vulnerabilities that were then addressed by the agency,
including implementing a patch management process and strengthening
their employee security awareness training.

Case study 2:
A software development company hired a penetration testing company
to assess the security of their mobile application. The testers used tools
such as the MobSF and the Drozer to identify vulnerabilities in the
mobile application, such as weak encryption, insecure data storage, and
poor input validation. They also simulated various scenarios, such as
jailbreaking and rooting the device, to test the security of the application
in different environments. The testing revealed several vulnerabilities that
were then addressed by the development team, including implementing
secure data storage and encryption methods.

Case study 3:
A retail company hired a penetration testing company to assess the security
of their e-commerce website. The testers used tools such as sqlmap and
Burp Suite to identify vulnerabilities in the web application, such as lack
of input validation and weak session management. They also tested the
security of the company’s payment gateway by attempting to exploit
known vulnerabilities in the payment software. The testing revealed
several loopholes that were addressed by implementing a secure session
management system and implementing input validation.

106
 The Cybersecurity Career Handbook

Security Engineering:

The Role of Security Engineers Building Secure Systems and Networks

Security engineers play a vital role in the design and development of

secure systems and networks. They are responsible for identifying and
mitigating potential security threats, implementing security protocols
and technologies, and ensuring compliance with industry standards and
regulations.

One of the key responsibilities of security engineers is to conduct risk

assessments. This involves identifying and evaluating potential security
threats to a system or network, and determining the likelihood and impact
of those threats. Based on the results of these assessments, security engineers
develop and implement security controls to mitigate the identified risks.
These controls can include firewalls, intrusion detection and prevention
systems, encryption, and other security technologies.

Security engineers also play a key role in the development and

implementation of security policies and procedures. This includes creating
and enforcing rules and guidelines for the use of systems and networks. As
well as establishing incident response plans for handling security breaches.

Another important aspect of their role is to ensure compliance with

industry standards and regulations. This may include adhering to standards
such as ISO 27001, SOC2 and PCI-DSS, and complying with regulations
such as GDPR AND HIPAA.

Additionally, security engineers are also responsible for monitoring and

testing systems for vulnerabilities. This may involve performing penetration
testing, vulnerability scanning, and other types of security assessments
to identify potential weaknesses in system networks. They also need to
respond to security incidents, and work closely with other teams such as
development and operations, to ensure that security considerations are
integrated throughout the entire development and deployment process.

107
 Chapter 5: Cybercrime Investigation In Cybersecurity

Overall, security engineers play a critical role in protecting systems and

networks from cyber threats and ensuring the confidentiality, integrity,
and availability of sensitive information.

Key Skills and Technologies Used in Security Engineering

Some key skills and technologies used in security engineering include:

1. Secure code practices:
This involves writing code that is resistant to common security
vulnerabilities, such as SQL injection, cross-site scripting (XSS), and
cross-site request forgery (CSRF).
2. Cryptography:
This is the practice of securing communications and data through the
use of mathematical algorithms. Common cryptographic techniques
include symmetric-key encryption, asymmetric-key encryption, and
hashing.
3. Network security:
This is the process of protecting networks and devices from
unauthorised access, misuse, and attacks. It includes technology such
as firewalls, intrusion detection and prevention systems (IDPS), and
virtual private networks (VPNs).
4. Identity and access management (IAM):
This has to do with controlling and managing user access to systems
and data. It includes technologies such as multi-factor authentication,
single sign-on (SSO), and identity and access management solutions
(IAM).
5. Vulnerability management:
This involves identifying and mitigating potential security
vulnerabilities in systems, applications, and networks.
6. Security information and event management(SIEM):
This is the process of collecting and analysing security-related data
from various sources to identify and respond to security incidents.

108
 The Cybersecurity Career Handbook

7. Cloud security:
This involves securing data and applications in cloud environments. It
includes technologies such as encryption, network segmentation and
identity and access management.

Governance, Risk Management and Compliance

Governance, risk management and compliance (GRC) are three

interrelated areas that organisations must manage in order to ensure that
they operate effectively and ethically.

Governance refers to the processes and structures that organisations put

in place to ensure that they are run in an ethical and responsible manner.
This includes things like policies, procedures, and oversight mechanisms
to ensure that the organisation is being run in a way that is consistent with
its value and mission.

Risk management is the process of identifying and assessing potential risks

to the organisation, and taking steps to mitigate or manage those risks.
This includes assessing the likelihood of different risks occurring, as well
as the potential impact of those risks if they do occur.

Compliance on the other hand refers to the process of ensuring that the
organisation is following all relevant laws, regulations, and standards.
This includes things like following data protection laws, complying with
environmental regulations, and adhering to industry standards.

In summary, GRC is an holistic approach to managing the organisation’s

operations that takes into account the interrelated nature of governance,
risk management and compliance. By managing these areas together,
organisations can better ensure that they are operating in a manner that is
consistent with their values and mission, while also minimising the risk of
negative consequences.

109
 Chapter 5: Cybercrime Investigation In Cybersecurity

Key Skills and Technologies Used in GRC

Some skills and technologies used in governance, risk management and

compliance are:
1. Risk assessment:
This is the process of identifying and evaluating potential risks that
could impact an organisation. This can include financial, operational,
legal, and reputational risks. Risk assessments typically involve
identifying the likelihood and potential impact of each risk, and
determining appropriate actions to mitigate or manage the risk.
2. Risk management framework:
This is a set of processes that an organisation uses to identify, assess,
and manage risks. A risk management framework will typically include
a process of identifying and prioritising risks, as well as a process for
implementing and monitoring risk management controls.
3. Compliance:
This is the process of ensuring that an organisation is adhering to
relevant laws, regulations, standards, and policies. Compliance can
include activities such as reviewing and updating policies, training
employees, and monitoring compliance with regulations.
4. Information security:
This is the practice of protecting sensitive and confidential information
from unauthorised access, use, disclosure, disruption, modification,
or destruction. This can include implementing security controls such
as firewalls, intrusion detection systems, and encryption, as well as
training employees on security best practices.
5. Business continuity and disaster recovery:
This involves planning for and responding to disruptions to business
operations. This can include creating disaster recovery plans and
procedures, as well as testing those plans to ensure they are effective.

110
 The Cybersecurity Career Handbook

6. Artificial intelligence and machine learning:

These technologies can be used to automate risk assessments and
compliance processes, identify potential risks, and monitor compliance
in real-time.
7. Cybersecurity:
This is the practice of protecting computer systems, networks, and data
from unauthorised access, use, disclosure, disruption, modification,
or destruction. This can include implementing security controls such
as firewall, intrusion detection systems, and encryption, as well as
training employees on cybersecurity best practices.

Overall, GRC requires a combination of technical and management skills,

as well as a thorough understanding of relevant laws, regulations and
industry standards.

Best Practices Related to Security and Risk Management

There are several best practices related to security and risk management
that organisations can implement to help protect against potential risks:
1. Conduct regular risk assessments:
Regularly identifying and evaluating potential risks is critical to
managing them effectively. This can include conducting a formal risk
assessment, as well as regularly reviewing the organisation’s risk profile
and making updates as necessary.
2. Develop a risk management plan:
Having a plan in place to manage potential risks can help
organisations respond quickly and effectively when a risk materialises.
A risk management plan should include a process for identifying and
prioritising risks, as well as a process for implementing and monitoring
risk management controls.

111
Chapter 5: Cybercrime Investigation In Cybersecurity

3. Implement security controls:

Implementing security controls such as firewalls, intrusion detection
systems, and encryption can help protect against potential security
threats. Organisations should also ensure that security controls are
regularly updated and tested to ensure they remain effective.
4. Train employees on security and risk management best
practices:
Employees are often the first line of defence against potential risks,
so it’s important to train them on security and risk management best
practices. This can include training on topics such as how to identify
and report potential risks, how to handle sensitive information, and
how to stay safe from when working remotely.
5. Conduct regular security audits and testing:
Regularly auditing and testing security controls can help organisations
identify and address potential vulnerabilities before they are exploited.
This can include conducting penetration testing, as well as reviewing
log files and system configurations.
6. Have a business continuity and disaster recovery plan:
Having a plan in place to respond to disruptions to business operations
can help organisations minimise the impact of potential risks. This
can include having a plan to recover data and systems, as well as a plan
to communicate with employees, customers, and stakeholders during
a crisis.
7. Monitor and comply with relevant regulations:
Organisations should monitor and comply with relevant laws,
regulations, standards, and policies to ensure that they are operating
in an ethical and compliant manner. This can include having policies
and procedures in place, as well as training employees on relevant
regulations.

112
 The Cybersecurity Career Handbook

8. Use security and risk management tools:

Organisations can use security and risk management tools such
as security information and event management (SIEM) software,
identity and access management (IAM) software, and vulnerability
management software to automate and streamline security and risk
management processes.

It’s important to note that risk management is a continuous process and

best practices need to be updated and improved over time to match the
changing threat landscape.

113
 Chapter 6
Networking and
Professional Development

A career in cybersecurity is no doubt very exciting and even more so

when you start exploring the opportunities to meet and connect with
other professionals like you. Cybersecurity is a huge field that is easier to
navigate when you have the right people in your corner.

This simply means that networking and professional development are

essential components of success in the cybersecurity field. It can make all
the difference in your career trajectory and how quickly you rise through
the ranks in a highly competitive environment. It is a journey you can not
and should not go on alone.

The cybersecurity community is quite a small one so this means knowing

the right person can greatly impact the opportunities you come across.
Getting an internship, landing a better paying job or hearing about the
latest advancement in the field can all happen very smoothly for you when
you make an effort to know and maintain the right relationships.

114
 The Cybersecurity Career Handbook

Networking involves building relationships with individuals and

organisations within the cybersecurity industry. This includes attending
conferences, industry events, and participating in online forums.
Networking allows you to stay current with industry trends, learn from
experienced professionals, and make connections that can lead to job
opportunities or professional growth.

Professional development also requires you to actively seek out

opportunities to expand your skills and knowledge in the cybersecurity
field. This includes taking courses and certifications, attending workshops
and training sessions. By continuing your education and expanding your
skill set, you can increase your marketability and advance your career in
cybersecurity.

Combining these two elements can help you create a strong foundation
in your career. Building a strong network and continuing to grow in the
cybersecurity field requires a combination of persistence, communication
skills, and professionalism. Here are some tips to help you along the way:
1. Attend events and conferences:
This is one key way to meet people especially when you don’t socialise
enough in your free time. Attending industry events and conferences
will help you meet professionals in your area of specialisation and even
others you may be considering switching to in the future. You also get
to learn about new trends and technologies, and make connections
that can help you grow in the field. Niche events are also a great way
to meet people who are interested in the same things as you.
2. Join a Professional organisation or club:
Becoming a member of a professional organisation gives you a free
pass to meeting many people in the cybersecurity industry without
trying too hard. You can easily walk up to other members, start a
conversation or contribute to an on-going one and request to carry on
the conversation by sharing your contact details.

115
Chapter 6: Networking and Professional Development

3. Volunteer:
Volunteering for a cybersecurity-related organisation or event can
help you access opportunities that you may otherwise have ever come
across. You Get the chance to work closely with industry professionals
and gain valuable experience as well.
4. Build relationships:
The importance of relationships can never be overlooked especially
when you are just finding your footing in a new career. Building
relationships helps you stay in-the-know as well as create opportunities
for exchange of ideas with others.
5. Seek out mentors:
No matter the level you may be in your career journey, having a mentor
can make an otherwise tedious process simple. Having a mentor in
the field can provide you with guidance, support, and advice as you
advance your career.
6. Continuously learn:
Stay current with trends in the industry and best practices by
continuously educating yourself through courses, certifications, and
reading industry publications and blogs.
7. Be professional:
Maintain a professional demeanour and be respectful of others in the
industry. Your reputation is important and can impact your ability to
network and advance in the field.
8. Follow up and maintain connections:
Follow up with people you meet at events and conferences, and
maintain connections by staying in touch and offering help when
needed.
9. Attend events outside of your industry:
Most people who need the services of a security expert are often
people outside the industry. Attending events outside your industry
gives you the opportunity to tell people about what you do and how

116
 The Cybersecurity Career Handbook

you can help them secure their systems and networks better to prevent
unwanted breaches.

Other Tips to Improve Your Network

1. Participate in online communities:

Participating in online forums and discussion groups can help you
connect with other professionals, share your knowledge, and learn
from others in the field. You also get to build self-confidence when
you share your thoughts with others and get their feedback as well.
2. Use social media:
In this era you can find a community online for almost every type of
career you can think of. Joining them is quite easy too. Some might
ask you to fill out a simple form or sign up for a newsletter but the
most important thing is that you have a readily available group of
people discussing what you do all the time.
3. Participate in online forums and discussion groups:
It goes without saying that this one sure way to ensure you get the
latest updates about the industry. Some even give you access to
information concerning new job opportunities and the best courses
and certifications you should go for.
4. Collaborate on projects or participate in hackathons:
like we have discussed earlier, participating in events like hackathons
have immense benefits for you. You get to learn how others solve
problems on the job too and get firsthand real-life experience solving
problems.
5. Be yourself:
The best version of you is you. Being yourself helps you maintain your
confidence and the authenticity of your personal brand.

