Undoubtedly, cyber security is one of the most in demand fields in today’s labor market. Despite this, there are not enough qualified professionals to fill all the vacancies. If you happen to have a background in software development, systems administration or networking, you are essentially all set for making the leap into this fascinating field. But what about those who have no previous educational background in Information Technology, you may ask. Are they entirely excluded? Not necessarily! It all boils down to your willingness to put in the time and effort required to learn.

Cyber security is a field of many disciplines, each requiring a unique set of technical skills and knowledge. The three main subsets are Offensive Security (Red Team), Security Operations (Blue Team) and Digital Forensics & Incident Response.

Offensive Security is the practice of breaking into systems using techniques that resemble those of real world attackers. The goal is to find security vulnerabilities and report them before they are exploited by malicious entities.

Security Operations is essentially the opposite of Offensive Security, and thus, attempts to detect and prevent malicious activity. In addition to technological deterrents, user awareness and cyber security training play a key role in improving the capabilities of an organization to deal with cyber attacks.

Digital forensics and incident response, on the other hand, are about investigating and responding to breaches that have already occurred.

As you may guess, the Internet is filled with great resources free of charge, but the information is scattered. Attempting to piece all of it together at a very early level is not feasible and may quickly overwhelm you.

The SANS Institute is the most trusted source of industry standard cyber security training and certifications. One of their best selling courses, SEC504 – Hacker Tools, Techniques and Incident Handling, is a six-day course that lays a solid foundation upon which to build your cyber security career.

The field of incident response and digital investigations is the subject of the first day. It provides a great overview of the subject matter, and you will learn about important principles such as the chain of custody and the order of evidence volatility. You will dive into fascinating topics such a examining live computer systems as well as network and cloud-based endpoints. You will also gain a basic understanding of memory forensics and malware investigations. A great added bonus are the lab exercises focused on Linux and PowerShell commands.

The second day teaches students about pre-exploitation activities that are an essential part of any successful cyber attack. Open source intelligence is an important resource for threat actors who want to gain a better understanding of the target. However, it can be leveraged by defenders as well. DNS reconnaissance can provide valuable information about the DNS servers and records of a specific organization. In addition to these, threat actors want to understand the architecture of a target network. This is known as network mapping and is often done through host discovery and assessment.

Initial access through password attacks is a common method that threat actors use to gain a foothold on the network. Instead of trying to compromise a system through malware or living of the land binaries and scripts (LOLBAS), password attacks provide a more reliable means of bypassing defenses and evading detection. The course will introduce you to tools such as Hydra, John the Ripper, Hashcat and Netcat.

The fourth day is a deep dive into exploitation frameworks and web application attacks. Unpatched and outdated software are an attractive way for malicious entities to compromise a target host. The Metasploit Framework is a widely used attack tool for identifying and exploiting vulnerabilities. Attacks such as command injection, cross-site scripting, SQL injection and server-side request forgery will be discussed during the course. To balance the heavy emphasis on Offensive Security, the Defense Spotlight is reserved for the Windows System Resource Usage Monitor. This utility provides a wealth of diagnostics data for incident responders and forensic analysts, and as such, can be an invaluable source of evidence during an investigation.

After a successful attack, threat actors will typically engage in post-exploitation activities such as pivoting and lateral movement. Gaining initial access is hardly ever an end in itself. Instead, attackers will attempt to move from one host to another on the network to evade defenses, exfiltrate data and gain higher lever privileges. Malicious code can go through a process known as ghostwriting in order to trick traditional signature based anti malware tools. Moreover, you will gain insight into exquisite topics including persistence techniques, command and control, and stealth.

The course finishes with an exciting capture the flag event. The class is split into teams of three or four pupils who compete to win the sought-after SANS SEC504 challenge coin. Good team player skills, coordination and communication are required to win the event. It is definitely a fun-filled day that will help you to hammer in the techniques and concepts you have just learned.

This writer’s personal opinion is that SEC504 lays a solid foundation of the basic concepts of cyber security and provides students with a good overview of the field. Each student is provided the course materials in physical and electronic formats along with well crafted and brilliantly documented lab exercises. The lab environment is provided as a set of virtual machines. This essentially means that you get a lifetime access to the training grounds. SANS SEC504 is definitely worth it!

The GIAC Certified Incident Handler certification exam consists of a theoretical assessment and practical lab exercises. The exam format is open book meaning that you are free to bring with you the course materials as well as your personal notes. Please note though that you will not be permitted to bring any exam questions and answers along with you. The exam is made up of multiple choice questions and there is a strict time limit of 240 minutes. Do not let the exam format mislead you into thinking that the exam is easy. While it is true that you have all of the course materials at your disposal, the challenge you will face is the limited amount of time. Moreover, be prepared to allocate at the very least one hour for the lab exercises. They indeed take up a large chunk of time.

To get a high passing score, it is highly recommended that you spend time crafting a detailed index. During the exam you will need to find answers quickly. Without a good reference guide, you will end up wasting time unnecessarily. It hardly can be stressed enough, that you should take the certification exam seriously. This is because GIAC certifications are highly regarded in the cyber security industry, and many job offers require at least one of them.