So You Want to Get Started in Cybersecurity...

Several years ago, I penned a blog post about embarking on a journey into the world of cybersecurity. It's been quite a ride since then, and now I'm thrilled to bring you an updated guide on how to kickstart your cybersecurity career. The best part? You don't need a cybersecurity degree to enter this exciting field. Let's dive in!

Degrees Aren't Everything

Many aspiring cybersecurity professionals wonder if they need a specific cybersecurity degree to land their dream job. The good news is that you don't necessarily need one! While a cybersecurity degree can be advantageous, degrees in related fields such as computer science, information technology, or data science can serve as excellent foundations. Employers value the technical and problem-solving skills that these degrees provide.

Getting Started with Free Resources

Cybrary.it: Your Cybersecurity Training Hub

Cybrary.it is a goldmine of free cybersecurity resources. They offer a wide range of courses, from beginner to advanced levels, covering topics like ethical hacking, network security, and more. With hands-on labs and expert instructors, it's an excellent platform to build your skills.

Khan Academy: Foundational Knowledge

If you're looking to strengthen your mathematics and computer science fundamentals, Khan Academy is the perfect place. Brush up on your algebra, calculus, and programming skills, which are essential for understanding cybersecurity concepts.

Coursera: University-Quality Courses

Coursera offers free courses from top universities worldwide. You can find cybersecurity-related courses here as well. While some come with a fee for certification, auditing the courses allows you to access the content for free.

Practical Experience is Key

The cybersecurity field places a strong emphasis on practical experience. Therefore, in addition to theoretical knowledge, consider participating in Capture The Flag (CTF) challenges and setting up your own lab environment to practice your skills.

Remember that cybersecurity is a vast field, so don't rush. Take your time to explore different areas, such as network security, penetration testing, incident response, and more. Find what sparks your interest, and specialize accordingly.

As you venture further into the world of cybersecurity, I also want to introduce you to my cybersecurity books, which are available for free with a subscription to LeanPub. They delve into various aspects of cybersecurity, offering valuable insights and practical tips to help you navigate this dynamic field. Here are my books:

• "Cybersecurity Rules to Live By": An introductory guide to fundamental cybersecurity principles that every professional should know.
• "Death by Identity Theft": Uncover the secrets of identity theft and learn how to protect yourself and others from this pervasive threat.
• "Hacking of the Free": A guide to digital threats to our elections.

Embarking on a career in cybersecurity doesn't require a specific degree. With determination, the right resources, and practical experience, you can build a successful career in this dynamic and rewarding field. Remember to continuously update your knowledge and stay curious, as cybersecurity is ever-evolving.

Taking the Next Step - Your First Cybersecurity Job

Now that you've set your sights on a career in cybersecurity and equipped yourself with valuable knowledge, the next step is landing your first job. A great starting point for many newcomers to the field is a Helpdesk Technician role, which can serve as a launchpad for your cybersecurity journey. Let's explore how to find such a position and some useful resources to aid you in your quest.

1. Build a Strong Resume and Cover Letter

Before you start applying for jobs, ensure your resume highlights your relevant skills and certifications. Emphasize any coursework, projects, or personal initiatives related to cybersecurity, even if they weren't part of a formal job. Craft a compelling cover letter that expresses your passion for the field and your eagerness to learn and grow in a Helpdesk Technician role.

2. Leverage Job Search Websites

Several job search websites cater to entry-level IT positions, including Helpdesk Technician roles. Here are some popular ones:

Indeed (indeed.com): One of the largest job search engines with a wide range of IT job listings.

LinkedIn (linkedin.com/jobs): An excellent platform for job hunting, networking, and researching potential employers.

Dice (dice.com): Specializes in technology and IT job listings, making it a valuable resource for those entering the cybersecurity field.

Glassdoor (glassdoor.com): Offers job listings, company reviews, and salary information.

3. Explore Company Websites

Many organizations post job openings directly on their websites. Identify companies in your area or those you are interested in working for, and regularly check their careers pages for job postings.

4. Network, Network, Network

Networking is a powerful tool in job hunting. Attend local cybersecurity meetups, conferences, and webinars to connect with professionals in the field. Join online forums and groups related to cybersecurity on platforms like Reddit, LinkedIn, and Twitter. Engage in conversations, ask questions, and seek advice. Sometimes, job opportunities are shared directly within these communities.

5. Consider Internships and Entry-Level Positions

While you may have your sights set on a Helpdesk Technician role as your first job in cybersecurity, don't disregard internship opportunities or other entry-level positions, such as IT support or junior sysadmin roles. These can be stepping stones to the role you ultimately desire and provide valuable experience.

6. Tailor Your Applications

Customize your applications for each job you apply to. Highlight relevant skills and experience based on the specific requirements of the job posting. Mention any certifications or coursework that demonstrate your commitment to cybersecurity.

7. Prepare for Interviews

Once you start receiving interview invitations, prepare diligently. Research common interview questions for Helpdesk Technician roles and practice your responses. Showcase your problem-solving skills, technical knowledge, and willingness to learn during interviews.