117
 Chapter 6: Networking and Professional Development

6. Offer value:
People are only willing to work with people who are valuable. Offering
value can be as simple as sharing information the person you are
talking to does not know about or even offering to take a lot at a
problem you think you can solve for them.

By following these tips, you can build a strong network and continue to
grow. A commitment to continuous learning, building relationships, and
being professional will help you achieve your goals and succeed in your
career.

Importance of Building a Strong Network in Your Career

Most times, the difference between advancing in your career and being in
the same spot for a long time, is who you know and the relationships you
have successfully kept and nurtured.

Counting on just the opportunities you come across yourself or apply for
directly is usually not enough in the long run. You need people who can
vouch for your competence, character and professionalism when you are
not in the same room with the opportunity- which you won’t be most
times.

You won’t always be there to blow your own horn so you need people
who will do it for you and with results too. Building a strong network
for support and guidance comes in handy for several important reasons.
Some of them include:
1. Collaboration makes all the difference:
Cybersecurity is too important a field to be a job you can do as a
loner. The industry already has a skilled personnel deficit and this
directly impacts how well professionals can help keep important and
confidential data secure. Networking and connecting with others as
a professional opens up doors for collaborative work. This in turn
leads to stronger teams working together to put up a front against
cyberattacks.

118
 The Cybersecurity Career Handbook

2. Better opportunities:
A strong network can provide you access to job opportunities that
may not be advertised or known to the general public. Industry
professionals can provide references, introductions, and support in
your job search. Apart from the job opportunities, your connections
can help you access opportunities to learn and improve by providing
recommendations or sharing their ideas with you.
3. Industry knowledge:
Networking can help you stay current with trends, updated rules and
regulations that you may previously not be aware of.
4. Personal growth:
Another awesome benefit of networking is the potential for personal
growth. Networking can help you develop skills, expand your
knowledge, and improve your professional abilities.
5. Support system:
Building a strong network can provide you with a support system of
industry professionals who can provide guidance and support as you
advance your career.

Continuing Education and Professional Development in

Cybersecurity

Cybersecurity is one of the most dynamic fields to work in. Everyday

presents professionals with a new set of challenges and the need to keep
abreast of new technologies is ever-present too. It is an ever-changing
discipline that necessitates ongoing education and ability to adapt to the
times.

119
 Chapter 6: Networking and Professional Development

Cybersecurity experts are life-long learners who must always need to

improve their processes and develop new ways of solving threats that don’t
even exist yet. As a result, education plays a key role in determining how
skilled a cybersecurity expert is. Achieving a certain level of proficiency is
not enough to prove professionalism, rather one has to constantly be on
a learning journey.

This process of continuous learning makes a huge difference in the

constantly changing landscape of cybersecurity and growing cyber threats
globally.

Some of the reasons cybersecurity professionals need to keep learning

include:
1. Technology advancement:
The field of cybersecurity is constantly evolving and new technologies,
tools and techniques are emerging regularly. It is crucial for experts to
stay up-to-date and adapt to these changes.
2. Managing new threats and crises:
Continuous education is also necessary for experts so they can better
handle new threats and crises. Experts in cybersecurity need to
always be vigilant and willing to learn new methods and strategies to
sufficiently prepare for eventualities and prevent them where possible.
3. Evolution of attacker:
Cybercriminals are constantly working to improve their methods and
tactics to exploit vulnerabilities. Cybersecurity experts need to be able
to keep up with them and understand how to put up quality defence
and counterintelligence measures.
4. Compliance requirements:
Many industries have regulations and standards for cybersecurity,
such as HIPAA, PCI-DSS, and GDPR. Cybersecurity experts need
to be aware of these regulations and ensure they are following them.

120
 The Cybersecurity Career Handbook

5. Career advancement:
Staying knowledgeable and current in the field of cybersecurity can
open up new job opportunities and higher salaries. It’s essential for
experts to keep learning to stay ahead in the competitive job market.
6. To keep up with hardware changes:
One of the greatest vulnerabilities cybersecurity experts face has to do
with hardware. With the advent of the Internet of things, countless
tiny devices are now interconnected enhancing cyber capabilities of
all kinds but creating more vulnerabilities. When exposed to threats,
these devices can expose even bigger systems to great threats when left
unchecked. Experts need to stay informed on new hardware and how
to make them less susceptible to attacks.
7. Protecting organisations:
The ultimate goal of cybersecurity is to protect organisations and
individuals from cyberattacks. By continuously learning, experts can
improve their skills and be better equipped to prevent, detect, and
respond to security incidents.
8. Successful attacks cost more than learning:
It can be really quite expensive when a hacker out-skills an expert.
This can lead to losses in the billions of dollars for organisations and
individuals. Making allowance for improving security personnels
ensures that they are better equipped to prevent huge losses with the
right knowledge, skills and abilities.

Traditional Methods of Learning in Cybersecurity

Traditional methods of continuing education provide a variety of options

for experts to enhance their knowledge and skills in cybersecurity. By
adopting one or a combination of some of these methods, experts can
have a well-rounded and comprehensive approach to their professional
development.

121
 Chapter 6: Networking and Professional Development

1. Certifications:
Cybersecurity certifications such as Certified Information Systems
Security Professional (CISSP), Certified Ethical Hacker (CEH), and
CompTIA Security+ demonstrate expertise in the files and can be
earned through exams and coursework.
2. Conferences and Workshops:
Attending industry conferences and workshops provides opportunities
for experts to learn about the latest trends, technologies, and best
practices in cybersecurity. These events often include keystone
speakers, presentations, and hands-on training sessions.
3. Online courses:
Online courses and e-learning platforms offer flexible and convenient
ways for experts to continue their education. These courses cover a
wide range of topics in cybersecurity and can be taken at any time.
4. Professional organisations:
Joining professional organisations such as the Information Systems
Security Association (ISSA) or the International Association of
Computer Security Professionals (IACSP) provides access to training,
resources, and networking opportunities in the cybersecurity field.
5. On-the-job training:
Many organisations offer in-house training and development programs
for their cybersecurity experts to keep them up-to-date with the latest
technologies and best practices.

Non-traditional Methods of Continuing Education in

Cybersecurity

These non-traditional methods of continuing education in cybersecurity

provide additional opportunities for experts to expand their knowledge
and skills in new and innovative ways. By incorporating these methods
into their professional development plans, experts can keep up-to-date
with the latest trends and advancements in the field.

122
 The Cybersecurity Career Handbook

1. Hands-on experience:
Practical experience in a real-world environment can be a valuable form
of continuing education. This can be achieved through internships,
volunteer work, or participating in Capture the Flag (CTF) events
and hackathons.
2. Community participation:
Participating in online forums, discussion groups, and communities
can provide exposure to new ideas, techniques, and tools in the field
of cybersecurity.
3. Peer-to-peer learning:
Collaborating and exchanging knowledge with other cybersecurity
experts can be a valuable form of continuing education. This can be
achieved through mentorship programs, professional networks, or
peer-reviews.
4. Public speaking and writing:
Presenting at conferences, writing articles and blog posts, and
contributing to open-source projects can help experts improve their
knowledge and skills while also sharing their expertise with others.
5. Self-directed learning:
Self-directed learning through books, research papers, and online
resources can be an effective way for experts to continuously improve
their skills and knowledge.

Top 10 Cybersecurity Certifications You Should Know

Most cybersecurity professionals have a bachelor’s degree in computer

science or some other related field but to stand out from the crowd,
certifications are one sure way to achieve this. Employers often see
certifications as proof of skills and knowledge of best practices.

123
 Chapter 6: Networking and Professional Development

While there are many options of certifications ranging from general to

vendor-specific, advanced to entry level, you can choose from, you need
one that gives you a competitive advantage over others in your career.
Listed below are the top 10 certification employers have shown more
interest in:

1. Certified Information Systems Security Professional (CISSP) :

The CISSP is a widely recognized and highly sought-after certification in

the field of cybersecurity. It is offered by (ISC)2 a non- profit organisation
dedicated to advancing the information security profession. The CISSP
certification verifies an individual’s expertise in 10 domains of the
Common Body of Knowledge (CBK) for information security.

To be eligible for the CISSP certification, an individual must have at

least five years of cumulative paid full-time work experience in two or
more of the 10 (CBK) domains. A four-year college degree or additional
years of work experience can be substituted for some of the required work
experience.

The CISSP exam consists of 250 multiple-choice questions and is

administered in a computer-based format. The certification itself is valid
for three years, after which an individual must complete 120 Continuing
Professional Education (CPE) credits and pay an annual maintenance fee
to keep their certification current.

CISSP is widely recognized as a benchmark for information security

professionals and many organisations have set it as a requirement for
information security positions.

2. Certified Information Systems Auditor (CISA):

This is a professional certification in the field of information systems

auditing, control, and security. It is a certification offered by the Information
Systems Audit and Control Association (ISACA), an organisation that
provides education, research and certification for information systems
professionals. The CISA certification proves an individual’s expertise in
the domains of IS audit control, assurance and security.

124
 The Cybersecurity Career Handbook

Eligibility for the certification is by having at least five years of professional

experience in information systems audit, control or security. The experience
must be within the ten years preceding the application for verification or
within fine years of passing the CISA exam.

The certification is valid for three years, after which one would be required
to complete 120 Continuing Professional Education (CPE) credits and
pay an annual maintenance fee to keep their certification current.

3. Certified Information Security Manager (CISM):

This is a professional certification for information security managers,

offered by ISACA. The certification edifies that the holder has expertise
in management, design, and oversight of an organisation’s information
security program. It requires a combination of experience, education, and
passing the necessary examination.

To take the CISM examination, you need a minimum of five years

experience in information security management. It covers four domains
of knowledge: Information Security Governance, Risk Management
and Compliance, Information Security Program Development and
Management, and Incident Management and Response.

CISM certification must be renewed every three years through continuing

professional education and professional experience.

4. CompTIA Security+:

This is an entry-level certification issued by CompTIA that validates the

core skills needed in every cybersecurity role. It demonstrates the holder’s
ability to assess the security of an organisation, monitor and secure cloud,
mobile, and internet of things (IoT) environments, understand laws, rules
and regulations related to risk and compliance and the ability to respond
to security incidents.

125
 Chapter 6: Networking and Professional Development

To become certified, one would need to pass a 90-minute, 90-question

exam with no prerequisites. Topics in the exam cover five domains of
knowledge, including Threats, Attacks and Vulnerabilities, Technology
and Tools, Architecture and Design, Identity and Assess Management and
Risk management.

It is also renewed every five years through continuing education and

maintenance fees.

5. Certified Ethical Hacker (CEH):

The CEH is a certification for professionals to demonstrate their knowledge

and skills in Ethical Hacking. It covers various topics such as network
security, web application security, and mobile security. The certification is
offered by the International Council of E-Commerce Consultants (EC-
Council)

Getting the CEH certification requires passing a comprehensive exam, and

requires CEH training or practical experience to be eligible. Recertification
is also done every three years.

CEH is highly regarded in the industry and can lead to career opportunities
as a Security Analyst, Security Consultant, or a Penetration Tester. It is
important to know that while this certification provides a good foundation
in ethical hacking, it’s only one aspect of a comprehensive information
security education.

6. GIAC Security Essential Certification (GSEC):

This certification issued by the Global Information Assurance Certification

is an entry-level security credential for those who have some experience in
information systems and networking.

The examination for the GSEC certification tests an individual’s

knowledge of Security Concepts, Security Management, Network
Security, Cryptography, Host-based Security, Security Assessment and
Testing, Incident Handling, and Disaster Recovery.

126
 The Cybersecurity Career Handbook

The GSEC is globally recognized and enhances your resume as it

demonstrates your commitment to information security and can lead to
job opportunities even in security-related fields.

7. Systems Security Certified Practitioner (SSCP) :

The SSCP is an intermediate security credential offered by the (ISC)2.

Candidates must have at least one year of work experience in information
security as the examination tests their skills in Security and Risk
Management, Security Operations and Administration, Cryptography,
Network and Communications Security, Incident Response and Recovery,
Monitoring and Analysis, Risk Identification among others.

The certification needs to be renewed every three years through continuing

professional education (CPE) credits and adherence to the code of ethics
of (ISC)2.

8. CompTIA Advanced Security Practitioner (CASP+):

This certification was created for cybersecurity professionals with advanced

skills in the field. The examination tests skills in topics such as, Enterprise
Security Domain, Risk Analysis, Software Vulnerability, Securing Cloud
and Virtualization Technologies, and Cryptographic Techniques.

To be eligible, candidates need to have at least 10 years of experience in IT

administration with at least 5 years in security. Since it is recommended
for only experienced professionals, there are no other formal prerequisites

CASP+ is often required or preferred by employers for positions such as

security analyst, security engineer and network architect.

9. GIAC Certified Incident Handler (GCIH):

GCIH is a certification offered by the Global Information Assurance

Certification (GIAC). It certifies an individual’s ability to handle and
respond to security incidents effectively within an organisation. Key
knowledge area tested include:

127
 Chapter 6: Networking and Professional Development

- Incident response planning and preparation.

