Building Your Lab
This chapter is from the book
This chapter is from the book
This chapter is from the book
“Knowledge is of no value unless you put it into practice.”
–Anton Chekhov
Now you know what you want. You have identified the cybersecurity area you want to work in, identified your current gaps, and established a plan. As part of this plan, you should have added time to ramp up with the technology areas in which you need to improve.
However, you can read about these technologies all day long, but if you don’t do hands-on practice, your knowledge will be limited, which might affect you while interviewing. When you don’t have hands-on experience in a subject, it’s hard to feel confident that you can actually implement the things you just learned about in theory.
With the number of online resources we have nowadays, it’s easier to create your own lab to implement scenarios that will help you gain more experience. This chapter will assist you in creating a lab and suggest some scenarios you can use to put things into practice.
Lab Requirements
While different cybersecurity jobs will require different skills, the goal here is to ensure that you have a good foundational understanding of technologies that can be utilized across different cybersecurity job roles. Building this foundational lab allows you to continue adding new scenarios to learn different skills.
To create this foundational lab, you need to cover some core scenarios, and based on these scenarios, you will have the minimum requirements for this lab. Table 3.1 highlights what’s covered in each of the scenarios in the lab I’m proposing:
Table 3.1 Lab scenarios and requirements
Scenario |
Level |
Minimum requirements |
|---|---|---|
Understand operating system processes and threads |
Basic (100) |
One virtual machine (VM) Windows operating system (OS) Process Monitor by Sysinternals |
Understanding the communication between two hosts in the same TCP/IP subnet |
Basic (100) |
Two virtual machines (VMs) Windows OS Wireshark |
Cloud security posture management |
Intermediate (200) |
Azure subscription Microsoft Defender for Cloud |
Multicloud security posture management |
Intermediate (200) |
Azure subscription AWS account GCP project Microsoft Defender for Cloud |
Understanding regulatory and compliance standards |
Intermediate (200) |
Azure subscription Microsoft Defender for Cloud |
Simulating and detecting attacks on Windows and Linux |
Advanced (300) |
Azure subscription Linux OS Microsoft Defender for Servers Four virtual machines (VMs) Windows OS |
Implementing a cloud-based security information and event management (SIEM) |
Advanced (300) |
Azure subscription Microsoft Sentinel |
Threat hunting |
Advanced (300) |
Azure subscription Microsoft Defender for Cloud Microsoft Sentinel |
Gathering threat intelligence |
Advanced (300) |
Azure subscription Microsoft Sentinel MITRE ATT&CK Framework |
One important thing to mention about Table 3.1 is that the suggested minimum requirements are based on the material I cover in this chapter. However, nothing stops you from adding other elements to this scenario. For example, in implementing a cloud-based security information and event management (SIEM) scenario, the minimum requirement is to use a Microsoft SIEM solution called Microsoft Sentinel. However, you can build your own lab to use another solution, such as Splunk.
While thinking about potential additions to each scenario, consider whether those additions will cost money. My intent is to help you build a free lab to practice. Remember that once you start deploying these solutions, your clock starts, and you need to finish everything in a specific time frame since some of these solutions are free only during a trial period. That’s why it is so important to clearly define everything you want to test and practice during this ramp-up phase. Figure 3.1 has an example of how you can plan your trial usage, assuming a 30-day trial (which is the case for most of the products used in this lab):
)
Figure 3.1 Roadmap to conclude the lab
The diagram shown in Figure 3.1 has four major phases:
You are here: This is where you are right now, reading this chapter and defining which scenarios you want to implement. For example, if you are already an IT professional migrating to cybersecurity, you might not need to implement scenarios 1 and 2.
Trial starts: Once you have enumerated which scenarios you want to implement, then you can start deploying the products, which usually entails starting the trial period for that product and also for the platform (in this case, Azure).
Trial ends: Add the ending date on your calendar, and add a calendar reminder at least 10 days before the trial expires. Some of these products will require you to supply a credit card number when you sign up for a trial. While they don’t charge you upfront if you go over the 30 days, they will start charging for the next cycle. So, make sure to cancel your subscription before the 30th day of use. This 10-day reminder prompts you to evaluate what you have done so far and whether anything is missing. If you’ve already implemented all scenarios and are ready to move on, just cancel the subscription.
Reflections: After everything is done, you should pause for a day and reflect on the lessons learned. A good way to practice what you’ve learned is to write a report with your observations about each scenario. This report should contain more than just copy-and-pasted material from articles you read to help you with the lab. Instead, it should include your thoughts about what you have learned and whether you believe there are still some areas you need to continue improving as you move forward. This report will also help you to prioritize the areas you need to improve and the areas where you already feel confident.
The following sections will go over each scenario. Some scenarios will have less-detailed explanations because they’re already very well documented on the websites I reference in this chapter.