Home > Articles

Building Your Lab

This chapter is from the book
  • “Knowledge is of no value unless you put it into practice.”

  • –Anton Chekhov

Now you know what you want. You have identified the cybersecurity area you want to work in, identified your current gaps, and established a plan. As part of this plan, you should have added time to ramp up with the technology areas in which you need to improve.

However, you can read about these technologies all day long, but if you don’t do hands-on practice, your knowledge will be limited, which might affect you while interviewing. When you don’t have hands-on experience in a subject, it’s hard to feel confident that you can actually implement the things you just learned about in theory.

With the number of online resources we have nowadays, it’s easier to create your own lab to implement scenarios that will help you gain more experience. This chapter will assist you in creating a lab and suggest some scenarios you can use to put things into practice.

Lab Requirements

While different cybersecurity jobs will require different skills, the goal here is to ensure that you have a good foundational understanding of technologies that can be utilized across different cybersecurity job roles. Building this foundational lab allows you to continue adding new scenarios to learn different skills.

To create this foundational lab, you need to cover some core scenarios, and based on these scenarios, you will have the minimum requirements for this lab. Table 3.1 highlights what’s covered in each of the scenarios in the lab I’m proposing:

Table 3.1 Lab scenarios and requirements

Scenario

Level

Minimum requirements

Understand operating system processes and threads

Basic (100)

One virtual machine (VM)

Windows operating system (OS)

Process Monitor by Sysinternals

Understanding the communication between two hosts in the same TCP/IP subnet

Basic (100)

Two virtual machines (VMs)

Windows OS

Wireshark

Cloud security posture management

Intermediate (200)

Azure subscription

Microsoft Defender for Cloud

Multicloud security posture management

Intermediate (200)

Azure subscription

AWS account

GCP project

Microsoft Defender for Cloud

Understanding regulatory and compliance standards

Intermediate (200)

Azure subscription

Microsoft Defender for Cloud

Simulating and detecting attacks on Windows and Linux

Advanced (300)

Azure subscription

Linux OS Microsoft Defender for Servers

Four virtual machines (VMs)

Windows OS

Implementing a cloud-based security information and event management (SIEM)

Advanced (300)

Azure subscription

Microsoft Sentinel

Threat hunting

Advanced (300)

Azure subscription

Microsoft Defender for Cloud

Microsoft Sentinel

Gathering threat intelligence

Advanced (300)

Azure subscription

Microsoft Sentinel

MITRE ATT&CK Framework

One important thing to mention about Table 3.1 is that the suggested minimum requirements are based on the material I cover in this chapter. However, nothing stops you from adding other elements to this scenario. For example, in implementing a cloud-based security information and event management (SIEM) scenario, the minimum requirement is to use a Microsoft SIEM solution called Microsoft Sentinel. However, you can build your own lab to use another solution, such as Splunk.

While thinking about potential additions to each scenario, consider whether those additions will cost money. My intent is to help you build a free lab to practice. Remember that once you start deploying these solutions, your clock starts, and you need to finish everything in a specific time frame since some of these solutions are free only during a trial period. That’s why it is so important to clearly define everything you want to test and practice during this ramp-up phase. Figure 3.1 has an example of how you can plan your trial usage, assuming a 30-day trial (which is the case for most of the products used in this lab):

Figure 3.1

Figure 3.1 Roadmap to conclude the lab

The diagram shown in Figure 3.1 has four major phases:

  • You are here: This is where you are right now, reading this chapter and defining which scenarios you want to implement. For example, if you are already an IT professional migrating to cybersecurity, you might not need to implement scenarios 1 and 2.

  • Trial starts: Once you have enumerated which scenarios you want to implement, then you can start deploying the products, which usually entails starting the trial period for that product and also for the platform (in this case, Azure).

  • Trial ends: Add the ending date on your calendar, and add a calendar reminder at least 10 days before the trial expires. Some of these products will require you to supply a credit card number when you sign up for a trial. While they don’t charge you upfront if you go over the 30 days, they will start charging for the next cycle. So, make sure to cancel your subscription before the 30th day of use. This 10-day reminder prompts you to evaluate what you have done so far and whether anything is missing. If you’ve already implemented all scenarios and are ready to move on, just cancel the subscription.

  • Reflections: After everything is done, you should pause for a day and reflect on the lessons learned. A good way to practice what you’ve learned is to write a report with your observations about each scenario. This report should contain more than just copy-and-pasted material from articles you read to help you with the lab. Instead, it should include your thoughts about what you have learned and whether you believe there are still some areas you need to continue improving as you move forward. This report will also help you to prioritize the areas you need to improve and the areas where you already feel confident.

The following sections will go over each scenario. Some scenarios will have less-detailed explanations because they’re already very well documented on the websites I reference in this chapter.

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.