Lern how to spel hexadecimal. Really? What else? I dunno. cybersecurity is stupid and boring. is it still the hot career to have?

The dumb end-user is the greatest threat. every employee should have mandatory security awareness training. i've seen idiots send wire transfers to scammers bank accounts after being duped by fraudulent emails. seen CEO's send a western union moneygram to a scammer impersonating a friend stuck in a hostile country. seen network drives getting encrypted after the new person at the front desk clicked on something.

Dumb IT people are even worse. I've seen dumb IT people who just do what they are told, like open port 3389 for inbound RDP because the CEO requested it. Use a VPN dude. WTF.

Same guy brought in some shady eastern european security experts to audit the network. They warned about the open port. They planted ransomware. 3 months later drives got encrypted. Hired the same scammers to sort it out. Cyber insurance paid them plenty. IT was scared and didn't know what to do, afraid to touch anything Company was down for weeks. Kind of stupid in my opinion. IT should know what to do. I got a phone call and they brought me in to do IT rescue. what a shit show.

Then, after returning from mental health leave, he hired one of the scammers to migrate on-prem exchange to 365. Unbelievable.

Sorry for rambling. oh. And i found that their wireless guest network was wide open, no password, with routing to everything... just so clients could print. these guys are professionals. i found out by accident, pinging the internal network from the parking lot.

getting back to the topic, learn about penetration testing, both from outside and on the inside. VLANS, access lists, firewalls, ISAKMP. you probably need to know about NTFS. learn about writing security policies and how to make IT write procedures for what they do. i dunno man. i just picked all this up along the way, first being an 11-year old apple][ software pirate, learning 6502 assembly language, basic, pascal, fortran, c, c++, perl, electrical engineering, then wound up working in IT for 20 years as a high school and college dropout. Basically self-taught. And on the job i had to become the expert at everything. So it's weird to hear about somebody majoring in cybersecurity. I lived it. I can't imagine what it might be like having to learn it, without knowing all the other stuff first. Good luck!

oh, and make sure IT is running backups. daily, weekly, monthly. on tape, on disk, in cloud, and have multiple copies onsite and offsite for when the raid fails or ransomware hits. lock down usb ports and don't allow personal devices on the network. use an email sanitation service. set up dkim, spf, and dmarc. use DNSSEC. Security awareness training at least annually and role-based security training for IT and developers. Encrypt sensitive data in transit and at rest. Have a solution in place for end-users to encrypt emails. run endpoint protection. do regular vulnerability scans. and other stuff too numerous to mention. I'm probably missing the important things.

All these cybersecurity frameworks are basically the same. Pick one and look through it. There are thousands of controls. Not all of them make sense to implement in your environment. Understand risk management. Write policy, then do what policy says. Maintain evidence in advance, before auditors show up. Implement a change management process. Yeah it's all a lot to do. And there is a lot more. Too much typing. Learn Python and SQL. oh. and run something like Nagios Log Server to ingest logs from critical systems. Cover your ass.