- Incident detection and analysis.
- Incident containment, eradication and recovery.
- Incident reporting and documentation.
- Incident handling legal and ethical issues.
To obtain the GCIH, one must pass a proctored exam and meet certain
educational and experience requirements. The certification must be
renewed every four years by completing continuing education or re-
certifying.

10. Offensive Security Certified Professional (OSCP):

This is a certification created by Offensive Security. It validated an

individual’s ability to identify and exploit vulnerabilities in a controlled
environment. The key knowledge areas tested in the examination for this
certification include:
- Network and web penetration testing.
- Linux and Windows system administration.
- Scripting and automation.
- Report writing and documentation.
To get an OSCP certification, one must complete a hands-on practical
exam and a 24-hour exam. The certification does not have to be renewed,
but holders are encouraged to participate in continuing education and
maintain their skills. The OSCP is recognized as a practical, challenging,
and hands-on ethical hacking certification.

Are Certifications Worth it?

A survey by (ISC)2 has shown that almost two thirds of cybersecurity

professionals are currently pursuing or intend to pursue security-related
certifications. The most common reason being the evident multiple
benefits; higher earning power and better career opportunities.

128
 The Cybersecurity Career Handbook

According to a report, “the study found that security certifications on

average boost salaries by $18,000, from an average of $67,000 to $85,000.”
This means a significant change many will definitely want to be a part of.

Although the cost of getting a certification is on the high side, the rewards
thereafter are definitely worth it.
Strategies for Maximising Your Learning and Professional
Development Efforts

1. Set Specific, Measurable and Achievable Goals:

Start by defining what you want to achieve in your professional
development journey. Make sure your goals are specific, measurable
and achievable. For example, instead of setting a vague goal like “I
want to improve my cybersecurity skills,” set a goal like “I want to pass
the Certified Ethical Hacker exam by the end of the year.”
2. Prioritise Areas of Growth and Development:
Identify the areas where you need the most improvement and make
them a priority. This could be a particular technology, a security
discipline, or a certification.
3. Create a Timeline and Schedule for Learning Activities:
Once you have identified your goals and areas of focus, create a timeline
and schedule for your learning activities. Allocate specific time each
week or month for learning, attending workshops, and participating
in online courses.
4. Identify Resources:
Determine the resources you need to achieve your goals. This could be
books, courses, workshops, online resources, or a mentor. Make a list
of the resources you need and create a plan to access them.
5. Allocate Dedicated Time for Learning and Professional
Development:
Make learning and professional development a priority by dedicating
time specifically for this purpose. This could be before or after work,
during lunch breaks or on weekends.

129
Chapter 6: Networking and Professional Development

6. Track Progress and Reflect:

Regularly track your progress and reflect on what you have learned.
Keep a journal or create a record of your achievements and the skills
you have acquired. This will help you stay motivated and see the
progress you are making.
7. Join a Professional Group Community:
Knowing about exciting communities of professionals like yourself is
not enough to make any change in your career. You need to join one
to gain the benefits available there. Joining a professional group or
community can be a great way to stay connected and up-to-date with
the leanest developments in your field. You can network with peers,
exchange ideas and experiences and also learn from others.
8. Seek Out Opportunities for Applying New Skills and
Knowledge:
Seek out opportunities to apply new skills and knowledge you have
acquired on the job and as you continue your learning process. This
could be through new projects, taking on new responsibilities, or
volunteering for initiatives that align with your goals.
9. Continuously Reassess and Adjust Your Learning Plan:
It is important to continually reassess and adjust your learning plan as
your goals, career and industry evolves. Regularly reassess your goals,
update your learning plan and make any necessary changes to keep it
relevant and effective.

130
 Chapter 7
Leadership and Management
in Cybersecurity

Leadership in cybersecurity involves setting a clear vision and strategy

for securing an organisation’s information systems and assets. It involves
inspiring, guiding and motivating the cybersecurity team to effectively
protect against cyber threats and respond to incidents. All leadership efforts
must be channelled towards achieving the organisation’s cybersecurity
goals and objectives by ensuring team members each understand their
role and importance in maintaining security.

A leadership role in cybersecurity necessitates a deep understanding

of cyber threats as they evolve, current strategies required to mitigate
them, their implementation and the best practices for timely detection
and response to such threats. A leader in cybersecurity must have strong
communication skills as he or she must be able to explain clearly what the
necessary actions to be taken should be, technical knowledge, and be able
to make decisions in a fast-paced and constantly changing environment.

Management on the other hand involves the day-to-day operations of

a cybersecurity program to ensure that the organisation’s information
systems and data are protected from cyber threats. It involves strategic
decisions, allocating resources, and implementing policies and procedures
to secure the organisation’s digital assets.

131
 Chapter 7: Leadership and Management in Cybersecurity

In order to successfully run a cybersecurity division and deliver the critical

degree of security, trust and stability required for a business, cybersecurity
leadership and management are two high-level competencies. For all
information systems security officers and/or chief information security
officers, leadership and management are prerequisite skills.

These qualities must always be purposefully developed. This learning

route will explain how the information security strategies match with the
organisational strategy, regulatory systems, and operational excellence,
using industry standards, frameworks and models as guidance.

The key responsibilities of a leader in cybersecurity

include:

1. Developing and implementing cybersecurity strategies:

They need to stay up to date with the latest cyber threats and trends,
develop and implement strategies to prevent, detect and respond to
these threats.
2. Building and leading a team:
They are charged with the responsibility of recruiting, training and
managing a team of other cybersecurity professionals and foster a
culture of collaboration and continuous learning.
3. Communicating with stakeholders:
Leaders in cybersecurity communicate with senior management,
stakeholders, and other departments about cybersecurity risks, plans
and best practices.
4. Managing budgets and resources:
As a result of their key role, leaders are also in charge of allocating
resources including budgets, people and technology in a way that
puts them to the most effective use and to support the cybersecurity
program.

132
 The Cybersecurity Career Handbook

5. Ensuring compliance with regulations and standards:

A leader ensures that the organisation is compliant with relevant
regulations and standards, such as GDPR, PCI-DSS and ISO27001.
6. Staying up to date with emerging technologies:
A key responsibility of a leader is keeping abreast of emerging tech and
their impact on cybersecurity and evaluating and implementing new
technologies as needed.
7. Building and maintaining relationships:
Building and maintaining relationships within the organisation and
also with external partners and vendors helps a leader to support the
cybersecurity program.
8. Responding to cyber incidents:
A leader is at the forefront of developing and implementing incident
response plans and making sure that the response is as quick and
effective as possible.

Because of the very sensitive nature of the tasks involved in cybersecurity,

a person in a leadership role in this field must be on the pulse of events so
the necessary actions can be taken as per time.

Strategies for Taking on Leadership roles and Managing

Teams in Cybersecurity
Strategic leadership is a vital key to success in maximising human and
non- Human Resources in cybersecurity. Some of these strategies include:
1. Developing a clear vision and mission for the team:
A clear vision and mission statement can help align the team towards a
common goal. This way everyone in the team knows what is expected
of them and what the aim is.
2. Communicate effectively:
Good communication skills are essential in leading a team. Keep the
team informed, listen to their concerns and feedback, and provide
regular updates on progress.

133
Chapter 7: Leadership and Management in Cybersecurity

3. Build a strong team culture:

A leader needs to encourage teamwork, collaboration and open
communication. They foster a positive and inclusive work environment
that supports growth and development.
4. Lead by example:
This is done by demonstrating the values and behaviours that you expect
from your team. This can help to create a culture of accountability and
responsibility.
5. Develop and implement effective cybersecurity strategies:
As expected, a leader must stay up to date with the latest e cybersecurity
threats and trends and then develop strategies to prevent attacks, detect
them on time or respond to these threats once a breach has occurred.
6. Foster continuous learning and development:
Leaders must encourage their team to continuously learn and develop
their skills and knowledge. They also need to provide training and
development opportunities for their team to help them stay current
and effective.
7. Encourage innovation and creativity:
Leaders are responsible for encouraging their team to think outside
the box and come up with new and innovative solutions to challenges.
8. Delegate tasks and responsibilities:
Delegating tasks and Texan help to build trust and confidence within
the team. Ensuring that each team member has clear responsibilities
and is held accountable for their role lies with the leader.
9. Provide regular feedback:
A key strategy for effective leadership is providing feedback to team
members to help them understand their strengths and areas for
improvement. A leader must encourage open and honest feedback to
help improve performance.

134
 The Cybersecurity Career Handbook

10. Celebrate success and learn from failures:

It is important to celebrate the successes of your team and encourage
them to learn from their failures. This can help build a culture of
continuous improvement and resilience.

Importance of Leadership and Management

Leadership plays a critical role in the cybersecurity field as it sets the tone
and direction for the organisation’s security posture. Leaders have the
responsibility to ensure the protection of their organisation’s assets and
to drive innovation and change in the face of constantly evolving threat
patterns. They drive innovation by identifying and adopting new security
solutions that can better protect the organisation.

Leadership in cybersecurity also involves making difficult decisions,

such as prioritising and allocating resources, balancing security with
business needs and communicating effectively with stakeholders about
risks and security measures. They oversee the process of making sure that
adequate resources, including budget and personnel are allocated to the
organisation’s security program to ensure its success.

Effective leadership and management also ensures that the organisation has
the necessary tools, processes and personnel in place to respond quickly
and effectively to security incidents, minimising impact and preserving
the organisation’s reputation.

While the leadership in a cybersecurity team always has the security of the
organisation on their mind the most, they also help create and nurture a
culture of security within the organisation, where employees understand
the importance of security and are empowered to make decisions that
support it.

135
 Chapter 7: Leadership and Management in Cybersecurity

Leadership Styles in Cybersecurity

Leadership style refers to the different ways in which leaders interact

with and motivate their followers. Three commonly discussed styles are
transformational, servant and authentic.
1. Transformational leadership style:
This style focuses on inspiring and motivating individuals to achieve
a shared vision. Transformational leaders in cybersecurity create
a positive work environment, communicate a clear vision and are
able to effectively align their team towards the organisation’s goals.
This style is best used in a rapidly changing security landscape where
leaders need to adapt and motivate their teams to keep up with the
ever-changing threat possibilities.
2. Servant leadership style:
This style is focused on serving and empowering others. Servant leaders
in cybersecurity prioritise the well-being and development of their
team members and strive to create a supportive and collaborative work
environment. This style is best used in situations where the security
team is facing complex challenges and requires the full engagement
and contribution of all members.
3. Authentic leadership style:
This style of leadership is focused on transparency, ethical behaviour
and genuine connections with others. Authentic leaders in
cybersecurity prioritise building trust and credibility with their team
and stakeholders. They lead by example and are committed to creating
a culture of accountability, integrity and transparency. This style is
best used in organisations that prioritise a strong ethical culture and
where trust is critical to effective security outcomes.

It is important to note that effective leaders in cybersecurity may use

elements of multiple leadership styles depending on the specific situations
and team dynamics.

136
 The Cybersecurity Career Handbook

Unconventional Leadership Styles

Asides the leadership styles mentioned earlier, there are other ways a leader
can motivate their team for growth and favourable outcomes. Some of
these unconventional methods include:

1. Agile leadership:

Agile leadership is a modern and flexible approach to leadership that

is inspired by the Agile methodology used in software development. It
emphasises the importance of adaptability, collaboration, and constant
improvement. Agile leaders recognize that the business environment is
constantly changing and that traditional top-down leadership models are
no longer effective. Instead, they adopt a flexible, team-oriented approach
that allows for rapid decision-making and continuous improvement.

One of the key characteristics of agile leadership is a focus on

communication. Agile leaders are open, transparent, and approachable,
and they encourage team members to share their ideas and feedback. They
also prioritise regular check-ins, such as daily stand-up meetings, to keep
everyone informed and aligned.

Another important aspect of agile leadership is empowering team

members. Agile leaders give their team autonomy to make decisions and
take ownership of their work. They also provide resources, support, and
guidance to help their team succeed. This empowers team members to
take initiative, be creative, and contribute to the success of the team.

Finally, agile leaders embrace failure as a learning opportunity. They

encourage experimentation, innovation and risk-taking, and they recognize
that not every project will be successful. Instead of punishing failure,
they focus on the lessons that can be learned and use this knowledge to
continuously improve.

137
 Chapter 7: Leadership and Management in Cybersecurity

2. Design thinking:

Design thinking is a problem-solving approach that puts the end-user at

the centre and emphasises empathy, experimentation, and iteration. It is
often used by designers, engineers, and product managers to develop new
products and services but it can also be applied to leadership development.

Design thinking leaders Rosicrucian on understanding their customers,

stakeholders, and team members to create solutions that meet their needs.
This involves deep empathy for the people they serve and a commitment
to continuously learning about their needs and preferences.

Design thinking leaders also embrace experimentation and iteration. They

are willing to test new ideas and make changes based on feedback. This
iteration approach allows them to quickly identify what is working and
what is not, and make adjustments accordingly.

