Edit

CIAT Cybersecurity Club First Meeting

CIAT Cyber Security club

I have been in California Institute of Applied Technology and just got my Associate's Degree there. For the first time, CIAT just launched Cyber Security club, a student-led club that aims to establish the cyber security club to raise awareness of not only CTFs, but cybersecurity and technology careers as well. Their first meeting was held around January, and I have attended one of their meetings for the first time. This time, we only had 4 people show up at first, including one of our instructors teaching Security+ and other classes such as red teaming and penetration testing. Then we had 3 more, showing potential for this club.

Agenda

  • Speaker Series talking about different careers.

  • Online CTF meetups

Presentation notes

Overview

  • Cyber Career Paths

  • What is VAPT

  • Journey in VAPT

  • A day in the life as a pentester

  • Critical skills

Journey

  • Electronic Technician

  • Electrical Engineer - then commissioned as a Cryptology Officer

  • NSA Red Team

  • USCYBERCOM Mission Commander - ran hundreds of operations on various networks

  • Physical and Personnel Security

  • Operational Technology Networked System Logistical and Technical Support Manager

  • Vulnerability Assesssment and Penetration Testing Manager

A Day in the Life

  • Rules of Engagement - very important to consider. There are some things that the customer would not want pentesters to touch. This is also the time where the Team Lead and Customer comes into agreement on what pentesters are allowed to attack and what methods are allowed as well.

  • Passive (OS) Recon - gather OSINT from publicly available data.

  • Active Recon

  • Initial Access

  • Lateral Movement

  • Critical System Access

  • Written Report

  • Debrief

  • Pen Testing vs Red Teaming

Critical Skills

  • Programming and Scripting

    • Python and Go language are more popular

    • LLMs like Copilot and ChatGPT can generate code that could be useful for pentesting.

  • Network Operations, Devices, Protocols and Concepts

  • Security Operations, Devices, Strategies and Concepts

  • Pen Testing C2 Platforms

Certifications

  • Entry Level: Net+, Sec+, CEH, GCIH

  • Intermediate: OSCP, OSWA, GPEN, CRTO, GCPN, GWAPT

  • Advanced: OSCE, OSEE, GXPN, SEC670, SEC770

Thoughts

The meeting was held in Microsoft Teams, with one presenter usually taking over. One of the things that I miss a lot in joining student clubs is physical interaction, which I didn't have during this meeting. The instructor put up a PowerPoint slides detailing his journey into Cyber Security, from his days as an Electronic Technican to Vulnerability Assessment and Penetration Testing Manager. He also highlighted the importance of programming, scripting skills as well as fundamental IT concepts. One of the members stressed how important Linux knowledge is when breaking into this career field. Unfortunately, I was getting my car maintenance done so I attended the meeting in a pretty noisy area. Next meeting, I'll do my best to find a quieter spot so I can document this better.

PreviousI took the AZ-900 examNextHow I started using Linux

Last updated