New to the IT Security Industry? Here’s What You Need to Know

Steve PiperOn Our Minds

Anytime you join a new IT industry, there’s always a learning curve. But many, if not most, would agree that the IT industry segment with the steepest learning curve is cybersecurity.

There are dozens of likely unfamiliar vocabulary terms and acronyms, such as (just scratching the surface):

  • Vulnerabilities, patches, and exploits
  • CVE & CVSS
  • Threat signatures & indicators of compromise (IoCs)
  • Two-factor & multi-factor authentication (2FA/MFA)
  • BYOD, ShadowIT, IoT, OT
  • Zero Day Vulnerabilities & Exploits
  • Zero Trust
  • Perimeter & DMZ

There are five different types of threat actors you should understand, including:

  • Cybercriminals / financially motivated threat actors
  • Nation state threat actors
  • Hacktivists
  • Insider threats
  • Hobbyists

There are dozens of types of cyberthreats in the wild, including:

  • Viruses, worms & malware
  • Trojans
  • Phishing & spear-phishing attacks
  • Drive-by downloads
  • Watering-hole attacks
  • Bots & botnets
  • Distributed denial of service (DDoS) attacks
  • Ransomware
  • Web application attacks
  • Zero-day attacks
  • Advanced persistent threats (APTs)

Once you’ve been in the security industry for a while, you’re humbled to realize there are dozens and dozens of security product (and service) categories across the following high-level categories:

  • Network security
  • Endpoint security
  • Datacenter security
  • Virtualization and cloud security
  • Security management and operations
  • Identity and access management

There are IT security frameworks you should get to know, including:

  • CIS Critical Security Controls (CSCs)
  • NIST Special Publication (SP) 800-53
  • ISO 27001
  • COBIT

There are regulatory compliance standards your customers must meeting, including:

  • PCI DSS
  • HIPAA
  • FISMA
  • NERC
  • EU GDPR

And there’s a bunch of “miscellaneous” stuff you need to know, including:

  • Major and regional IT security trade shows and conferences
  • Typical IT security job roles
  • Common IT security professional certifications
  • Popular IT security trade publications
  • Strategies for targeting IT security buyers

Wouldn’t it be great if there was a one-day “crash course” on the IT security industry? And would it be great if it was a non-technical class intended for tech vendor marketing and sales personnel? Well, you’re in luck. There is! It’s called Security Industry Boot Camp and it’s taught by CyberEdge’s Founder & CEO, Steve Piper. It’s hosted annually on the Monday of RSA Conference week in San Francisco and periodically on-site for CyberEdge clients with 10 or more attendees. To learn more, check out our website at https://securitybootcamp.net/ or drop us a line at info@cyber-edge.com.

Share this Post