8. Be Persistent and Patient

Job hunting can be challenging, especially when you're entering a competitive field like cybersecurity. Rejection is a part of the process, so don't be discouraged by setbacks. Keep refining your skills, expanding your network, and applying for relevant positions.

Useful Websites for Job Search

To make your job search easier, here are some websites where you can find Helpdesk Technician and entry-level IT positions:

Indeed: A comprehensive job search engine with a vast number of IT job listings.

LinkedIn Jobs: Leverage your professional network to discover job opportunities.

Dice: Focuses on tech and IT job listings, including entry-level positions.

Glassdoor: Provides job listings, company reviews, and salary information.

CareerBuilder: Offers a wide range of job listings, including IT roles.

Remember, landing your first job in cybersecurity may take time, but with persistence, continuous learning, and the right resources, you'll be well on your way to building a successful career in this dynamic and rewarding field.

Some Closing Thoughts

Cybersecurity can be a very rewarding career, but don't spend too much time staring at the computer screen and not enough time outside in the real world. Cybersecurity naturally attracts introverts, and believe it or not I am naturally one of them. The only way I've succeeded and advanced my career in cybersecurity has been by breaking outside of my comfort zone and actually talking with people. It has taken me years to build up the social skills I need to truly succeed. Strike up a conversation, push your own boundaries. And most importantly, don't forget to stop and enjoy life outside of the computer world once in a while.

I wish you the best with your cybersecurity career, and hope that you'll make an excellent addition to our much-needed workforce!

Ken is a cybersecurity professional with over 15 years experience. All opinions are his own, and do not reflect those of his employer or clients.

Giving away my cyber security books to empower the next generation of professionals

The cyber security industry is struggling with a severe lack of talent right now, and even though this is one of the most exciting fields to start a career, many people are encountering barriers in gaining the initial knowledge, or trying to figure out if cyber security is right for them.

So effective immediately, I'm giving away all three of my cyber security books with any LeanPub Reader Membership.

Three great books, one low price. This bundle includes...

• "Death by Identity Theft", a guide to protecting you and your family against identity theft;
• "Hacking of the Free", a guide to digital threats to our elections
• "Cyber Security: Rules to Live By", an introductory primer to cyber security concepts

As a cyber security professional with over fifteen years experience, I couldn't be happier than LeanPub has enabled this opportunity for its authors and readers. Authors are still compensated for their work, and the number of books available to readers at an extremely low price point exponentially increases as more authors join the cause.

This is an exciting time for the cyber security industry and tech industry as a whole. LeanPub is helping break down barriers of entry for technology careers, and the timing of this shift is perfect. With LeanPub, we can truly help empower the next generation of cyber security professionals.

Ken is a Cyber Security professional with over 15 years of experience.  All opinions are his own, and do not reflect the opinions of his employer or clients.

Before Photoshop: 1960s CIA Computerized Photo Processing

 

In the 1960s, computers were typically large, bulky machines used for the processing of text data or mathematical equations. Processing was typically performed using punchcards, or if you're really lucky, a terminal with a monochrome display. A pocket calculator typically contains more computing power than a 1960's computer, and a smartphone contains more computing power than the average 1960's data center.

It came to me as quite a surprise then, when I found documentation for a 1960's CIA computer system designed to process aerial photographs.

It's no secret that for decades the CIA has relied on aerial photography to collect foreign intelligence essential to our armed forces. However, the computerized capabilities which the CIA had available are absolutely remarkable.

According to declassified documents from the CIA's Freedom of Information Act Reading Room, the CIA possessed at least one computer in the 1960's capable of performing automated analysis of photography, including edge analysis and auto correlation. This computer would not only record to magnetic tape and print out analyzed versions of the photos, but even send the photo to a plotter for basically on-the-fly printing of a basic map/sketch of the photo.

One of the main goals of this system development was Automatic Target Recognition. For example, identifying the location of enemy aircraft in a photo, and automatically flagging the photo as containing aircraft.

If the CIA had this sort of technology in the 1960's, just imagine what their computer systems are able to do today.

This article is part of a series relating to my upcoming book Spy Machines, which explores technology used by the early CIA and other members of the intelligence community.

Ohio Unemployment Data Breach Victims - Claim Your FREE Copy of My Book "Death by Identity Theft"

In response to the news that the Ohio Department of Jobs and Family Services has suffered a data breach relating to their unemployment system, I'm giving away copies of my book "Death by Identity Theft" for the next 30 days.

Hacking of the Free - Learn the secret techniques used to influence YOUR vote in the 21st Century

After what seemed like an eternity, I'm happy to announce that my latest book, Hacking of the Free, is now available for purchase.

The Internet age has ushered a new type of warfare - digital warfare. This isn't just warfare among "hackers" gaining unauthorized access to computer systems, but a war to influence public opinion through data analytics, propaganda and "fake news". Waging a war against the minds of the people isn't a new strategy, but the Internet age has ushered in the ability to rapidly produce simultaneous attacks against democracy and free elections.

