February 29, 2024
JOURNEY INTO CYBERSECURITY

Nathan Hicks has been on his Journey into Cybersecurity for a while now. It started with an innate curiosity from a young age that developed into critical thinking and compassion in his military and post-Air Force years in IT and security operations. Nathan is now a team leader and expert in threat operations, an ever-evolving aspect of security operations. Nathan exemplifies the selfless leadership he learned from his parents, his teachers and his peers in cybersecurity. He offered to be on our podcast and support Antonio on his journey as he embarks on his career. Nate is the reason why we will only get stronger and better. He’s the reason why we developed this podcast: to support our community and win the good fight. 

Recommendations from Nate

  • Work on your 3C’s: genuine curiosity, compassion, and critical thinking. If you demonstrate these, people will want to invest in you.
  • Work on yourself.
  • Fail hard, fail fast, fail often. You cannot learn without failing.
  • Query language is an important skill when working in security operations.
  • Scripting to some degree is also needed to be in that kind of role.
  • Networking, networking, networking. Even if it makes you uncomfortable, the more people you meet, the more you show interest, the more likely someone will pick you over someone else.
  • A diversity in skillset and perspectives is a value to a team in security operations and incident response.
  • Security is a team sport! You can’t know and do it all alone.
  • Managed security services keep evolving. Keep learning.
  • Security is never a one size fits all type of thing. Being able to add advisory services will be important.
  • In threat intelligence, context is king.
  • Caldera and Atomic Red Team are testing tools for purple teams.
  • Collaboration between blue and red teams ensures continued learning growth on both sides.
  • Developing SecOps skills may not result from reading books or lectures in school. Home labs may increase the learning. Live interaction with various programs and tools will stick better than just reading and listening.  Learn the basics first though!
  • Honey pots or tokens can be used as a deception and early detection system within the security in depth strategy.
  • Humans are better at catching humans, so use AI wisely. AI is not a silver bullet.
  • AI can be used for creating efficiencies for now. Ultimately, AI will always have to be overseen and managed by humans (with good morals and ethics).
  • Bad actors may use AI for phishing, fuzzing and DDOS attacks (do more faster).
  • Update your privacy settings on all social media sites you’re active on.
  • Don’t post PII on social media. E.g. don’t post your birthday. Bad actors will use that information to gain access to systems you have access to.
  • Think about how you think about things. Do you have any bias?
  • If people tell you that you can’t do something, don’t listen to them!
  • Give back to your community. It’s an important reason to be in cybersecurity.
  • Embrace your mentors and be a mentor.

References

Cathy Olieslaeger

View all posts