In terms of leadership style, design thinking leaders are creative,

collaborative, and human-centred. They believe in the power of diverse
perspectives and encourage their teams to bring their unique ideas and
experiences to the table. They also prioritise communication, transparency,
and open-mindedness, and they are committed to finding solutions that
benefit everyone.

3. Hackathons:

A hackathon is a time-bound event where a group of people come together

to develop solutions to specific problems. It is typically characterised by a
fast-paced, high-pressure environment where participants work in teams
to generate ideas, prototype solutions, and present their findings.

In a leadership development context, hackathons can be used as a tool

to doctor innovation, creativity, and collaboration among leaders. They
provide an opportunity for leaders to step outside their comfort zones,
take risks, and develop new skills. By working in teams, leaders also have
the opportunity to practise their communication, problem-solving, and
teamwork skills.

138
 The Cybersecurity Career Handbook

Hackathons are also a great way to promote diversity and inclusivity.

They bring together people with different backgrounds, perspectives,
and expertise and encourage them to work together to solve a common
problem. This can help leaders develop a broader perspective and a greater
appreciation of the value of diverse points of view.
In conclusion, unconventional approaches to leadership offer a fresh and
innovative way to leadership development. They emphasise adaptability,
collaboration, and empathy, and provide opportunities for leaders to
develop new skills, bring fresh pets to their work and foster a culture of
continuous improvement.

The Unique Challenges of Managing Teams in Cybersecurity

Managing teams in the cybersecurity field comes with a set of unique

challenges. For leaders, the expectations are quite high as they have the
peculiar responsibility of ensuring systems are well protected against
attacks that can lead to losses that can be monumental. People in leadership
capacities therefore need to find a way to effectively utilise resources at
their disposal in such a way that they are prepared at every point in time
to fend off cybercriminals and to minimise damage when attacks are
successful. Some of the unique challenges in this field include:
1. Attracting and retaining talent:
The cybersecurity field is in high demand and there is a shortage of
skilled professionals. This makes it challenging for organisations to
recruit and retain top talent. To address this challenge, organisations
may need to offer competitive salaries, benefits, and opportunities for
professional development.
2. Keeping up with technology:
The pace of change in the cybersecurity field is rapid, and new threats
and technologies are emerging all the time. This can make it difficult
for teams to keep up with the latest developments and to ensure that
they are using the best practices and technologies to protect their
organisations. Teams need to have access to training and resources to
help them stay up-to-date.

139
 Chapter 7: Leadership and Management in Cybersecurity

3. Communication:
Cybersecurity incidents can be complex and have far-reaching
consequences. Effective communication is critical to ensure that
everyone is informed and on the same-page. Teams need to have clear
lines of communication with stakeholders, including, IT, legal and
HR, to ensure that incidents are handled quickly and effectively.
4. Balancing security and usability:
Cybersecurity measures must be effective in protecting sensitive
information, but they also need to be user-friendly so that employees
can do their jobs effectively. Teams need to balance the need for
security with the need for usability to ensure that employees can be
productive and that the organisation is protected from cyber threats.
5. Managing Risks:
Teams are responsible for managing risks, but this can be difficult
when there are limited resources and competing priorities. Teams need
to prioritise their efforts and allocate resources effectively to minimise
risks and protect their organisations.
6. Collaborating with other departments:
Cybersecurity teams need to work closely with other departments,
such as IT, HR and legal, to ensure that the organisation is protected
from cyber threats. This requires strong collaboration skills and the
ability to effectively communicate with stakeholders.
7. Ensuring compliance:
Many organisations are subject to regulations and standards that
dictate how they must handle sensitive information and respond to
cyber threats. Teams must ensure that the organisation is in compliance
with these regulations and that they have the necessary policies and
procedures in place to protect sensitive information.

These challenges highlight the importance of having a well-trained and

well-equipped cybersecurity team that can effectively manage the risks
and challenges that come with this field.

140
 The Cybersecurity Career Handbook

Strategies for Building and Maintaining Effective

Cybersecurity Teams

Building and maintaining effective cybersecurity teams requires careful

planning and attention to detail. Here are some strategies that can help:
1. Clear communication:
Effective communication is critical to the success of any team, and
this is especially true in the cybersecurity field. Teams should establish
clear lines of communication with stakeholders and have a clear
understanding of roles and responsibilities. Teams should also have
regular meetings to discuss updates and progress and to ensure that
everyone is on the same page.
2. Delegate where necessary:
Effective delegation of tasks and responsibilities is essential for any team.
Teams should ensure that each member has a proper understanding
of their responsibilities and that they have the necessary skills and
resources to perform their task effectively. Teams should also ensure
that they have clear procedures in places for managing incidents and
responding to threats.
3. Employee training and professional development:
Teams need to stay up-to-date on the latest technologies and the threats
in the cybersecurity field. Providing regular training and professional
development opportunities can help teams stay abreast on current
facts and improve their skills. Teams should also have access to the
necessary tools and resources to perform their tasks properly.
4. Encourage collaboration:
In cybersecurity, it is essential that teams work closely with other
departments to ensure that the organisation is protected from cyber
threats. They should establish regular communication with other
departments and have a clear understanding of their roles and
responsibilities. It is also. It is important that they are encouraged to
share information both ways to improve the overall security posture
of the organisation.

141
Chapter 7: Leadership and Management in Cybersecurity

5. Good incident response planning:

Cybersecurity teams should have clear procedures in place for
responding to incidents and should regularly test and refine these
procedures. Teams should also ensure that they have the necessary
tools and resources to respond to incidents quickly and effectively.
6. Risk management:
It is necessary that teams have a clear grasp of the risk that their
organisations face and should regularly assess and prioritise these risks.
Teams should also have clear procedures for managing risks with the
necessary resources allocated to handle them at every point in time.
7. Employee motivation and retention:
Cybersecurity teams need to have a positive work environment and
should be motivated to do their best work. They should be provided
with competitive salaries, opportunities for professional growth
and other benefits that would serve as incentives to give their best
at all times. Teams should also be recognized and rewarded for their
contribution to the organisation.
8. Promote work-life balance:
Members of the team should be encouraged to maintain a positive
work-life balance, with flexible work arrangements and time off when
needed. This can help reduce stress and burnout and improve overall
job satisfaction.
9. Encourage diversity:
Good cybersecurity leaders understand the need to diversify their
team and its resultant effect on building effective teams. Diversity
engenders diverse ideas that each team member can benefit from
individually and that would also be a benefit for the organisation too.
10. Recognizing exceptional talents:
An important part of building effective teams is in recognizing members
who are extraordinarily talented. These individuals can bring great
value to the organisation and help create new and innovative ways of

142
 The Cybersecurity Career Handbook

getting the work done. Talented individuals are not only beneficial to
the organisation they can help inspire their team members to be more
dynamic in fulfilling their roles.

In essence, by promoting a positive team culture, organisations can build

and maintain effective cybersecurity teams that are motivated and engaged,
and that are committed to protecting the organisation from cyber threats.

Other Team Management Methods

There are several approaches that can be taken towards team management,
some of them of them unconventional ones are:
1. Scrum:
In the context of cybersecurity, scrum can be used to manage security
projects by breaking down tasks into smaller and more manageable
chunks, allowing for faster response times and increased efficiency.
Daily stand-up meetings can be used to keep everyone informed
about the status of ongoing security initiatives and identify potential
vulnerabilities before they become a problem. Additionally, cross-
functional teams can be leveraged to bring a variety of skills and
expertise to the table, making it easier to tackle complex security
challenges.
2. Holacracy:
Holacracy can be applied to cybersecurity by empowering security
professionals and giving them the autonomy they need to respond to
threats in real-time. The decentralised structure of holacracy makes
it easier for security teams to collaborate and make quick decisions,
which is essential in an industry where threats can evolve quickly.
By giving employees more control over the security processes and
protocols, organisations can improve the overall security posture and
minimise the risk of cyber attacks.

143
Chapter 7: Leadership and Management in Cybersecurity

3. Kanban:
This is a visual method of managing and prioritising work, in software
development and information technology. It uses a board to visualise
the workflow and prioritise tasks, allowing teams to adjust and adapt
to changes quickly.
4. Lean management:
This is a method that originated in manufacturing but has since been
applied to various industries, including cybersecurity. It focuses on
minimising waste and maximising value, and encourages continuous
improvement through data-driven decision making.
5. DevOps:
This is a software development method that emphasises collaboration
between development and operations teams, allowing for faster
and more frequent releases of software. DevOps can be applied to
cybersecurity by automating security testing and integrating security
into the software development lifecycle, making it easier to identify
and remediate vulnerabilities.
6. ITIL (Information Technology Infrastructure Library):
This is a set of best practices for IT service management, and can
be applied to cybersecurity by providing a framework for incident
management, change management, problem management, and other
important processes. ITIL can help organisations respond to security
incidents more efficiently and effectively, and improve the overall
security posture.
7. Remote team management:
As more and more security professionals are working from home, it has
become increasingly important to ensure best practices in cybersecurity.
Clear communication and guidelines are critical for remote teams, as
well as the use of collaboration tools such as video conferencing and
instant messaging. Keeping remote workers engaged and motivated is
also essential, as it helps to foster a strong team culture and maintain
accountability. Additionally, it’s important for remote teams to have

144
 The Cybersecurity Career Handbook

access to the same resources and tools as their in-person colleagues, so

they can perform their duties effectively and efficiently.

Project Management in Cybersecurity

Project management in cybersecurity involves the planning, organising,

and overseeing of resources, processes, and activities to achieve specific
security goals and objectives. It is a crucial clone t for managing cyber risk
and ensuring the organisations have the necessary controls and capabilities
in place to defend against cyber threats. Here are some key elements of
project management in Cybersecurity:
1. Defining goals and objectives:
The first step in any project is to clearly define what you want to
achieve. This can include reducing the risk of cyber attacks, improving
incident response times, or implementing new security technologies.
2. Assessing risks and challenges:
Before starting a project, it is important to identify potential risks and
challenges that could impact the success of the project. This could
include technical, operational, or financial risks, and it is important to
have a mitigation plan in place to address these risks.
3. Resource allocation:
Project managers must allocate the necessary resources, including
personnel, technology, and funding, to successfully complete a project.
It is important to have a clear understanding of what resources are
available, and what resources will be needed to complete the project
on time and within budget.
4. Communication and collaboration:
Good communication and collaboration are critical for the success
of any project, and this is especially true in the field of cybersecurity.
Project managers must ensure that stakeholders are kept informed of
project progress, and that teams are able to collaborate effectively to
achieve project goals.

145
 Chapter 7: Leadership and Management in Cybersecurity

5. Monitoring and evaluation:

Project managers must continuously monitor the progress of the
project, and evaluate the results to identify areas for improvement.
This can involve tracking metrics such as project timelines, budget,
and resource utilisation, and conducting regular assessments of the
effectiveness of the project.
6. Adaptability:
The cybersecurity industry is constantly evolving, and it is important
for project managers to be adaptable and flexible. This may mean
making changes to the project scope, timeline, or resources, and
adapting to changing priorities and requirements.

Project management in cybersecurity therefore requires a combination

of technical expertise, strategic thinking, and effective leadership, as well
as an understanding of the unique challenges and risks associated with
managing cyber risks.

Frameworks Used in Project Management

Asides the Agile and Scrum methodologies which we have discussed at

various times in this book, there are a few other frameworks that are
widely used in project management. They include:
1. Waterfall:
Waterfall is a traditional, sequential project management methodology
that involves distinct stages, with one stage being completed before
moving in to the next. This method is well-suited for projects with well-
defined requirements, clear deliverables and predictable outcomes.
2. PRINCE2 (PRojects IN Controlled Environments):
PRINCE2 is a project management framework that is widely used
in the UK and Europe, particularly in the public sector. It provides a
structured approach to project management, including clear roles and
responsibilities, and a focus on controlling and monitoring project
risks and progress.

146
 The Cybersecurity Career Handbook

3. PMBOK (Project Management Body of Knowledge):

This is a framework developed by the Project Management Institute and
provides a comprehensive guide to the knowledge and skills required
for effective project management. It covers project management
processes, tools and techniques, and is widely recognized as a standard
in the field of project management.
4. Six Sigma:
Six sigma is a data-driven approach to improving business processes,
and is used in many organisations to manage projects and improve
efficiency. The methodology involves using data and statistical analysis
to identify and eliminate defects and inefficiencies in a process.

Each of these frameworks provides a different approach to project

management, and the choice of framework will depend on the specific
needs and goals of an organisation and its projects.

Some of the common tools used in Agile and Scrum project management
include:
1. Project management software:
This software helps project managers to track tasks, allocate resources,
and monitor project progress. Some popular project management
tools used in Agile and scrum include Jira, Asana, and Trello.
2. Version control systems:
These systems allow teams to manage code changes and keep track of
the different versions of a software application. Examples include Git
and Subversion.
3. Collaboration tools:
Collaboration tools such as video conferencing, instant messaging,
and team chat, are essential for remote teams and help to foster a
strong team culture.

147
 Chapter 7: Leadership and Management in Cybersecurity

4. Continuous integration and continuous delivery (CI/CD)

tools:
These tools automate the software development process and allow
teams to release features and update faster and more frequently.
Examples include Jenkins and Circle CI.

