Cybersecurity projects to demonstrate your skills

We’ve all been there — 200 pages into your Security+ study guide reading, and your eyes are crossing from exhaustion. Does any of this even connect with the real world? One of the best ways to apply your learning is to try it out for yourself, and my guest today, Infosec Skills author professor Robert McMillen, has a host of suggestions for low-cost, low-danger security tasks that you can try for yourself and determine whether you have what it takes to keep it going in cybersecurity. As a bonus, McMillen gives some pretty outstanding advice for taking these hands-on experiences and interjecting them into your first job interviews!

0:00 - Cybersecurity projects and tasks
1:53 - Beginner cybersecurity projects
7:49 - Elevating your cybersecurity projects
11:38 - Document cybersecurity projects
16:31 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Chris Sienko: 

Okay, we've all been there. 200 pages into your Security Plus study guide reading and your eyes are crossing from exhaustion. You're wondering does any of this even connect with the real world? One of the best ways to apply your learning is to try it out for yourself, and my guest today, infosec Skills author, professor Robert McMillan, has a host of suggestions for low-cost, low-risk security tasks that you can try for yourself to determine whether you have what it takes to keep going in cybersecurity. And, as a bonus, robert gives some pretty outstanding advice for taking these hands-on experiences and interjecting them into your first job interviews. All that and a lot more in this week's CyberWork Hack.

Chris Sienko: 

Hello and welcome to a new episode of CyberWork Hacks. The purpose of this spinoff of our popular Cyber Work podcast is to take a single fundamental question and give you a quick, clear and actionable solution or a new insight into how to utilize InfoSec products and training to achieve your work and career goals. So today's hack is a little different, but my guest is longtime friend and collaborator of InfoSec Professor Robert McMillan. Robert has been an instructor and creator of our InfoSec Professor Robert McMillan. Robert has been an instructor and creator of our InfoSec skills modules for a while now and I had Robert on an early episode of CyberWork. It was a great chat. Hope you check it out. But as well as Robert's other hacks in the series, we've got several others in the can. Hopefully you've seen them by now, but I'm very excited to have him back for this particular hack, which is aimed at cybersecurity novices. So the idea here is we're talking to beginning learners and this is for folks who aren't sure if they have what it takes to go down a cybersecurity career path and really go for it. So I wanted to see if we can come up with some ways to prove to yourself and, by extension, a future employer, that you have what it takes in the old brain box to work in cybersecurity. So thank you for your time again, robert, and pleasure to have you back on the show. Thanks for having me, chris.

Chris Sienko: 

So yeah, like I said, a lot of my guests have talked about a time where, when they were young and they tried a certain thing, maybe they they finished, you know, programming something and it worked. Or they designed an app for a class and it was a big hit, you know, with their fellow students, or they built their own computer from scratch and their family used it for years. So it could be a big thing or a small thing, but it was something that they could accomplish. And it said you know you can do this, and it also got them excited to see what's the next thing that I can do, you know. So you know it can be easy to keep studying abstractly and maybe even, you know, collect a bunch of certs, but I think some hands-on experience can really lock things in faster. So, robert, can you suggest a manageable security project, something you can get your head around and finish? That will help. You know you've got a good handle on the concepts around cybersecurity, sure.

Robert McMillen: 

Sure, chris. You know, I remember when I first started making video courses and what I found was that the more complex the courses became, the more difficult it was for the company as I was doing the courses for to even provide me with the equipment I needed. So, for instance, you know, my first video course, after just doing YouTube videos, was with LinkedIn Learning, and they said, oh, they said you know what do you need? And I said, oh, I just need a couple of Windows 2012 servers and have them network together. Ok, fine. And then they started saying, ok, what do you need now? Well, I'm going to be doing software defined networking that requires this, this and this, and they go. We don't have that. Yeah right, this and this, and they go, we don't have that. So I had to procure my own equipment for that and, to this day, a lot of the courses, including the ones I do for InfoSec, I use my own equipment, just because it's gotten more and more complicated.

