Recently, I spoke at Islamic University of Technology about starting a career in Cyber Security. I must say that it was a truly remarkable experience for me. Thank you to the IUT CTF Club and IUT Computer Society for inviting me to speak on the topic of beginning a successful career in cybersecurity. It was a privilege to share my knowledge and experiences with a group so enthusiastic and involved.

During the talk, we discussed the most recent security trends and techniques, Enterprise Cyber Security, the role of CTFs, and the available career paths in this exciting field. I hope that everyone who attended the session found it to be informative and motivating, and I look forward to seeing many of you shaping the future of cybersecurity.

I would like to thank the IUT Computer Society and IUT CTF Club for providing me with the opportunity to introduce you to the wonderful world of Cyber Security. I am Navid Fazle Rabbi. I graduated in 2019 from IUT EEE at Islamic University of Technology. I am currently employed as

Biggest Data Breaches

• • Yahoo: Between 2013 and 2014, Yahoo suffered two massive data breaches that compromised 3 billion user accounts. The compromised information included email addresses, birth dates, and passwords that were encrypted.
• • Microsoft: In March of 2020, Microsoft disclosed a data breach affecting 250 million customer service records, including email addresses, IP addresses, and support case information.
• • Target: In 2013, the retail giant Target experienced a data breach affecting 110 million customers. Credit and debit card information, as well as personal data such as names, addresses, and phone numbers, were compromised.

Challenge in Current Security Space

In the current state of cyber security, organizations face a growing number of increasingly sophisticated and difficult to detect cyber threats. This is increasing the number of security alerts that organizations must manage, which can be overwhelming for security analysts. In addition to this difficulty, there is a shrinking pool of security analysts with the required skills and experience to manage the increasing volume of security alerts.

As cyber threats continue to evolve, security analysts must possess a broader set of skills and knowledge to effectively manage these threats. However, the availability of the necessary knowledge and skills is lagging behind the rate of change, resulting in a widening skills gap in the cyber security industry. The available time for analysts to investigate and respond to alerts is also diminishing, which exacerbates this gap.

Future Outlook of Cyber Security Market

The market outlook for cyber security is characterized by a number of noteworthy trends and statistics. First, there is expected to be a significant increase in spending on cyber security service providers, with a projected increase to $101.5 billion by 2025. This demonstrates a growing awareness of the significance of cyber security and the need for organizations to collaborate with specialized service providers to effectively manage cyber threats.

An annual increase of 15% is anticipated for the costs associated with cybercrime, which is another significant development. This demonstrates the increasing sophistication of cyber threats and the necessity for organizations to invest in robust cyber security measures to mitigate the risks associated with cybercrime.

In addition, a large proportion of small and medium-sized businesses (85%) plan to increase their IT security expenditures through 2023. Consequently, organizations of all sizes must invest in cyber security measures to protect their assets and sensitive data.

Globally, there is a severe shortage of qualified cybersecurity professionals, with an estimated 3.5 million open cybersecurity positions. This shortage is driving demand for cybersecurity training and education programs, as well as innovative solutions such as automation and artificial intelligence, in an effort to fill the skills gap.

Overall, these trends indicate that the cyber security market will continue to expand rapidly in the coming years, driven by the rising demand for cyber security services, the rising costs of cybercrime, and a growing understanding of the significance of cyber security in today's digital environment.

Security Job in Bangladesh

If you are a Security Engineer seeking employment in Bangladesh, you can find opportunities in a variety of industries, but the most common are telecommunications, fintech/financial services, and software/security firms. These industries handle sensitive data, necessitating precautions against cyber-attacks. In these industries, Security Engineers design, implement, and maintain security protocols to ensure the integrity and confidentiality of data.

Cybersecurity Teams

• Red Team/Offensive Security: This team is responsible for simulating attacks on the systems and networks of an organization in order to identify vulnerabilities and flaws. They employ a variety of techniques to attempt to circumvent security measures and provide feedback to the Blue Team.
• Blue Team/Defensive Security: This team is responsible for defending the systems and networks of an organization against cyber-attacks. They maintain and implement security measures, monitor systems for suspicious activity, and respond to security incidents.
• Purple Team: This team combines the Red and Blue Teams, working together to identify security flaws and improve an organization's overall security posture.
• Threat Intelligence: This team is responsible for gathering and analyzing information regarding a company's potential cyber threats. They use this information to identify and mitigate security risks proactively.
• DFIR (Digital Forensics and Incident Response): This team is responsible for investigating security incidents and breaches, collecting and analyzing digital evidence, and responding promptly and effectively to security incidents.

Each team plays a crucial role in identifying and mitigating cyber threats, and these teams collaborate to provide a comprehensive approach to cyber security.

Capture the Flag (CTF)

Capture the Flag (CTF) is a popular cybersecurity competition in which participants are tasked with locating and exploiting vulnerabilities in a simulated computer system or network. In a CTF competition, individuals or teams compete to solve a series of cybersecurity-related challenges, such as locating hidden flags or resolving complex puzzles. Participants must utilize their skills in hacking, coding, and cryptography to locate and retrieve flags that are hidden within a system or network as files, text strings, or images. The ultimate objective of a CTF competition is to demonstrate a high level of cybersecurity skill and knowledge and to learn new techniques and strategies for identifying and mitigating security threats. CTF competitions can be held at various levels, ranging from local college events to international competitions, and are frequently used as a training tool for cybersecurity professionals or a method for identifying and recruiting new talent.

Mapping CTF Topics to Teams

Note that some topics are applicable to multiple teams, but the above mapping is designed to highlight the most pertinent topics for each team. Note that this is not an exhaustive list of all topics that may be relevant to each team, but rather a selection of topics that are typically associated with each team's responsibilities.

Use vs Build

For specific tasks, cybersecurity professionals have the option of utilizing existing tools or developing their own custom tools. Using existing tools can be quicker and more convenient, particularly for common tasks such as vulnerability scanning and password cracking. However, pre-built tools may not always meet an organization's unique requirements or be effective against the most recent threats.

The ability to create custom tools enables cybersecurity professionals to tailor their tools to their specific needs and requirements, resulting in a potentially more effective solution. Building tools, however, can be time-consuming and requires specialized programming and software development skills. Ultimately, the decision between utilizing existing tools and developing custom tools depends on the unique requirements and available resources of each organization or individual.

Tool development can be a valuable learning experience for cybersecurity professionals, as it requires an in-depth understanding of the underlying technologies and can aid in the development of valuable programming and software development skills. While developing tools can be time-consuming and requires specialized knowledge, it can ultimately result in a more effective solution and enable cybersecurity professionals to stay ahead of emerging threats.

Place to Start (Basics)

You should focus on operating systems, networks, and programming languages if you're interested in beginning to study cybersecurity. Here are some initial steps you can take:

• • Familiarize yourself with operating systems: A solid understanding of operating systems, particularly Linux and Windows, is one of the most crucial abilities for cybersecurity professionals. Learn the fundamental features and functions of these operating systems, as well as how to navigate and utilize the command line interface.
• • Learn about networking: Networking is another crucial aspect of cybersecurity, as many attacks target network infrastructure vulnerabilities. Learn the fundamentals of TCP/IP and networking protocols before moving on to more advanced topics such as network scanning and penetration testing.
• • Choose a programming language: Numerous security tools and techniques require a solid understanding of code, making programming a crucial skill in cybersecurity. Select a programming language, such as Python or Java, and begin learning the fundamentals. Many cybersecurity professionals automate tasks using scripting languages such as Bash or PowerShell.