Overall, by using these frameworks in conjunction with the right tools

and processes, organisations an improve the speed, efficiency and quality
of their security projects.

148
 Chapter 8
The Future of Cybersecurity:
Emerging Trends and
Technologies

Cybersecurity has always been dynamic. With the constantly changing

landscape and new threats ever on the horizon, new trends and technologies
are also emerging to set the tone for the future.

How we work, communicate and conduct everyday activities that are

powered by technology will not remain the same in the future either. Our
reliance on technology to store and manage data also influences the need
for cybersecurity professionals to protect sensitive data from criminals
who are also improving with time.

The good news is that as much as cybercriminals are discovering new ways
to launch attacks against organisations and individuals, new technologies
are also emerging to combat them. Some of the key trends and technologies
shaping the future is cybersecurity include:
1. Artificial Intelligence (AI) and Machine Learning (ML):
AI and ML algorithms can be used to analyse large amounts of data
and identify patterns that might indicate a cyber attack. This allows
for rapid detection of threats and enables organisations to respond
quickly to mitigate the risk. AI and ML can also be used to automate

149
Chapter 8: The Future of Cybersecurity

many manual security tasks, such as threat intelligence analysis and

reporting. For example, machine learning algorithms can be trained to
detect suspicious network traffic and identify malware. Cybercriminals
also employ these tools to orchestrate multiple cyberattacks by
identifying network defences and simulating behaviour patterns to
bypass security controls.
2. Internet of Things(IoT):
The rapid growth of connected devices is creating new cybersecurity
challenges. IoT devices often have limited computing resources and
minimal security measures, making them easy targets for attackers.
To address this, security measures such as encryption, secure boot
processes, and firewalls are being developed and deployed to secure
IoT devices. With the growth of IoT comes the increased risk of cyber
attacks too as more devices with very porous security now are expected
to litter the globe.
3. Cloud Security:
Cloud computing has become a critical component of many
organisations’ IT infrastructure, but it also introduces new security
challenges. To mitigate these risks, cloud service providers are
implementing security measures such as encryption, multi-factor
authentication, and network segmentation. Additionally, organisations
are adopting new security practices, such as regular vulnerability scans
and security audits, to ensure the security of their cloud environments.
4. 5G and Edge Computing:
The roll- out of 5G networks and the rise of edge computing are
expected to bring new security challenges. 5G networks will increase
the speed and volume of data transmitted, making it more difficult for
security systems to detect and respond to threats in real-time. Edge
computing also introduces new attack surfaces, as data processing
is shifted from central data centres to edge devices. To address these
challenges, organisations will need to adopt new security measures,
such as network segmentation and traffic monitoring, to ensure the
security of their 5G and edge computing environments.

150
 The Cybersecurity Career Handbook

5. Cyber Threat Intelligence(CTI):

CTI involves the collection, analysis, and dissemination of information
about current and emerging cyber threats. This information can
be used to enhance an organisation’s overall cybersecurity posture,
including threat detection, incident response, and risk management.
To effectively implement CTI, organisations need to adopt new
processes and technologies, such as threat feeds, intrusion detection
systems, and security information and event management (SIEM)
systems.
6. Zero Trust Cybersecurity:
Zero trust security architecture helps with effective authentication and
authorization to ensure that only the legitimate users and applications
can access the protection surface. It provides continuous trust
evaluation by leveraging network segmentation, lateral movement
restriction, multilayered threat prevention and granular user access
control. Because it is not easy to integrate into an existing system,
networks remarkably accommodate zero trust models.
7. Privacy-enhancing computation:
In-depth analysis is necessary for data processing operations involving
personal data transfer, fraud analytics, data monetization, and other
operations. By enabling secure data-sharing and cross-regional
collaboration, privacy-enhancing computation can assist companies
in maintaining privacy and security. Also, it is predicted that by 2025,
50% of all enterprises will have implemented multi-party analytics
use cases and privacy-enhancing computing to handle sensitive data
in untrusted environments and address the increased demand for
sensitive data exchange.

151
 Chapter 8: The Future of Cybersecurity

Emerging trends include:

1. Attacks against cloud services:

In recent years, there has been a significant migration of company
infrastructure, operations, and data to the cloud. Faster speed to
market, more productivity, cheaper operating costs, and increased
flexibility and scalability are all benefits of the cloud. Businesses will
continue to be impacted by cloud- based dangers such less visibility and
control, incorrectly configured cloud storage and settings , vulnerable
cloud apps, incomplete data destruction, compliance challenges, and
migration worries.
2. Continuously evolving ransomware:
One of the major problems with cyber security that businesses
confront globally is ransomware attacks. According to an IBM
analysis, the average cost of a data breach in 2021 was $3.86 million,
which was the largest amount in 17 years. Cybercriminals steal
private information and demand cryptocurrencies or another kind of
payment. Additionally, organised cybercrime groups encrypt data and
threaten to disclose private information unless victims pay a ransom,
increasing the possibility that data will not only be lost but also be
made public. These attacks will keep evolving and adapting, becoming
more sophisticated, focused, and expensive.
3. Rise in insider threats:
Many security issues in businesses are caused by unintended and
careless activities like opening phishing emails or downloading
dangerous files. When a workforce is mobile or remote, these errors
frequently worsen. Also, firms’ lax security practices give malevolent
insiders the opportunity to access crucial assets using credentials to
attain administrative privileges and earn personal gain. The abuse of
personal devices, insecure networks, unauthorised remote access, and
weak passwords make it difficult to track or uncover insider threats
and anomalous activity.

152
 The Cybersecurity Career Handbook

4. Rise in political cyberwarfare:

Access to confidential government information by a foreign state
has the potential to upset the balance of power as the struggle for
regional dominance and conflicts of interest grow. Cyber weapons are
becoming more common to attack the state’s most important assets.
For example, the United State and several other nations’ ban on
Huawei, which was implemented to stop cyber espionage, garnered
international attention.

Impact of Emerging Trends and Technologies on

Cybersecurity

The impact of key emerging trends can both be positive and negative.
On one hand, technologies such as artificial intelligence and machine
learning can greatly improve a company’s ability to detect and prevent
cyberattacks. On the other hand, these techno can also be used by attackers
to automate and scale their attacks. In addition to this, the increasing use
of cloud computing, Internet of Things and mobile devices has created
new channels for cybercriminals to exploit.

As a result of this, organisations must stay informed of these emerging

trends and technologies and continuously evaluate and upgrade their
cybersecurity strategies to stay ahead of the threat landscape. This includes
regularly training employees on safe usage practices, implementing strong
security measures, and working with trusted security partners to stay
ahead of the latest threats.

Unconventional Approaches to Cybersecurity

Unconventional approaches to cybersecurity refer to methodologies

adopted in ensuring systems and networks are protected that are different
from the traditional approaches. They are new and innovative and are
often believed to have been born out of the need for experts to evolve as
threats evolve. Some of these approaches include:

153
Chapter 8: The Future of Cybersecurity

1. Design thinking:
Design thinking is a user-centred, iterative approach to problem-
solving that emphasises empathy, experimentation, and collaboration.
In the context of cybersecurity, design thinking can be used to create
more secure and user-friendly systems by involving users in the design
process and testing prototypes with them to understand their needs
and challenges.
2. Hackathons:
As a collaborative tool, hackathons are well-known for bringing
together developers, designers and other tech-savvy individuals to
create new solutions often in a short amount of time. In its application
to cybersecurity, hackathons can be used as a way to bring together
experts and non-experts to collaborate and develop new solutions to
cyber threats. These events can also serve as a way to test and validate
ideas, identify potential weaknesses and vulnerabilities in systems and
bring attention to important cybersecurity issues.
3. DevSecOps:
DevSecOps is an approach that blends the principles of agile
methodology with the practice of security. It involves integrating
security into every aspect of the software development process, from
coding to deployment. This approach helps organisations improve
security and reduce vulnerabilities, while also increasing efficiency and
reducing time-to-market for software releases.
4. Shift Left:
The “Shift Left’’ approach involves embedding security considerations
and testing early in the software development process, rather
than waiting until the end. By doing this, organisations can catch
security issues early in the development cycle and resolve them more
efficiently. This approach can lead to faster and more secure software
development, and reduces the risk of security vulnerabilities.

154
 The Cybersecurity Career Handbook

5. Security-first Culture:
A “security-first” culture is one in which security is a top priority and
is integrated into every aspect of the organisation’s operations. This
approach helps organisations improve their overall security posture
and reduce the risk of data breaches and other security incidents.
6. Bug Bounty Programs:
A bug bounty program is a crowdsourcing approach in which
organisations invite independent security researchers to identify
and report vulnerabilities in their systems. Organisations reward the
researchers for their contributions, incentivizing them to help identify
and resolve security issues. This approach can help organisations
improve their security posture and catch security issues that might
otherwise go unnoticed.
7. Security Development Lifecycle (SDL):
The SDL is a process that incorporates security considerations into
every phase of the software development process, from requirements
gathering to development. This approach helps organisations build
security into their software development process, reducing the number
of security vulnerabilities and improving the overall security of their
products.
8. Multi-layered Security Model:
A multi-layered security model combines multiple security controls
and technologies to provide a comprehensive defence against cyber
threats. This approach helps organisations reduce the risk of data
breaches and other security incidents by creating multiple lines of
defence.
9. Security-by-Design:
The security-by-design philosophy involves incorporating security
into every aspect of a product or service from the outset. This approach
helps organisations build security into their products and services,
reducing the risk of data breaches and other security incidents.

155
Chapter 8: The Future of Cybersecurity

10. Community-driven Security:

Community-driven security is an approach in which organisations
leverage the expertise and contributions of their open-source
community to identify and resolve security issues in their software.
This approach helps organisations improve the security and reliability
of their products by tapping into the expertise of a large and diverse
group of security experts.
11. Trust-first Philosophy:
A trust-first philosophy prioritises the security and privacy of users’
data above all else. This approach helps organisations maintain the
trust of their users by ensuring the security of their data and reducing
the risk of data breaches.
12. Container Security:
Container security is a relatively new approach that focuses on securing
containers, which are a popular form of cloud-native deployment.
This approach helps organisations secure their containers and reduce
the risk of data breaches and other security incidents.
13. Human-centred Security:
This is an approach that recognizes that people are a critical part of the
security equation. This approach focuses on educating and empowering
employees to make security-conscious decisions, reducing the risk of
security incidents caused by human error.
14. Micro-Segmentation:
Micro-segmentation is a security approach that involves dividing a
network into smaller segments, each within its own set of policies.
This approach helps organisations reduce the risk of data breaches
and other security incidents by creating smaller, more secure network
segments.

156
 The Cybersecurity Career Handbook

All these unconventional approaches to cybersecurity focus on factors like

collaboration, experimentation, user engagement and similar qualities,
rather than relying solely on traditional technical solutions. They offer a
fresh perspective and encourage creativity and out-of-the-box thinking,
which can lead to more effective and user-friendly solutions to cybersecurity
challenges.

Strategies for Adopting Unconventional Approaches to

Cybersecurity

For new organisations looking to adopt these unconventional approaches,

here are some tips and strategies to consider:
1. Start small:
When adopting unconventional approaches, it is best to start small
and gradually expand as you gain experience and confidence. Choose
a small project or pilot program to test the waters and get a feel of the
approach.
2. Implement prototyping and iterative testing:
These approaches allow organisations to test new security strategies
and technologies before they are deployed in production. This helps to
identify and resolve potential issues before they become critical.
3. Build a culture of security:
To be successful with unconventional approaches, organisations must
build a culture of security. This means prioritising security and making
it a key part of every aspect of the organisation’s operations.
4. Collaborate with stakeholders:
When adopting unconventional approaches, it’s important to
collaborate with stakeholders from different parts of the organisation,
such as IT, security, and business units. This helps ensure that everyone
is on the same page and working towards the same goals.

157
Chapter 8: The Future of Cybersecurity

5. Embrace automation:
Automation is a key part of many unconventional cybersecurity
approaches, such as DevSecOps and Shift Left. Embracing automation
can help organisations increase efficiency, reduce vulnerabilities, and
improve security.
6. Stay up-to-date:
Cybersecurity is an ever-evolving field, and unconventional approaches
are no exception. Organisations must stay up-to-date with the latest
trends and best practices to ensure that they are taking full advantage
of these approaches.
7. Leverage community resources:
Many unconventional approaches, such as community-driven security
and bug bounty programs, rely on the contributions of external
experts. Organisations must leverage these resources and tap into the
expertise of the security community to achieve the best results.
8. Measure and track results:
To determine the effectiveness of unconventional approaches,
organisations must measure and track key metrics, such as the number
of vulnerabilities found and resolved, the time-to-market for software
releases, and the overall security posture of the organisation.
9. Be flexible and adaptable:
Unconventional approaches often require organisations to think and
operate differently. Organisations must be flexible and adaptable, and
be willing to change their approach if necessary to achieve the best
results.

