What is the best way to learn Cybersecurity skills on-the-job?

I prioritize enhancing my cybersecurity skills by using vendor-provided resources. Such materials offer hands-on knowledge relevant to our tools, improving our security setup. By studying documentation and attending webinars, I stay on top of trends and anticipate tech shifts, vital for maintaining robust defenses. This proactive learning approach keeps my skills sharp in this rapidly evolving field.

The most effective approach to acquiring cybersecurity skills on the job depends on the individual's interests and their current job role. If their daily tasks do not involve incident management, threat hunting, or risk assessments, the opportunities for learning in this area are limited. In such cases, it is advisable to supplement with online courses and pursue relevant certifications. Organizations like ISC2, ISACA, GIAC, and SANS offer a wide range of cybersecurity courses, covering everything from fundamental to advanced topics, including governance, forensics, and penetration testing. Staying current is particularly crucial in cybersecurity, more so than in many other fields.

We all know that cyber security is a very vast field, as it concerns about the data used in all types of digital communications. Learning cybersecurity on the job is not an easy task but not impossible too. To me, right process would be to gather the knowledge about cyber security career tracks first. second, choose the right track. Obviously, right track would be the one that excites you. And finally, gather knowledge from free or open source mediums initially. After that, start to practice. Cybersecurity is a term, where you are nothing without practice. In addition, follow and find some good mentors if possible.

One thing I found helpful when stepping into the cybersecurity field was actively seeking out a mentor. This doesn't have to be a formal arrangement; it can start with a simple conversation with someone whose work you admire. I reached out to a senior colleague who had a knack for explaining complex security concepts in a way I could understand. She became an informal mentor, offering invaluable advice and feedback. Similarly, I found a peer who was also new to the field. We shared resources and challenges, and our joint learning curve was steep but enriching. Don't underestimate the power of community in your growth.

Mentorship is a cornerstone of mastering cybersecurity skills. A mentor provides guidance, shares real-world experiences, and offers personalised insights, accelerating your learning. Additionally, peer learning, collaborating with colleagues, fosters a dynamic learning environment, leading to creative problem-solving and deeper comprehension of complex concepts. Building a professional network at events and conferences provides opportunities for mentorship and peer learning, fostering a culture of continuous development critical in the ever-evolving field of cybersecurity.

Having a mentor or a buddy in cybersecurity is like having a trusty sidekick on your professional journey. They're the ones who've got your back, offering advice, cheering you on, and pushing you to be your best self. These mentors or peers aren't just there to guide you through the cyber jungle; they're also your go-to folks for bouncing ideas around, figuring out goals, and expanding your network. So, if you're dead set on rocking it in the cybersecurity world, my advice is to team up with a mentor or peer who can be your partner in crime on this awesome ride to success.

If you have the ability to set up a test or lab environment that is isolated from your production network then this is a great way to learn. Follow online training and at the same time use your lab to follow along. Many cloud providers offer trials so that you can follow their self-paced learning. Microsoft Azure allows you to sign up with a limited number of free credits to follow the Microsoft Learn training. This can be really useful to try out new technologies or to get started in the cloud

Within the context of the company we work for, there are many activities that can serve this purpose. An example could be activities related to the development and implementation of security policies. Working on a security policy, you learn how to identify and minimize risks, which is fundamental to cybersecurity. By creating a password policy, you learn the principles of creating strong passwords and managing them to protect against unauthorized access. Developing an access policy allows you to practically apply the principle of least privilege to limit the possibilities of security breaches. And a remote work policy will help you understand the security challenges outside the traditional office environment.

Nothing beats experiential learning. You can have an email signature a paragraph long but it won't matter if you can't practically apply your skillsets. I'd also argue that writing should be a foundational skill set for cybersecurity practitioners. It helps you learn the subject matter while forcing you to clarify your thoughts. The end result of this practice is your ability to create clear and concise bodies of work that can be delivered to a non-technical VP or C-Suite to action based on business objectives and goals.

Start from basics, CIA, attacks etc. Terminology in cyber security is the key, if you know the terms and meaning of the terms. half of the work is done. 2nd step is to make connections in your company with the IT department, by this one can know how the practical work is done.

Use the technology in your advantage, you have many paths to follow: Enroll in online courses (like Jornada Profissão Hacker). Use platforms like Hack The Box, TryHackMe, or OverTheWire to engage in hands-on labs and challenges. Get involved in open-source cybersecurity projects on platforms like GitHub.

Um dos principais pontos! Feedback é necessário para que possamos evoluir, seja do líder, do liderado… feedback é algo utilizado para construir a sua carreira!

Solicit feedback from peers, managers and mentors to identify areas for improvement. Use constructive criticism to refine your cybersecurity skills and enhance your performance. By actively staying updated with the latest trends, you can effectively develop your cybersecurity skills while working in the field.

Once you have reached a certain mastery in the field you chose to specialize in, you will still need to be up to date with the latest news and practices. Possible sources of news could be forums such as the r/cybersecurity sub on Reddit. Don't hesitate to take part to cybersecurity events for they are a great way to get hold of the latest practices and talk with other experts in your field !

When you are free or during lunch break, try to collaborate with colleagues from different departments to understand how cybersecurity integrates with various business functions. This approach will provide you with a holistic view of cybersecurity within the organizational context.

Here are some suggestions on how to keep learning in this field: - Subscribe to cybersecurity newsletters, - Follow and reach out cybersecurity professionals on Linkedin (you'll be amazed how many people are willing to have a quick coffee chat), - Ask your community which security conferences and events they have found valuable - Keep exploring and reading about new threats, challenges, and different technologies This industry is constantly evolving and cybersecurity professionals need to find repeatable ways to keep pace and contribute.

Knowledge not forwarded is lost take the knowledge you have learnt and : Make a course about it Write an article on LinkedIn or even make a YouTube video about it Believe me that nothing forces you to learn something more than teaching it

The best way to learn cybersecurity skills on the job can vary depending on the individual and the specific work environment. However, here are some suggestions that can generally be helpful: 1. Shadow experienced professionals 2. Participate in team projects 3. Seek mentorship 4. Continuous learning and training 5. Hands-on practice 6. Stay informed 7. Network with cybersecurity professionals Remember that cybersecurity is a continuous learning process, and building expertise takes time and effort. It is important to remain curious, proactive, and adaptable in order to succeed in this ever-changing field.

One example I can share is to identify security gaps in the organisation and research on what can be done improve the security posture. Propose a plan with clear outcomes which will give the trust that you are capable of implementing the change. Ideally implement in a test environment but can be negated if documented very well. Then do the job!!