This book explores the digital threats our democracy faces in the 21st century, and how to guard against those threats.

This book will normally sell for $16.99, but I'm offering a launch special with an extremely low price. This price is so low, I can't even list it here, and will only be available until June 5, 2020.

To purchase, CLICK HERE to get access to this launch special, before it's gone!

Why I Regret Not Buying "Rich Dad Poor Dad" 20 Years Ago

Please note this post contains paid affiliate links. By using these links to purchase a book or other product, you're supporting my blog. Thank you!

Recently I started listening to "Rich Dad's Guide to Investing" on Audible.

It's a follow-up to Robert Kiyosaki's "Rich Dad Poor Dad" book.
If you've never read the book, I highly recommend it.

When I was younger, I spent all my time reading computer programming books and books on computer security. I went to college and learned computer programming, just like my parents always wanted.

Looking back, I truly do regret not picking up personal financial books such as this one. Memory is a funny thing - I remember seeing the original Rich Dad Poor Dad book in the local book store on a very large display when it first came out. I looked at the book for a moment, shrugged my shoulders because it wasn't a computer book, and proceeded to head to the computer book section. I've always been told that computers are my future, because that's what I'm good at and what I enjoy.

If I could go back in time, I'd certainly yell at myself for bypassing that opportunity. It wasn't until about 15 years later that I finally obtained a copy when I realized I'm never going to be able to retire, even with a 401(k). I realized that I have to do more, now, and stop leaving my future in the hands of others.

This book really did open my eyes to a lot of things. Most importantly, it helped me realize that I needed to start investing my money into investment vehicles I control, instead of simply putting my money in the stock market and hoping I chose the right bet, just like at a roulette wheel.

This April will mark one year since purchasing my first investment property. There have been times I've screamed at the sky because of unexpected rental issues, like the water main shattering into a thousand pieces, or almost going through the floor of the rental due to water damage I couldn't see.

But, after the frustration passes, I've fixed the problems. And I keep pushing forward.

I hope to pick up a second investment property this year. Then another the following. And so on.

All of this to build my future, one property at a time.

Think of where I could be today if I would have picked up this book 20 years ago when it first came out.

Iowa Caucus - Are our elections secure enough?

Quite often, the appearance of a problem can be much worse than an actual problem.

The Democratic party is still licking their wounds after reporting inconsistencies as well as clogged phone lines causing reporting delays resulted in many questioning the validity of the Iowa Democratic Caucus for the 2020 Presidential primaries.

But first, how does a caucus work? Time has an excellent write-up of how the Iowa Democratic caucus was supposed to work this year. In a nutshell, the caucus works by having people physically move to different parts of a room based upon which candidate they support. If their candidate it determined to be a "viable candidate" (typically around 15% of those present), their vote is "locked in" and they're free to leave. Everyone who voted for a non-viable candidate must then choose to locate themselves for a viable one, or convince enough other non-viable candidate supporters to pick a non-viable candidate and make them viable. These numbers then get tallied and sent to a central reporting location, which releases the official caucus results.

So what happened? Long story short, the new mobile app which the Iowa caucus used for centralized reporting was plagued by multiple technical problems. But to make matters worse, the app was found after-the-fact to have multiple security vulnerabilities, including the lack of HTTPS encryption when transmitting caucus results as well as reports that the app would display error messages including SQL code, possibly paving the way for further vulnerabilities to be discovered.

To make matters much worse, manual reporting over the phone was then severely delayed by an organized "denial of service" attack of sorts - Internet trolls clogged the caucus phone lines to prevent reporting of results. This further delay of course resulted in many theories that the caucus had actually been hacked, though the Iowa Democratic Party has insisted the system was secure and only suffered from software glitches and clogged phone lines.

Unfortunately, the damage has been done. There are now many who believe nationwide, just like they believed in 2016, that the Democratic primaries are rigged and the party has already chosen the winner. The result? Voter disenfranchisement may result in lower voter turnout, which could prove disastrous at Federal, State, and local levels for the Democratic Party.

Ken is currently writing a book on election security and digital threats to democracy in the 21st Century. You can read more about his book at LeanPub.

All views expressed in this post are my own. This post does not reflect the opinions or views of my employer or clients.

Brushing off the Dust

It's been at least three years since I updated my personal website. With a lot of recent interest in my writing between LeanPub interviewing me about my upcoming book Hacking of the Free, or Frederick News Post's article on my satirical antics making fun of Frederick County's balloon release ban, I figured it was time to brush off the dust.

I'm consolidating my blog activities, and brushing the dust off some of the projects I put on hold at Caffeine Security.

So what am I up to these days? Well, I'm when I'm not writing my books or working on building a radio telescope, I've been revisiting my photography, as well as trying to help grow the economy of Hagerstown and Washington County.

What should you expect on this revised blog? Well, I'm planning on dipping back into my roots and talk about cyber security, especially as it applies to today's events. But I'm also going to talk more about life, more about my community, and more about everything really.

What a wild and crazy trip it's been so far, and how much more there is in store!