158
 The Cybersecurity Career Handbook

Organisations that have successfully adopted unconventional

approaches include:

1. GitLab:
This company has adopted a Security First culture, integrating security
into every aspect of their development process, from code writing to
development. This approach has helped GitLab reduce vulnerabilities
and improve the overall security of their software.
2. Etsy:
Etsy had adopted a Bug Bounty program, inviting independent security
researchers to identify and report vulnerabilities in their systems. This
approach has led to the discovery and resolution of several security
issues, and has helped Etsy maintain the security of its platform.
3. Microsoft:
Microsoft has implemented a Security Development Lifecycle (SDL)
process, incorporating security considerations into every phase of their
software development process. This approach has helped Microsoft
reduce the number of security vulnerabilities in its software and
improve the overall security of its products.
4. Google:
Google employed a multi-layered security model, combining multiple
security controls and technologies to provide a comprehensive defence
against cyber threats. This approach has helped Google maintain the
security of its platform and protect users from cyber attacks.
5. Amazon Web Services (AWS):
They adopted a security-by-design philosophy, incorporating security
into every aspect of their cloud services offerings. This approach has
helped AWS maintain the security of its cloud services and reduce the
risk of data breaches for its customers.

159
 Chapter 8: The Future of Cybersecurity

6. Dropbox:
Dropbox has implemented a zero trust security model, assuming that
all network traffic is hostile and verifying the identity of every user
and device before allowing access. This approach has helped Dropbox
maintain the security of its platform and protect its users’ data.
7. Salesforce:
Salesforce has adopted a trust-fruit philosophy, prioritising the security
and privacy of its users’ data above all else. This approach has helped
Salesforce maintain the security of its platform and protect its users
from data breaches.

Challenges and Opportunities Cybersecurity May Face in

the Future

As bright as the future may look for the cybersecurity industry, there
are equally challenging times to be expected also. With more advanced
technology emerging regularly for professionals to beef up their security
strategies, individuals with malicious intent also apply this same technology
to their attacks. As a result, cybersecurity experts must find ways to
create strategies that are more impervious to threat and action plans that
enforce quick detection in case of breaches. Some of the challenges and
opportunities expected to face the cybersecurity field include:
1. Proliferation of connected devices:
The internet of things (IoT) has brought about a proliferation of
connected devices, including smart home devices, wearable technology,
and other connected devices. These devices often have limited security
features, making them vulnerable to hacking and exploitation. The
increasing number of connected devices increases the attack surface
for cyber criminals and presents new security challenges.

160
 The Cybersecurity Career Handbook

2. Increase in sophistication of cyber threats:

Cybercriminals are becoming more sophisticated in their tactics, using
advanced technologies like AI and machine learning to automate their
attacks and evade detection. This makes it harder for organisations to
defend themselves against cyber attacks, as attackers can easily adapt
their tactics to bypass security.
3. Cloud security:
The widespread adoption of cloud computing is creating new security
challenges, as organisations move sensitive data and critical applications
to the cloud. The shared nature of cloud computing environments
means that security breaches in one tenant’s environment can
potentially impact other tenants, making it essential for organisations
to have strong security controls in place.
4. 5G technology:
The rollout of 5G technology will bring faster speeds and greater
connectivity, but it will also introduce new security challenges. With
more devices and systems becoming connected, the attack possibilities
and opportunities will increase, and the speed and efficiency of 5G
networks will make it easier for attackers to launch and execute cyber
attacks.
5. Human Factor:
Despite advances in technology, human error remains a major security
threat, with employees often falling for phishing scams or failing to
follow best practices for password management. Organisations need
to invest in employee education and awareness programs to reduce the
risk of human error.
6. Cybercrime as a service:
Cybercrime is becoming a commodity. With criminal groups
offering hacking services for hire. This makes it easier for non-
technical individuals to launch cyber attacks, increasing the threat to
organisations of all sizes.

161
 Chapter 8: The Future of Cybersecurity

7. Regulation and compliance:

The increasing number of regulations and standards, such as the
GDPR and CCPA, puts additional pressure on organisations to secure
their systems and protect sensitive data. Organisations must keep up
with evolving regulations and standards to avoid costly penalties for
non-compliance.

These are just a few of the key challenges the cybersecurity field will need
to work through in the near future. It’s important for organisations to
stay informed about these challenges and invest in the technology and
processes necessary to address them, in order to stay ahead of emerging
threats.

How Future Challenges in Cybersecurity Create

Opportunities for Professionals
As technology continues to advance and cyber threats become more
sophisticated, there will be an increased demand for professionals with
expertise in cybersecurity. This creates a number of opportunities for those
who are willing to invest the time and resources necessary to build the
skills required to protect against cyber attacks.
One of the biggest opportunities in the field of cybersecurity is in the
development of new technologies and techniques for detecting and
preventing cyber threats. This could include the development of artificial
intelligence and machine learning systems that can identify and respond
to threats in real-time, or the creation of secure, decentralised networks
that are resistant to hacking and other forms of cyber attack.
Another area of opportunity for cybersecurity professionals is in the
implementation of more robust security protocols and best practices for
protecting against cyber threats. This could include the implementation
of multi-factor authentication systems, regular security audits, and regular
training for employees on how to identify and respond to cyber attacks.

162
 The Cybersecurity Career Handbook

This invariably translates into:

1. Job growth:
Cybersecurity is a rapidly growing field with a high demand for
skilled professionals. According to the Bureau of Labour Statistics,
employment in the cybersecurity field was projected to grow 31% from
2019 to 2029, much faster than the average for all occupations. The
high demand for cybersecurity professionals is expected to continue
as organisations continue to face increasingly complex cyber threats.
2. Divers roles:
Cybersecurity is a field with a range of specialities, from network
security to software security to information security. This creates
opportunities for professionals to specialise in a specific area of
cybersecurity and develop a deep understanding of the associated
technologies and techniques.
3. High earning potential:
Cybersecurity professionals often command high salaries due
to the critical nature of their work and the high demand for their
skills. According to Payscale, the average salary for a cybersecurity
professional in the United States is around $97,625 per year.
4. Collaboration and interdisciplinary work:
Cybersecurity is not a stand-alone field, rather it intersects with
several other fields such as computer science, law , and business. This
creates opportunities for professionals to collaborate and work with
professionals from different backgrounds and specialties.
5. Impactful work:
Cybersecurity professionals play a crucial role in protecting sensitive
information, financial assets, and national security. The work of a
cybersecurity professional can have a significant impact on both
individuals and organisations, making it a fulfilling and meaningful
career choice.

163
 Chapter 8: The Future of Cybersecurity

As technology continues to evolve, new challenges and opportunities

are likely to emerge, making it an exciting time to be involved in this
rapidly growing field. Those who are willing to invest in their education
and training in cybersecurity are likely to be in a better position for career
advancement and growth.

164
 Chapter 9
Future-Proofing Your
Career: Career Progression in
Cybersecurity

Pursuing a career in cybersecurity can end in one of many ways. This

is because building a career in this field is not as straightforward as you
would find in professions that are more traditional. For instance, a career
in Medicine will usually require you completing a high school education,
earning a bachelor’s degree, completing a doctoral program and mandatory
residencies and internship then obtaining your licence.

Cybersecurity on the other hand can include any of these stages or none
at all. While employers may have a set of requirements they expect
a prospective employee to fulfil, oftentimes a cybersecurity expert’s
proficiency is mostly determined by other factors such as problem solving
skills, technical aptitude and their ability to understand how people,
systems and applications are interdependent.

There are rare cases where individuals with a degree are found excelling
in their job role. However, starting your career by earning a degree in
preferably science or technology usually gets one a stronger consideration
when it comes to opportunities. An educational background in this field
denotes some basic understanding of computer systems and applications.

165
 Chapter 9: Future-Proofing Your Career

A college degree was cited by 36% of respondents in a January 2019

survey of 39 professionals who were employed in the field of cybersecurity
as the most important reason in their decision to pursue the career. 16 of
them (79% of them) received technical degrees. While the data suggests
that a degree in computer science can be a good starting point for a career
in cybersecurity, a higher percentage of respondents said on the same
poll(38%), entered with a non-technical degree and/or an area unrelated
to cybersecurity.

Years later data has shown that cybersecurity remains a dynamic industry.
According to the 2022 (ISC)2 Cybersecurity Workforce Study, there are
several indicators that really exciting and rewarding times are ahead for
the cybersecurity professional. Some of the key highlights in the report are
1. Experience and Practical Skills are Growing in Importance for
New Hires:
The report claims that “from 2021 to 2022, practical skills and
experience have grown into being more important qualifications
for those considering employment in the cybersecurity profession.
In particular more emphasis is being placed on relevant IT work
experience (29% to 35%), strong problem-solving skills (38% to
44%) and relevant work experience (31% to 35%). The ubiquitous
importance of certifications was less prioritised this year(29% vs.
32%), as were cybersecurity qualifications or training (17% vs.23%),
graduate degrees (10% vs. 13%) and undergraduate degrees (10%
vs.14%).”
2. For Younger Workers, More Roads Lead To Cybersecurity:
“Nearly half of respondents under the age of 30 move into cybersecurity
from a career outside of IT. Younger professionals are more likely to use
their education in cybersecurity or a related field (23%) as a stepping
stone to either enter the profession or move from a totally different
field (13%) outside the It or Cybersecurity landscape. Some are even
recruited after their own self-education with cybersecurity(12%). As
respondents approach ages 50 to 54, we observed a peak in the number
of employees who have used a career in IT as their pathway into the

166
 The Cybersecurity Career Handbook

field (74%), demonstrating that this very popular practice is no longer

the primary source for recruiting younger cybersecurity talent.”
3. Despite the High Level of Work, Cybersecurity is a Rewarding
Profession that is Growing in Recognition:
Cybersecurity professionals in the field today are definitely passionate
about their work. “The report shows that while 70% of them often
feel overworked, an even higher number stated that it is a rewarding
profession (78%). 76% agree that there is more appreciation for it than
in the past, with another 74% of respondents saying that they love
their job. It’s important to note that there are hardly any differences
within these categories when we compare respondents in their current
positions with those who were at the same organisation for a year or
less, vs. those who were with a company for more than two years. This
suggests that cybersecurity professionals are passionate about their
work regardless of age or experience.” For someone looking to start a
career in this field, job satisfaction is practically guaranteed.
4. Certifications are Evolving into Instruments for Skill Growth
Rather than a Launchpad for a Career:
“97% of respondents within the study sample have earned at least
one type of certification. In the past most cybersecurity professionals
chose certifications as a means of career progression and professional
development (53%). The primary driver for earning certifications in
the future is fueled by a need to improve their skills (64%)and stay
current with cybersecurity trends (53%). Cybersecurity professionals
are now tailoring their need for a certification based on their personal
growth, with most choosing to begin their journey within the first year
at a new company. Those with one year of experience or less at their
organisation are even more eager to use certification as a means to
improve their skills (69%) vs. those who have been at their companies
for more than two years (62%).

167
 Chapter 9: Future-Proofing Your Career

5. Both Vendor-neutral and Vendor-specific Certifications are

Popular:
86% of the respondents stated that they earned at least one vendor-
neutral certification, e.g, (ISC)2, ISACA or CompTIA. 92% have
earned a vendor-specific certification, e.g., Microsoft, Amazon,
CISCO. 50% of respondents have earned a vendor-neutral certification
in the last three years vs. 52% who’ve earned one from a vendor in the
same timeframe.”
6. Vendor-neutral Certifications are More in Demand:
vendor-neutral certifications are more in demand from employers.
This is especially true for military personnel (82%). Comparatively,
vendor-specific requirements have dropped within the last three years
at an organisational level. In2019, 55% of employees required them,
vs. 38% in 2022.
7. The Future of Cybersecurity is Growing More Diverse:
The research has shown that pathways are opening for educated
professionals with diverse backgrounds and cultures and is only
expected to continue into the future. “55% of the respondents believe
that their team will become more diverse two years from now. Five
years into the future, there is even greater confidence in diversity, with
60% of respondents predicting more diversity (30% of which say it
will be much more diverse).”

For a prospective cybersecurity professional, what you should take

away from this study is that :
- Opportunities are readily available. Arm yourself with the right
skills.
- Certifications are great but look at them as tools for self-
development and not necessarily as a launchpad for your career.
- Experience and practical skills can never be overemphasised. Get
as much of it as you can.
- There is room for everybody irrespective of race, background or
ethnicity.

168
 The Cybersecurity Career Handbook

- The future of cybersecurity is bright and you can be among the

valuable change-makers the industry desperately needs.