Robert McMillen: 

But for those of you just starting out, there's a lot of great options. So when you sign up for the InfoSec Institute, of course you do get a free trial, and so definitely recommend that you do that, and there's all kinds of great labs and great things that you can sign up to take. For instance, on my courses. I have a Windows Server and client course on security. I created labs for people at the intro and at the intermediate range that you could do online. The great thing about online labs are you don't need high end equipment. You don't need to buy $40,000 like I did. I bought $40,000 equipment just so I could do my courses, because all that stuff's in there, it's in the background, it's it's sitting on, you know, servers that have the complexity and things like that like you would have in a corporate environment. So you may not be able to attain all of these different pieces to you know, to do some of the more complex stuff. However, it is certainly possible for you to get your own lab going, just as I did in the early days.

Robert McMillen: 

Now, besides the InfoSec Institute, I have found that if you don't have the money yet to do a long-term monthly subscription, yeah, because you're really just getting started and maybe you need something just as basic as basic can be. I remember trying to save a file the first time on a Windows computer because I started out as an Apple guy a Macintosh Okay and I had to save it with a file extension. I'm like we don't use that in Macintosh. What do we need that for? So you know if you're really at that level you know, like I was when I first got started then you can go to learnmicrosoftcom, sign up with your email account and they have some free projects that you can do online and they walk you through. I mean, it's basic, basic stuff. We call this high level, 50,000 foot level. Don't expect that once you take these that you're ready to get a job in cybersecurity. Yeah, right, right.

Robert McMillen: 

This is just you know real hand-holding intro stuff here, oh yeah.

Robert McMillen: 

Make sure you're really comfortable yeah yeah, exactly, you know the InfoSec Institute is going to does have introductory courses, but I've never seen anything as simple as what I've seen at LearnMicrosoftcom. Love it. So you can go there. They've got the videos and the intro text and and then you know the labs and stuff like that. Then you can sort of graduate, you know, on to more advanced courses. I love the fact that InfoSec has some advanced courses for people who are lifelong learners, I mean those folks you know. It's like OK, what's the next thing? Because technology changes so quickly it's hard for me to keep up with it. So I'm going to learn from someone who has kept up with it and then I'll be at that level, you know, at some point and you know three years from now.

Chris Sienko: 

I got to kind of start all over again, don't I? Yeah, yeah, as we all do. Yeah, sometimes it's six months from now, but yeah. So yeah, robert was talking about infosecinstitutecom slash skills. If you sign up for a free month of that, you can sort of poke around in there and see what's what's interesting to you and as, as as Robert said, you can check out his Windows 10, or is it server 2019 and Windows 11, server 2022.

Chris Sienko: 

Yeah, and a lot of our skills learning paths have cyber ranges and sort of hands on things. So it's pretty cool, like they'll give you a little simulation of you know a command prompt environment and you can actually go through and do all the pieces yourself. You can do code injection, you can do you know some sort of capture the flag things or whatever, and you can really lay hands on it in a sort of low stake situation where you're not going to break anything You're not going to. You know. All you got to do is, you know, reset it and start over if you messed up, and I think that's really really conducive to learning. You know, all you got to do is, you know, reset it and start over if you messed up and I think that that's really, really conducive to learning. You know, I mean we've had a lot of guests on who have said that you know they dismantled their family's computer when they were, you know, 12 years old and then put it back together. But it can be a little scary if it doesn't work out and maybe you know that's, that's the last thing.

Chris Sienko: 

You, in this case, yeah. So so, yeah, let's, let's talk a little bit about doing some of these projects. You do something hands on and, you know, do you have any advice for sort of designing, like the scope of the project that you would want to accomplish? Because, like you said it's, it's one thing to say, like, learn that Microsoft dot com. Ok, I did this to this, learnmicrosoftcom. Okay, I did this to this. Now, like, how do you sort of like plan for yourself to say, okay, what's the next hardest thing I can do for myself to sort of feel like I'm moving up the ladder?

Robert McMillen: 

What's your advice there? You know, nothing feels as good as getting your hands dirty and you know your own project, and so what I recommend is that you start out, you know, assuming that you have a decent computer with, say, at least 16 gigabytes of RAM, and if you don't see if you can upgrade it or obtain a new or borrowed computer that you're able to do this with, if it's a Windows computer, you can go ahead and install Hyper-V on it. It's just a feature that you can check the box, you know. When you go into the control panel, the system settings, you can add Hyper-V and it also includes if you have the professional version, the enterprise version or even the student version, then you can get a free virtual machine operating system for another Windows 10 or 11, as well as Linux versions that you can install. That's all included right in there in Hyper-V on any one of those versions of Windows. Now, if you have a home version, you can upgrade it. It's not that expensive. Microsoft would love for you to upgrade it. It's just go to Microsoft's website and say, hey, upgrade my operating system, and then you can get all those advantages.

