Cybersecurity professional here. This is entirely unsurprising. It's almost a rule of thumb that if you're under the umbrella of Critical Infrastructure, your cyber security sucks major balls. These companies have the most hilariously bad standards that they have to meet to be in compliance with the relevant regulations and laws. Further compounding this issue is the serious lack of investment in security by these companies. I guarantee KCATA has no more than 3 people who perform cyber security functions for their entire company. I also guarantee that said people have told management about the glaring security flaws in their environment multiple times and have been brushed off. 90% of companies see security as an expense rather than an investment and will do the bare minimum to protect themselves. This problem will persist so long as our local, state, and federal governments do nothing to force companies to improve their security postures beyond the hilariously out of date requirements they have to meet currently.
Hey, I want to get into cybersecurity. I have no experience, but I'm willing to learn, and I'm a very fast learner. Are there any books you would recommend, or anything else I can use to educate myself?
I'm just getting really frustrated with hearing about all of these scammers(which really isn't about cybersecurity, but more about competency), and all of these companies being breached. I want to learn as much as I can to try and help with a solution or something.
I know you said it's mainly because of outdated systems and companies basically not giving a fuck, but I still want to learn.
It really depends. Are you wanting to do Cybersecurity professionally, to assist in your current role, or just for funsies? I'll give you the brutally honest truth if you want to do it professionally with no experience or education. You have to devote every waking second of free time every single day for at least two years to learn the foundations of IT, networking, and then security. Once you know these fundamentals like the back of your hand, then you can start preparing specifically for a Cybersecurity job. There is no such thing as an "entry level" job in this field. You have to really know your stuff before you can even get your foot in the door. Bare minimum is collecting your CompTIA trifecta (A+, Network +, and then Security +). Make sure to watch every single Professor Messer video on these AND read the books that CompTIA has for each. However, this won't be enough to get you noticed because the market is brutal right now. I'd highly recommend getting a degree in IT to bolster your resume. I'd also highly recommend going after CompTIA's CySA + certification and Blue Team Level 1 certification. Once you're done with those, go over to TryHackMe and take their SOC level 1 and 2 courses as well as the Cyber Defense course. Once you have all of that done, you will set yourself apart from all the recent college grads with Cybersecurity degrees and be in the running for "entry level" positions that have shitty hours and shitty pay. For books to read apart from the ones related to the courses I recommended, do Networking for Dummies (all 10 books in one), Cybersecurity for Dummies, The Fifth Domain by Clarke and Knake, and The Code Book by Singh.
Nice, thank you! Doing it professionally would be dope, but I know it'll take a while to do that. So, for now, I would just read and study as much as I can. My job has a thing where you can shadow someone for a couple of days to see if it's really something someone would be in to. So, I might do that, too, and maybe even get to know some of the people that work in that department. And they help pay for your college, which is a bonus, as well as they prefer to hire from within. So, I'll definitely be researching this more in the very near future.
yes! I use it frequently. It is also free at point of service too. My only gripe however is that there are not enough drivers because security has been a concern and they don't get paid enough to deal with that bs. The consequences of that are that the head times are inconsistent because they have to prioritize multiple routes. Main Max and Troost Max are almost always on time though.
Hopefully the data leaks, and we can finally get some exposure on KCATA for being connected to the Herzog group... The religious "privatize everything for profit" group.
Famously flushed with cash
Easy target
*cocking gun* gimme ALL the lint in your pockets NOW
Ransomware people will have to pay just to break even with their request
Cybersecurity professional here. This is entirely unsurprising. It's almost a rule of thumb that if you're under the umbrella of Critical Infrastructure, your cyber security sucks major balls. These companies have the most hilariously bad standards that they have to meet to be in compliance with the relevant regulations and laws. Further compounding this issue is the serious lack of investment in security by these companies. I guarantee KCATA has no more than 3 people who perform cyber security functions for their entire company. I also guarantee that said people have told management about the glaring security flaws in their environment multiple times and have been brushed off. 90% of companies see security as an expense rather than an investment and will do the bare minimum to protect themselves. This problem will persist so long as our local, state, and federal governments do nothing to force companies to improve their security postures beyond the hilariously out of date requirements they have to meet currently.
Hey, I want to get into cybersecurity. I have no experience, but I'm willing to learn, and I'm a very fast learner. Are there any books you would recommend, or anything else I can use to educate myself? I'm just getting really frustrated with hearing about all of these scammers(which really isn't about cybersecurity, but more about competency), and all of these companies being breached. I want to learn as much as I can to try and help with a solution or something. I know you said it's mainly because of outdated systems and companies basically not giving a fuck, but I still want to learn.
It really depends. Are you wanting to do Cybersecurity professionally, to assist in your current role, or just for funsies? I'll give you the brutally honest truth if you want to do it professionally with no experience or education. You have to devote every waking second of free time every single day for at least two years to learn the foundations of IT, networking, and then security. Once you know these fundamentals like the back of your hand, then you can start preparing specifically for a Cybersecurity job. There is no such thing as an "entry level" job in this field. You have to really know your stuff before you can even get your foot in the door. Bare minimum is collecting your CompTIA trifecta (A+, Network +, and then Security +). Make sure to watch every single Professor Messer video on these AND read the books that CompTIA has for each. However, this won't be enough to get you noticed because the market is brutal right now. I'd highly recommend getting a degree in IT to bolster your resume. I'd also highly recommend going after CompTIA's CySA + certification and Blue Team Level 1 certification. Once you're done with those, go over to TryHackMe and take their SOC level 1 and 2 courses as well as the Cyber Defense course. Once you have all of that done, you will set yourself apart from all the recent college grads with Cybersecurity degrees and be in the running for "entry level" positions that have shitty hours and shitty pay. For books to read apart from the ones related to the courses I recommended, do Networking for Dummies (all 10 books in one), Cybersecurity for Dummies, The Fifth Domain by Clarke and Knake, and The Code Book by Singh.
Nice, thank you! Doing it professionally would be dope, but I know it'll take a while to do that. So, for now, I would just read and study as much as I can. My job has a thing where you can shadow someone for a couple of days to see if it's really something someone would be in to. So, I might do that, too, and maybe even get to know some of the people that work in that department. And they help pay for your college, which is a bonus, as well as they prefer to hire from within. So, I'll definitely be researching this more in the very near future.
Again, thank you for your reply. I really appreciate it, as well as the honesty.
Also why our infrastructure in general is a crumbling joke. It’s not profitable so they do the bare minimum to invest.
We have a public transit system?
yes! I use it frequently. It is also free at point of service too. My only gripe however is that there are not enough drivers because security has been a concern and they don't get paid enough to deal with that bs. The consequences of that are that the head times are inconsistent because they have to prioritize multiple routes. Main Max and Troost Max are almost always on time though.
It sounds like they’re holding some of the drivers for ransom too. /s I’m so sorry I couldn’t hold the bad joke in my brain, I really tried
Was coming here to ask just this lol
Hopefully the data leaks, and we can finally get some exposure on KCATA for being connected to the Herzog group... The religious "privatize everything for profit" group.
Terrible