Success Stories:
Professionals in the Field and How they Have Advanced Their Careers

Like we have discussed previously, there are several ways you can advance
your career in cybersecurity alongside a combination of determination
and hard-work. For some well-known professionals in the field, traditional
strategies such as earning degrees and certifications helped their career
growth. Some of them are:
1. Troy Hunt:
He is an accomplished security professional from Australia who serves
as Microsoft Regional Director and has also been honoured Microsoft’s
Most Valuable Professional (MVP) in Developer Security. With more
than 30 security-related courses available on Pluralsight, including his
multi-part hacking course, he is well known for his commitment to
educating IT and security professionals. Troy also frequently presents
keynote addresses and workshops to large audiences at security
conferences. He started out building software for the web in ‘95 where
he had various roles in Australia and the UK. In 2001 he went to
Pfizer in Sydney and spent the next 14 years until his departure in
2015 building and managing software in the world’s largest healthcare
company. He worked first as a software developer then as an Architect
responsible for software delivery across Asia Pacific. This ranged from
systems to manage clinical trials, report on patient adverse events
and optimise sales force operations. His focus has since shifted to
Information Security.
2. Virginia Rometty:
Known as the first woman to hold the CEO position at IBM, Ginny
as she is popularly called had held the position for seven years. After
obtaining a degree in computer science and electrical engineering,
she started working at General Motors. She joined IBM in 1981 as

169
 Chapter 9: Future-Proofing Your Career

a system engineer. She has been an inspiring figure for women in

technology as she remains an outspoken leader in a male-dominated
field.
3. John Chen:
John Chen started his career in Cybersecurity as a network administrator
and gradually moved up the ranks through dedication and hardwork.
He took on increasingly challenging roles and responsibilities
and eventually landed a senior management position in a leading
Cybersecurity firm. He continued to advance his career through a
combination of education, experience, and building a strong network
of contacts in the industry.
4. Sarah Baso:
Sarah Baso began her career in cyber security as a security analyst
and gradually built her expertise through education and hands-on
experience. She pursued advanced degrees and certifications in the field
and eventually landed a leadership role in a large security company.
Her hard work and determination helped her advance her career and
she is now recognized as one of the leading experts in the field

Others who used more unconventional methods include:

1. Kevin Mitnick:
Kevin’s journey into cybersecurity started with a love of technology
and a curiosity about how things worked. He is a unique personality
in the industry in the sense that he was once in FBI’s Most Wanted
List for having gained unauthorised access to a major organisations’
computers, softwares, cell phone manufacturers and ISPs and for
allegedly stealing software from Motorola, Nokia, Fujitsu among
others. After serving time in prison, Mitnick transitioned into the
field of cybersecurity and now runs his own successful cybersecurity
consulting firm, providing companies with advice on how to secure
their systems and networks.

170
 The Cybersecurity Career Handbook

2. Natasha Syace-Zalem:
Coming from a career in music photography, Natasha Syace-Zalem
who is Amazon’s global head of partner engineering is a renowned
professional. She is the founder of Empowering Women with Tech
where she encourages more women to consider a career in STEM. She
graduated with a degree in producing and directing and started out as
a music photographer before venturing into technology and working
with various media companies.
3. Dave Kennedy:
David Kennedy is the founder of TrustedSec. His transition into
cybersecurity started with his background as a US Marine. After serving
in the military, he became interested in the field of cybersecurity and
started to build his expertise through online-courses and hands-on
experience. He eventually transitioned into the field and now runs his
leading cybersecurity consulting firm, TrustedSec. He is a well-known
speaker and author on the topic of cybersecurity, providing companies
and organisations with advice on how to secure their systems and
networks.
4. Tiffany Trojillo:
Tiffany Trojillo’s transition into cybersecurity was inspired by her
love of technology and her desire to help others. She started as a hair
stylist but eventually realised that her true passion was technology. She
enrolled in online courses to learn about cybersecurity and eventually
landed a job in the field, working her way up from entry-level to her
current role as a cybersecurity consultant. Trojillo is a sought-after
speaker and advocate for diversity in the industry.

In chapter five we looked at various ways you can advance your career
in cybersecurity. Future-proofing your career entails staying current with
latest developments and advancements in the field and position yourself
to remain relevant as the times change. By investing in your professional
development and staying ahead of the curve, you can ensure that you have
what it takes to keep being sought-after and have a rewarding career in
the future.

171
 Chapter 9: Future-Proofing Your Career

Now that You are a Successful Cybersecurity Professional, What Next?:

How to Your Business While Running a 9-5

Crowdfunding

Crowdfunding is a popular method of raising capital for starting a

business, and it is increasingly being used by entrepreneurs the world
over. Instead of relying on traditional sources like banks or venture capital,
crowdfunding allows entrepreneurs to access funds from a large number of
people through the internet. This method of raising capital has a number
of advantages for entrepreneurs.

First, crowdfunding allows entrepreneurs to validate their business ideas

and products. By launching a crowdfunding campaign, entrepreneurs can
reach out to potential customers and gauge their interest in their products.
If the campaign is successful, it shows that there is a demand for the
product and that it has the potential to be a profitable business.

Second, crowdfunding provides a way to build a community around your

business. By engaging with your backers and keeping them updated on
your progress, you can build a network of supporters who are invested in
your success. This can be especially valuable for someone who has a full-
time job and needs to build trust and a strong reputation around their
business.

Third, crowdfunding can be a more affordable way to raise capital

compared to traditional methods. Crowdfunding campaigns usually
involve offering perks or rewards in exchange for funding, which can be
a more cost-effective way to raise capital than paying interest on a loan or
giving up equity in your business to investors.

Fourth, crowdfunding can be a faster way to raise capital compared to

traditional methods. Crowdfunding campaigns can be launched and
completed in a matter of weeks, whereas it can take months or even years
to secure funding from traditional sources.

172
 The Cybersecurity Career Handbook

There are two main types of crowdfunding: reward-based and equity-

based. In reward-based crowdfunding, backers receive a reward or
perk in exchange for their funding, such as early access to a product, a
special edition of the product, or exclusive merchandise. In equity-based
crowdfunding, backers receive a stake in the company in exchange for
their funding.

To successfully run a crowdfunding campaign for your business, there are

a few key steps you need to follow. First, you need to create a compelling
campaign page that clearly explains your business idea, product, and why
you need funding. This page should include a detailed description of your
business, photos or videos of your product, and a clear funding goal and
timeline.

Second, you need to develop a marketing plan to reach your target

audience and promote your campaign. This can include utilising social
media, email marketing, and influencer marketing to reach potential
backers. You should also consider offering special rewards or incentives
for backers who refer others to your campaign.

Third, you need to keep your backers informed and engaged throughout
the campaign. This can include sending regular updates on your progress,
answering questions and addressing concerns, and showing your gratitude
to backers by providing them with exclusive content or early access to
your product.

Finally, it is important to have a plan in place for delivering on your

promises to backers after the campaign is over. This includes ensuring
that rewards are delivered on time and that your product is developed and
launched according to schedule.

In conclusion, crowdfunding can be a valuable tool for entrepreneurs in

any industry looking to raise capital for their business. By leveraging the
power of the crowd and offering rewards or equity in exchange for funding,
entrepreneurs can validate their business ideas, build a community of
supporters, and raise capital more quickly and affordably than through
traditional methods. However, running a successful crowdfunding

173
 Chapter 9: Future-Proofing Your Career

campaign requires careful planning, marketing, and communication to

ensure that you reach your funding goals and deliver on your promises to
backers.

Angel Investor

Angel investors are high net worth individuals who are interested in
investing in startups and early-stage businesses. Securing investment from
angel investors requires a solid business plan, a clear understanding of
your target market, and a compelling pitch.

To start, it’s important to do your research and find angel investors who
are interested in investing in the particular sector of your business. There
are various online platforms and organisations that connect entrepreneurs
with angel investors, so take advantage of these resources to identify
potential investors.

Once you’ve identified potential angel investors, it’s time to prepare your
pitch. Your pitch should clearly explain your business idea, its potential
for growth and profitability, and what sets it apart from other businesses
in its industry. Make sure you have a well-defined plan for how you will
use the funds you receive, and be prepared to answer questions about your
business model, target market, and competition.

When you meet with angel investors, be confident, and make sure to listen
to their feedback and concerns. They may have suggestions or insights
that can help you refine your business plan and improve your chances of
securing investment.

Angel investors typically invest their own money and take an active role
in helping their portfolio companies grow and succeed. This means that
you will have access to not only their funding but also their network of
contacts and their expertise. Working with angel investors can be a great
way to gain valuable mentorship and advice as you build your business.

174
 The Cybersecurity Career Handbook

One of the benefits of working with angel investors is that they typically
invest in early-stage companies, when access to capital is critical and the
risks are higher. This means that they are often willing to take a chance on
businesses that traditional investors might pass over.

However, it’s important to remember that when you receive funding from
angel investors, you will likely need to give up a portion of ownership in
your business. Make sure you are comfortable with this arrangement, and
consider seeking the advice of a financial advisor or an attorney before
finalising your deal.

Bootstrapping

Bootstrapping is a great way to fund your business without relying on

outside investment. This approach is all about using your own resources,
ingenuity, and determination to build your business from the ground up.

In the world of entrepreneurship, bootstrapping is often seen as the

ultimate test of a business’s viability. If you can make your business work
with just the resources you have on hand, then you have a much better
chance of success when you do eventually seek outside investment.

The key to successful bootstrapping is to focus on your core business

and keep your expenses as low as possible. This means cutting back on
everything that isn’t essential to your business, such as fancy offices,
expensive equipment, and unnecessary employees. Instead, you should
focus on building a lean, mean business machine that can deliver results
with minimal overhead.

One way to do this is to offer your services on a contract basis, working

out of your home office, and using online tools to collaborate with others
and manage your business. You can also leverage your personal network
and partnerships to secure clients, negotiate favourable terms, and create
strategic alliances that can help you grow your business over time.

175
 Chapter 9: Future-Proofing Your Career

Another key aspect of bootstrapping is to find ways to monetize your

business from the outset. This can mean offering your services on a
subscription basis, or finding ways to generate revenue from your existing
client base. You can also leverage your expertise to create complementary
products and services that can help you build a more sustainable and
profitable business.

As your business grows and becomes more established, you can start to
think about seeking outside investment. This can come in the form of debt
financing, equity investment, or other forms of capital. But by focusing
on bootstrapping first, you will have a much stronger foundation to build
upon, and you will be in a much better position to negotiate terms and
secure the funding you need to grow your business.

In conclusion, by focusing on your core business, keeping expenses low,

monetizing your services, and leveraging your personal network and
partnerships, you can build a solid foundation for growth and eventually
secure the funding you need to take your business to the next level.

Loans

Loans can be an effective way to fund your business, especially if you’re

looking for a more structured and predictable source of funding. Securing
a loan requires careful planning, a strong credit history, and a clear
understanding of your financial needs.

To start, it’s important to understand the different types of loans available

to small businesses. For example, traditional bank loans are typically
offered to businesses that have been operating for at least two years and
have a strong credit history. Alternatively, you may be eligible for a small
business loan from the government, which typically have lower interest
rates and more favourable repayment terms.

176
 The Cybersecurity Career Handbook

Once you have a clear understanding of your loan options, it’s time to
start preparing your loan application. This typically involves creating a
detailed business plan that outlines your financial projections, marketing
strategy, and target market. You will also need to provide documentation,
such as tax returns, financial statements, and bank statements, to support
your loan application.

When applying for a loan, it’s important to be realistic about your funding
needs and the amount of money you are requesting. Lenders will typically
review your business plan and financial statements to determine the
amount of money they are willing to lend, so it’s important to have a clear
understanding of your financial situation and how you will use the funds
you receive.

Getting a loan requires a solid understanding of your business finances

and the ability to clearly articulate your plans for growth and profitability.
It is important to have a well-structured repayment plan in place, so that
you can repay your loan on time and maintain a strong credit history.

One of the benefits of securing a loan is that you have more control over
the use of your funds, as you are not giving up ownership in your business.
Additionally, loans can provide a more predictable source of funding, as
you know exactly how much money you will receive and when it will be
available.

However, it’s important to remember that loans also come with obligations,
such as interest payments and loan repayment terms. Make sure you are
comfortable with the terms and conditions of your loan, and consider
seeking the advice of a financial advisor or an attorney before finalising
your deal.

Finally, securing a loan can be a valuable way to fund your business,

especially if you’re looking for a structured and predictable source of
funding. By preparing a solid business plan, having a clear understanding of
your financial needs, and being realistic about your funding requirements,
you can set yourself up for success and achieve your funding goals.

177
 Chapter 9: Future-Proofing Your Career

Incubators and Accelerators

Incubators and accelerators can be a valuable source of funding for your

business, especially if you’re just starting out and looking for mentorship
and support. Being accepted into a well-respected incubator or accelerator
can provide a great opportunity for you to take your business to the next
level.

Incubators and accelerators provide a supportive environment for startups

to grow and develop their businesses. They typically offer a range of
services, including mentorship, networking opportunities, access to
funding, and workspace. The goal of these programs is to help startups
succeed by providing the resources and support they need to grow and
scale their businesses.

To get started with incubators and accelerators, it’s important to do your

research and identify the programs that are right for you. You’ll want to
consider factors such as location, industry focus, and program structure
when evaluating different options. It’s also a good idea to reach out to other
startups that have gone through the same incubators and accelerators to
get a better understanding of what the experience was like.

Once you have a clear understanding of the incubators and accelerators

that you’re interested in, it’s time to start preparing your application.
This typically involves creating a detailed business plan that outlines your
financial projections, marketing strategy, and target market. You will also
need to provide documentation, such as tax returns, financial statements,
and bank statements, to support your application.

When applying for incubators and accelerators, it’s important to be clear

about your business goals and what you hope to achieve through the
program. Being able to articulate your vision and demonstrating your
commitment to your business can help you stand out from the crowd and
increase your chances of being accepted into the program.