Robert McMillen: 

However, let's say you don't want to use Hyper-V. Let's say you don't want to use Hyper-V, let's say you want to go a different direction. You can install VMware Workstation the current one, I think, is 17, or VirtualBox, which I believe the current version is 7. And you can install that on any computer Windows, macintosh, linux, any one of those computers assuming that your computer has the virtualization feature turned on. You might have to boot into the setup and turn on virtualization. It's just simply a checkbox that you do and by default, a lot of times it's turned off. And then you can install any one of those virtual machine products VMware Workstation, virtualbox especially for non-Windows and then you can get all kinds of great projects that you can download.

Robert McMillen: 

Now one place I like to go to you can get some free projects is GitHub. Github is owned by Microsoft. They have a ton of free projects that you can download onto these virtual machines, and the nice thing about it is is you can break these virtual machines and you can start over again and you know no harm, no foul. So you can start over again and no harm, no foul. You can get free versions, demo versions, 180-day demo versions that you can use over and over from Microsoft at the Windows Eval Center. Just type in Windows Eval Center in a Google search and you'll find it, and you can download any version of Windows Client or Windows Server for VMware VirtualBox for half a year, which is fantastic.

Robert McMillen: 

Another place you can sign up is the Cybersecurity and Infrastructure Security Agency, known as CISA C-I-S-A dot org. Cisa is great. It's the security agency that you can sign up for Now. I've signed up a long time ago to get these updates for when some new vulnerability comes out. They send me an email anytime you know some new hack has come out or you know, and I learn a ton from them. So it's a great place to go to get various different projects and information that you can do on your own.

Chris Sienko: 

Yeah, we love CESA around here. Those are all boy, those are all great, and a lot of those I think are first time we've heard about that on the show, so there's some really great tips in here. I hope people are taking notes, whether on piece of paper or on their phone notes. So I have one last question for you here, robert.

Chris Sienko: 

So one of the things that we talk about a lot on the show is that you know, especially when you're just getting started in your career in cybersecurity, you know it's one thing to have okay, I have a certification on my resume that shows I can do that but one of the things especially with people who have no experience trying to get into a job that requires experience is documenting outside experience that you've done. So some of these things that seems like would make really good kind of calling cards when you're trying to sort of show off what you can do. So you know, I think an important part of this whole endeavor is documenting what you've learned from these small projects. So do you have any tips for how to document completed projects in a way that others can understand and that you could maybe put on your resume?

Robert McMillen: 

Lots of good tips for this, definitely want to, you know, write some of these down as well. So on the simple side, you know, if I think about my first IT job, what I found was when I was troubleshooting issues, I would notice, like every you know, two, three weeks, maybe every month or so, the same problems would happen over and over. And that's because every you know version of Windows that people were using had the same bugs in them as all the other ones, or software that they were downloading and installing, or whatever it was. And so what I found was is that after a month, if you haven't seen that problem in a month and you're, you know, I was solving 20 problems a day, you know. So you know, over the course of a month we're talking about hundreds of issues I've solved. A month later that same issue comes up. I'm like wow, I know I've seen this before, but I sure can't remember how I fixed it.

Chris Sienko: 

Yeah, yeah, exactly Right, right. I don't remember how I did it, but I fixed it Exactly.

Robert McMillen: 

So a lot of. If you're using Microsoft Office and if you're a student, you can get Microsoft Office for free using your edu email address. Then you can use OneNote. Onenote is a great way to you can create a different note for every different project, if you'd like, or different operating system, different problems, you know. However it is, you want to organize it, onenote is very customizable, very easy to use. It'll sit down in your system tray so you can easily recall it.

