How to Choose Your Cybersecurity Path
Factors to Consider When Choosing Between Blue Team and Red Team Roles
As we discussed in our previous post, cybersecurity is a broad field with many sub-fields, and choosing between Blue team and Red team roles is not always a straightforward decision.
Both Blue and Red teams play crucial roles in securing a company's resources and ensuring its defenses are effective.
We’ll go over 2 key factors, followed by some resources and tools available to help with this process.
Technical Aptitude and Interests
One of the key factors to consider when deciding between Blue team and Red team roles is your technical aptitude and interests.
Blue team roles typically require a solid understanding of networking and security fundamentals, as well as experience with security tools and technologies. This could be familiarity with routing/switching, protocols, packet captures, SIEM technology, and OS security.
On the other hand, Red team roles require strong technical skills in areas such as penetration testing, and looking for vulnerabilities.
If you enjoy network analysis, scripting, and problem-solving, you may be better suited for Blue team roles. If you enjoy breaking down systems and meticulously searching for vulnerabilities, Red team roles may be a good fit for you.
Industry Demand
Another factor to consider is the current and projected demand for each role within the industry.
The demand for cybersecurity professionals continues to grow at a rapid pace, with estimates showing a projected 35% growth over the next 10 years. Either path you decide to go within Cybersecurity is a pretty safe bet.
There could be more demand for Blue team roles due to the increasing number of security breaches and the need for companies to protect their resources. This is not as cut and dry but generally speaking, most companies tend to hire a Blue Team first and then a Red Team.
I would recommend looking at a roadmap or overview of the field and then zoom into a role that piques your interest.
Now let’s cover some resources to get to skill building.
Resources And Tools To Help
CTFs
There are plenty of CTF’s (Capture The Flag) out there to choose from. But I’m just going to talk about two here.
OverTheWire involves a series of increasingly challenging scenarios, with help resources. Most of the challenges are CLI focused. I like this platform for hammering in muscle memory when it comes to the command line.
TryHackMe is another platform and is very popular. It consists of rooms and learning paths that gradually introduce users to different cybersecurity concepts and challenges. This is a strength of the platform because it can meet a user where they’re at and help build them up over time.
Learning Platforms
A lot of the times when it comes to courses or self-paced learning, we don’t know where to start.
There are also many learning platforms, MOOCs, and skill building platforms out there. But I’m just going to talk about two.
Coursera
This platform has tons of options for courses including those around Engineering and Cybersecurity. It gives you the option to “audit” the course, where you can take it for free.
One aspect that distinguishes Coursera a bit is that their coursework comes from universities and colleges. Therefore, it has more of an academic approach to it.
Udemy
This platform consists of many courses made by individual instructors and creators, often by current practitioners.
This is where I have my free course. There are a lot of options on Udemy and it usually has a more direct communication to its instructors.
These two course platforms will aid you in your learning journey and can be mostly free, costing you only your time.
Conclusion
Ultimately, the path you choose will depend on your personal goals and interests within the cybersecurity field. After going through a roadmap (or several) and matching it to your interests, you can start getting reps in the CTF’s mentioned , and the course platforms to build your skillset.
By taking these factors into consideration, you can make an informed decision and pursue a fulfilling and rewarding career in cybersecurity.
I hope this helps you in your learning journey!