178
 The Cybersecurity Career Handbook

Once you’re accepted into an incubator or accelerator, you’ll have access to

a range of resources and support that can help you grow your business. For
example, you’ll have access to mentorship from experienced entrepreneurs,
networking opportunities with other startups, and access to funding from
investors. You’ll also have the opportunity to refine your business model
and get feedback from industry experts, which can help you take your
business to the next level.

However, it’s important to remember that incubators and accelerators

also come with obligations, such as equity requirements and repayment
terms. Make sure you are comfortable with the terms and conditions of
the program, and consider seeking the advice of a financial advisor or an
attorney before finalising your deal.

Finally, incubators and accelerators can be a valuable source of funding

for your business, especially if you’re just starting out and looking for
mentorship and support. By doing your research, preparing a solid business
plan, and being clear about your goals and vision, you can increase your
chances of being accepted into a program and take advantage of the
resources and support that are available. By leveraging the resources and
support of incubators and accelerators, you can invest in the growth of
your business and build a strong financial foundation for the future.

Bartering

Bartering can be a creative way to fund your business especially if you’re

looking for alternative funding options with a twist. Bartering can be a
smart financial strategy if you’re willing to think outside the box and be
flexible with your approach.

Bartering involves exchanging goods or services without the use of money.

This can be a valuable option for startups that are looking to conserve cash
and maximise their resources. For example, you might consider bartering
your services in exchange for goods or services from other businesses that
could help your business grow.

179
 Chapter 9: Future-Proofing Your Career

To get started with bartering, you’ll need to identify businesses or

individuals that have goods or services that you need, and that would be
willing to trade for your services. This can be as simple as reaching out
to other businesses in your network or connecting with other startups in
your industry. You can also join bartering organisations or networks, such
as Bartercard or Tradebank, which can help you find potential trading
partners.

When bartering, it’s important to think carefully about what goods or

services you’re offering and what you’re looking to receive in return. For
example, for your business, you might barter your services for marketing
or advertising services, office space, or other goods or services that could
help your business grow. You’ll also want to consider the value of what
you’re trading and make sure that the trade is fair for both parties.

One of the key benefits of bartering is that it can help you conserve cash
and make the most of your resources. Bartering can help you maximise
the value of your business and minimise your expenses, allowing you to
allocate your resources in a more effective way. Additionally, bartering can
help you build relationships with other businesses, which can be valuable
for networking and building a supportive community of entrepreneurs.

Grants

Grants are an excellent way to get the funding you need to get your business
off the ground. The first step is to identify which grants are available to
you. Organisations such as the Small Business Administration (SBA),
National Science Foundation (NSF), Department of Homeland Security
(DHS), and National Institute of Standards and Technology (NIST) are
just a few sources of grants for science and technology-related businesses.
Do your research, and make a list of the grants that are relevant to your
business.

180
 The Cybersecurity Career Handbook

Once you have a list of grants you’re interested in, it’s time to evaluate your
eligibility for each one. This involves reviewing the grant requirements
such as the type of business, size, location, and other criteria. Some grants
are specific to a particular field of business, while others are more general
and available to any small business.

When you have a solid understanding of the grants you’re eligible for,
it’s time to get to work on your proposal. A grant proposal is a detailed
document that outlines your business, the problem you’re trying to solve,
and how your proposed solution will benefit the community. A well-
written proposal can make all the difference in securing funding for your
cybersecurity business.

In your proposal, be sure to highlight the impact and benefits of your

business solution. Emphasise the peculiar needs and areas of difficulty
your business will provide a unique solution to and how. You’ll also
need to include a detailed budget that outlines how you’ll use the grant
funding, including expenses for research and development, equipment,
and personnel.

It’s essential to follow all guidelines and regulations for grant usage to
ensure compliance and successful completion of the project. Be sure to
read all of the terms and conditions carefully and keep detailed records of
how you’re using the grant funding. This will help you stay on track and
ensure that you’re able to complete your project as planned.

Remember, the key to success is to carefully follow all guidelines and

regulations for grant usage, and to keep detailed records of how you’re
using the funding. With the right strategy, funding your business through
grants can be a smooth and rewarding experience.

181
 Chapter 9: Future-Proofing Your Career

Online sales

One of the key advantages of online sales is the potential to reach a massive
audience. By utilising online marketplaces such as Amazon and eBay, you
can reach customers from all over the world, expanding your customer
base and increasing your sales. And with the rise of e-commerce, more and
more people are shopping online, making it an excellent opportunity for
you to grow your business.

To get started, you’ll need to create a comprehensive online sales strategy.

This includes developing a strong brand, creating a user-friendly website,
and creating high-quality product descriptions and images. Make sure
your website is optimised for search engines, and invest in pay-per-click
advertising to drive traffic to your site. Utilise social media platforms such
as Facebook, Twitter, and Instagram to connect with potential customers
and build brand awareness.

One of the keys to success in online sales is offering high-quality products

at competitive prices. Invest in research and development to create
innovative and effective business solutions that meet the needs of your
customers. Offer a range of products that your research must have proven
people are searching for, and consider offering subscription-based services
to increase recurring revenue.

In addition to offering high-quality products, excellent customer service

is essential. Respond promptly to customer inquiries, provide clear and
concise product information, and offer a fair and straightforward return
policy. Building a reputation for excellent customer service can go a long
way in attracting and retaining customers.

Another way to increase sales is to leverage the power of customer referrals.

Encourage satisfied customers to share their experience with their friends
and family, and offer incentives for doing so. Word-of-mouth marketing
is one of the most effective forms of advertising, and it’s a great way to get
new customers and increase sales.

182
 The Cybersecurity Career Handbook

In conclusion, funding your business through online sales can be a

lucrative and rewarding experience. By creating a comprehensive online
sales strategy, offering high-quality products and excellent customer
service, and leveraging the power of customer referrals, you can grow your
business and secure the funding you need to succeed. Remember, the key
to success in online sales is to always stay focused on your customers,
provide them with high-quality products and services, and continuously
improve your online sales strategy. With the right approach, funding your
cybersecurity business through online sales can be a game-changer.

Funding your side- business while working a 9-5 job can be challenging,
but a combination of these approaches can increase your chances of
success. The field of cybersecurity offers you the flexibility to spread your
wings as much as you want to. It may seem difficult initially balancing
your role as a cybersecurity professional and being an entrepreneur but
know that it is doable if you put your heart to it.

183
 Bibliography

1. Cybersecurity Employment Growth Report [Stats, Salaries,

Insights, Infographic] [Internet]. University of San Diego
Online Degrees. 2020 [cited 2023 Jan 2]. Available from:
https://onlinedegrees.sandiego.edu/cybersecurity-jobs-report/

2. Cybersecurity Careers | Guides to Explore Different Careers

[Internet]. Cybersecurity Guide. [cited 2023 Jan 17]. Available
from: https://cybersecurityguide.org/careers/

3. Richardson MA. Top in-demand Cybersecurity Skills in 2023

| [Internet]. Spiceworks. 2022 [cited 2023 Jan 22]. Available
from: https://www.spiceworks.com/it-security/security-general/
articles/top-in-demand-cybersecurity-skills/

4. Knapp ED, Joel Thomas Langill. Industrial network security :

securing critical infrastructure networks for smart grid, SCADA,
and other industrial control systems [Internet]. Second Edition.
Waltham, Ma: Syngress; 2015 [cited 2021 Jan 14]. Available
from: https://dl.acm.org/citation.cfm?id=2746460

5. Vallor S, William J, Rewak S. An Introduction to Cybersecurity

Ethics [Internet]. 2018 [cited 2021 Jan 20] p. 15–21, 38–47.
Available from: https://www.scu.edu/media/ethics-center/
technology-ethics/IntroToCybersecurityEthics.pdf

184
 The Cybersecurity Career Handbook

6. Christen M, Gordjin B, Loi M, editors. The Ethics of

Cybersecurity. Cham, Switzerland Springer; 2020.

7. Cybersecurity Ethics [Internet]. DC Encompass. 2021 [cited

2023 Jan 10]. Available from: https://dcencompass.com.au/
blog/cybersecurity-ethics/

8. Wikipedia Contributors. Cybercrime [Internet]. Wikipedia.

Wikimedia Foundation; 2019 [cited 2023 Jan 12]. Available
from: https://en.wikipedia.org/wiki/Cybercrime

9. The Future of Cybersecurity: Career Growth [Internet]. www.

knowledgehut.com. 2023 [cited 2023 Jan 10]. Available from:
https://www.knowledgehut.com/blog/security/future-of-
cybersecurity

10. Belford GG, Tucker A. computer science | Definition, Fields, &

Facts. In: Encyclopædia Britannica [Internet]. 2019 [cited 2023
Jan 15]. Available from: https://www.britannica.com/science/
computer-science

11. Cyber Security Threats | Types & Sources | Imperva [Internet].

Learning Center. [cited 2023 Jan 22]. Available from: https://
www.imperva.com/learn/application-security/cyber-security-
threats/#:~:text=Common%20categories%20of%20cyber%20
threats

12. 10 Popular Cybersecurity Certifications [2021 Updated]

[Internet]. Coursera. [cited 2023 Feb 1]. Available from: https://
www.coursera.org/articles/popular-cybersecurity-certifications

13. Cybersecurity Workforce Study: Certifications Boost Salaries by

an Average of $18,000 [Internet]. (ISC)2 Blog. 2021 [cited 2023
Feb 3]. Available from: https://blog.isc2.org/isc2_blog/2021/01/
cybersecurity-workforce-study-certifications-boost-salaries-by-
an-average-of-18000.html

185
Bibliography

14. Ruth J. Why Continuous Education for Cybersecurity

Professionals is a Must [Internet]. www.globalknowledge.
com. 2021 [cited 2023 Feb 3]. Available from: https://www.
globalknowledge.com/ca-en/resources/resource-library/articles/
why-continuous-education-for-cybersecurity-professionals-is-a-
must/

15. Borges E. Cyber Crime Investigation Tools and Techniques

Explained [Internet]. Security Trails. 2021 [cited 2023 Jan 24].
Available from: https://securitytrails.com/blog/cyber-crime-
investigation

16. Data protection and privacy laws | Identification for

Development [Internet]. id4d.worldbank.org. [cited 2023 Jan
23]. Available from: https://id4d.worldbank.org/guide/data-
protection-and-privacy-laws

17. Swiss Cyber Institute. A Holistic Approach to Ethical Issues in

Cyber Security [Internet]. Swiss Cyber Institute. 2021 [cited
2023 Jan 22]. Available from: https://swisscyberinstitute.com/
blog/a-holistic-approach-to-ethical-issues-in-cyber-security/

18. Gillis A. What is Object-Oriented Programming (OOP)?

[Internet]. SearchAppArchitecture. 2021 [cited 2023
Jan 20]. Available from: https://www.techtarget.com/
searchapparchitecture/definition/object-oriented-programming-
OOP

19. ISC)2. (ISC) 2 CYBERSECURITY WORKFORCE STUDY

[Internet]. 2022 [cited 2023 Feb 2] p. 46–60. Available from:
https://www.isc2.org//-/media/ISC2/Research/2022-WorkForce-
Study/ISC2-Cybersecurity-Workforce-Study.ashx

20. Wikipedia Contributors. Hackathon [Internet]. Wikipedia.

Wikimedia Foundation; 2019 [cited 2023 Jan 25]. Available
from: https://en.wikipedia.org/wiki/Hackathon

186
 The Cybersecurity Career Handbook

About The Author

The Author, Tolulope Michael, is a proud

Computer Science graduate from the
esteemed and prestigious Lagos State
University. His love for technology, combined
with a strong interest in cybersecurity, has
driven him to dedicate close to two decades
of his life to this field.

Over the years, he has gained valuable

experience in various domains of
cybersecurity, including Penetration
Testing, Application Security
Engineering, Cloud Security
Engineering, and Governance,
Risk and Compliance (GRC).
He is proud to say that he has
contributed to the growth of the
industry, leaving a lasting impact
with his expertise and knowledge.

187
 About The Author

In his quest to help others succeed in cybersecurity, he created

ExcelMindCyber, a platform designed to provide comprehensive education
in this field. His flagship program, “The Ultimate Cybersecurity Program”
has already made a significant impact, helping many individuals realize
their potential and earn multiple six figures.

He is grateful for the opportunity to share his passion and knowledge

with others, and it brings him immense joy to see his students find success
and fulfillment in this field. His journey in cybersecurity has been a
rewarding one, and he is proud to be a part of this industry.He hopes to
continue making a difference in the lives of those who share his love for
cybersecurity, and is committed to helping them achieve their goals. This
is his story, and he is proud to tell it.

With a clear and accessible writing style, he provides a roadmap for

individuals looking to break into the field of cybersecurity, offering
practical advice and actionable tips that will help you succeed in your
journey. Whether you’re a student, a professional looking for a change,
or simply someone with an interest in cybersecurity, the author’s insights
and guidance will help you build the foundation you need for an exciting
and rewarding career.

188
The Cybersecurity Career Handbook

189