Robert McMillen: 

Now, if you want to get a little fancier, you can. And again, microsoft Office, you can use Microsoft Access. Access is sort of a simple, low-grade SQL server, right? It uses an MDB type of a database, so you can't put hundreds of thousands of records into it, but you can certainly put in thousands of records so you create. There's plenty of YouTube videos out there if you want to learn how to create your Access database and customize it the way you want to. I've got over 4,000 videos on my YouTube channel, not just on Access but Windows and other things, so just that channel alone has plenty you can learn from there. 4,000 videos on my YouTube channel, not just on Access but Windows and other things, so just that channel alone has plenty you can learn from there. And so you make your Access database and then it's searchable. So the next time you have an issue, you say, hey, put in some keywords, click search and boom, you saw how you solved it last time.

Robert McMillen: 

Now for employers, when you go to do an interview, here's a tip for you Is that let's say, you've already got some experience in a job, or maybe you have experience in college or on your own home lab that you can relate to some of these questions that are coming to you in this interview. Try to get no more than around five really good stories, because what you're going to find is pretty much any of the questions that they're going to ask. You are going to relate to at least one of them. What you're going to find is pretty much any of the questions that they're going to ask. You are going to relate to at least one of them. If you try to get 10 stories or 20 stories, you're not going to remember all the details. Right, it's going to come out funny, you know so.

Robert McMillen: 

But if you have five really good stories that you practice ahead of time, practice with your family. You know somebody in your family. Practice with one of your friends you know about, you know explain, you know how it is that something happened. Then when you do go to get interviewed, then you'll have all those different things down pat. So if they say you know, what did you do in order to, you know, secure this computer from ransomware, you know. Or what happened when ransomware broke out, what did you do? And now you have a story you know and you can, you can talk about that, that and you've got it, you know, very well explained in your head, so now you can explain it, you know, to that potential person.

Chris Sienko: 

Yeah, I think that's, yeah, I think that's a really really great point, and I think it is hard to imagine, like, how am I going to put that on a resume in a way that they're going to, you know, see it or whatever? But if you're, if you're in the interview, then it's going to be real easy to bring it up.

Chris Sienko: 

You know, and, like you said, you can crowbar it in, as long as it makes sense to what they're talking about, but you know never mind to be of a story of this one time when, blah, blah, blah, blah, next thing you know they're putting check marks next to your name in their hire pile.

Robert McMillen: 

Exactly exactly.

Chris Sienko: 

All right. Well, that's all great advice, so I'm going to let you go here. But, Robert McMillan, thank you so much for guiding our listeners through this important early phase of their studies. My pleasure, chris, thanks for having me, and thank you all for watching this episode of CyberWork Hacks. If you enjoyed this video and felt that it helped you, please share it with your colleagues and on any forums you're on and on your social media accounts, and please like the video and subscribe to our podcast feed and our YouTube page.

Chris Sienko: 

You can type in CyberWorks InfoSec on YouTube. You'll come to our page. Just hit subscribe. Hit the bell. Everything will be delivered to you just like magic. There's plenty more to come for listeners of all levels, and so if you have any topics you want us to cover about any aspect of the cybersecurity career experience, drop them in the comments below and we'll get to them very soon. But until then, we will see you next time, and this is Chris Sanko saying happy learning. Hey, if you're worried about choosing the right cybersecurity career, click here to see the 12 most in-demand cybersecurity roles. I asked experts working in the field how to get hired and how to do the work of these security roles so you can choose.

Subscribe to podcast

How does your salary stack up?

Ever wonder how much a career in cybersecurity pays? We crunched the numbers for the most popular roles and certifications. Download the 2024 Cybersecurity Salary Guide to learn more.

placeholder

Weekly career advice

Learn how to break into cybersecurity, build new skills and move up the career ladder. Each week on the Cyber Work Podcast, host Chris Sienko sits down with thought leaders from Booz Allen Hamilton, CompTIA, Google, IBM, Veracode and others to discuss the latest cybersecurity workforce trends.

placeholder

Q&As with industry pros

Have a question about your cybersecurity career? Join our special Cyber Work Live episodes for a Q&A with industry leaders. Get your career questions answered, connect with other industry professionals and take your career to the next level.

placeholder

Level up your skills

Hack your way to success with career tips from cybersecurity experts. Get concise, actionable advice in each episode — from acing your first certification exam to building a world-class enterprise cybersecurity culture.