Every Cybersecurity Question You've Asked Our Experts in 2024
ACI Learning - All Things Cybersecurity
Cybersecurity is a constantly evolving field, and staying ahead of trends, skills, and threats is a constant challenge. So far in 2024, ACI Learning's All Things Cybersecurity Webinars have provided viewers with the opportunity to ask their burning cybersecurity questions directly to our beloved edutainers, Daniel Lowrie and Sophie Goodwin, and regular rotation of guests who are legends in the field.
In this blog, we've compiled the most frequently asked questions from this year's webinars so far and provided our experts’ answers in a clear, concise format to help you navigate your cybersecurity career and education.
We’ve grouped the questions into categories like Getting Started in Cybersecurity, Certifications, Technical Skills, AI & Cybersecurity, and Soft Skills & Professional Development. Whether you’re just starting out or looking to level up your expertise, there’s something here for everyone. Each answer is accompanied by a link to the corresponding webinar for deeper insights.
Not seeing a question you want answered? You’ll get another chance on Sept. 5 when Jax Scott joins the show. Save your seat!
(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAANSURBVBhXY2BgYGAAAAAFAAGKM+MAAAAAAElFTkSuQmCC)
Getting Started in Cybersecurity
Do I really need to learn programming to work in IT?
Answer by Zach Hill:
No, programming is not a requirement for working in IT. However, it is beneficial to have a fundamental understanding of scripting languages such as Python, command-line, Bash, etc. This knowledge will help you troubleshoot problems and work more efficiently, even if you're not writing scripts from scratch.
What is the best way to get into the cybersecurity field without work experience?
Answer by Jacob Swinsinski:
The job market can be tough, but it's still possible to break into cybersecurity without direct work experience. Focus on getting certifications like Security+, building a GitHub portfolio to showcase projects, and demonstrating passion and enthusiasm during interviews. Networking is also crucial—building connections can help you land a job.
Where do I start as a complete beginner? Should I go for Security+ or CySA+?
Answer by Patrick Gorman:
For complete beginners, Security+ is the best place to start. It gives you a strong foundation and introduces you to the key concepts in cybersecurity. Once you have Security+, you can then consider going for more specialized certifications like CySA+, which is more focused on seasoned professionals and blue team roles.
Certifications & Career Paths
What certifications are mandatory or highly beneficial for getting a job in cybersecurity?
Answer by Zach Hill:
The Security+ certification from CompTIA is fundamental and often serves as a baseline for many entry-level cybersecurity positions. Additionally, TCM Security's Practical Junior Penetration Tester (PJPT) and Practical Network Penetration Tester (PNPT) are highly recommended for red team roles due to their hands-on, realistic approach.
Should I take PenTest+ or CEH as an entry-level pen testing certification?
Answer by Patrick Gorman:
I recommend PMPT (Practical Network Penetration Tester) over CEH or PenTest+. PMPT is much more hands-on and reflects real-world scenarios, whereas CEH can be too theoretical. Real-world experience is what will make you stand out.
What is the best path to become a penetration tester?
Answer by Patrick Gorman:
Start with TCM Academy's Practical Ethical Hacking Course (PEH). From there, you can branch out into web app testing or other areas that suit your learning style. Building labs, practicing with tools like Kali Linux, and getting hands-on experience with real-world scenarios is crucial.
Technical Skills
How important is PowerShell for sysadmins?
Answer by Sophie Goodwin:
PowerShell is critical for sysadmins. It is essentially the command-line interface for Windows and is necessary for automating tasks, troubleshooting, and managing systems. In recent years, PowerShell has even expanded into Linux, making it a versatile and essential tool for system administrators.
What’s your advice for setting up a home lab?
Answer by Jacob Swinsinski:
Start with VMware Workstation Pro and create a setup that includes a Windows Active Directory Domain Controller, a client machine, Kali Linux, and the Metasploit framework. This will give you a good foundation to practice your skills, from administration to penetration testing.
How can AI tools help improve report writing skills in cybersecurity?
Answer by Zach Hill & Daniel Lowrie:
Tools like ChatGPT and Grammarly can assist in improving grammar, phrasing, and the overall readability of your reports. However, it’s essential to learn how to document and write well independently. Use these tools as supplements to enhance your skills, but don't rely on them entirely.
AI & Cybersecurity
How is AI being used in cybersecurity, and what should beginners know?
Answer by Joe Helle & Daniel Lowrie:
AI is increasingly used by threat actors to access systems and gather sensitive data, including chat logs and history. AI-related security issues like LLM injections and misconfigurations are becoming more common, so it’s essential to focus on encryption and defensive operations to protect data both in transit and at rest.
What language models should cybersecurity analysts be familiar with?
Answer by Jacob Swinsinski:
As a cybersecurity analyst, learning how to effectively use OpenAI's GPT-4 for generating boilerplate code and practicing prompt engineering is increasingly important. Prompt engineering skills will allow you to maximize the potential of these AI tools.
Soft Skills & Professional Development****
How important are soft skills, like technical writing, in cybersecurity?
Answer by Joe Helle & Daniel Lowrie:
Soft skills, especially technical writing, are vital for cybersecurity professionals, particularly for pen testers and red teamers. Writing clear, professional reports is often more challenging for juniors than technical tasks. Many companies will invest in training if you show potential, but you should work on improving these skills independently by taking courses in technical writing.
What advice would you give to career transitioners with knowledge but limited professional experience?
Answer by Joe Helle & Daniel Lowrie:
Networking is crucial in cybersecurity. If you’re transitioning into the field, focus on building relationships with people in the industry. Volunteering for small projects or building a lab can also help demonstrate your skills. The more you can showcase your abilities, even without formal work experience, the better your chances of landing a job.
If you could go back to the beginning of your career, what would you do differently?
Answer by Patrick Gorman:
I would take my time to understand each topic thoroughly before moving on. Early in my career, I rushed through certifications and topics, which I now realize wasn’t the best approach. A deep understanding of concepts is more valuable in the long run.
Industry Trends & Future Insights
What are your thoughts on the future of mobile device security in pen testing?
Answer by John Strand:
Mobile device assessments are becoming more common but are often overlooked. Many organizations underestimate the attack surface of mobile devices. Testing environments for mobile devices can be time-consuming to set up but are essential for security. As more businesses adopt mobile solutions, this area will become more critical.
For more in-depth discussions, be sure to check out the full episodes of the ACI Learning All Things Cybersecurity Webinars, where these experts regularly share their knowledge and answer your burning questions. Stay curious, stay persistent, and continue to hone your skills—cybersecurity is a journey, not a destination.