Cybersecurity Masterclass: Real-World Lessons on Resilience of Cybersecurity Professionals

More than 1 million cybersecurity jobs will be available by 2025, but less than 400,000 cybersecurity professionals will be trained by then.
Here’s how I’m preparing to be among the 400k 🙃

As a requirement for my Master’s degree in Applied Cybersecurity, I attended an intensive 4-day Masterclass with one of the most experienced CISOs out there - shout out to Bozidar (I want to say more about him, but in his words - “Do an OSINT on me and you will know who I am”)

My classmates and I were given front-row seats for an entire week to see how cybersecurity works in a real-world context. The experience was practical, detailed, and nerve-wracking.

We covered five main areas: finding your footing, incident management, vulnerability management, risk management, and business continuity.

In this article, I will try to summarise my experience during this masterclass.

Table of Contents

1. Finding Your Footing as a New Cybersecurity Professional

2. Incident Management: Containing and Resolving Breaches

3. Vulnerability Management: Finding and Fixing Weaknesses

4. Risk Management: Assessing and Mitigating Threats

5. Business Continuity: Planning for the Unexpected

My Takeaway from this Masterclass

Starting as a newly hired cybersecurity professional will feel overwhelming; like every new challenge, you will learn to adapt. However, initially, it won’t be self-evident; you will need to know about the company’s culture, vision, products, people, etc.

This phase was all about practical ways to hit the ground running and make a positive impact early on. We focused on strategies to integrate into the team, understand the company’s systems and culture, and establish trust with colleagues and management.

The goal was to equip us with the right mindset to face the challenges head-on while building confidence and credibility in our new role.

Building Relationships

• Meet the IT Team: You’ll work closely with these people. Set up a meeting to understand their workflows, the tools they use, and the challenges they face. Get to know the critical systems they manage and the current pain points they deal with.
• Engage with Management: Management is the decision maker. Approach them confidently, use simple language to explain technical concepts, and always leave discussions with straightforward tasks or decisions. Remember to keep things actionable.
• Learn the Organizational ins and outs: Spend time understanding the company’s hierarchy, business goals, and critical processes. This knowledge will guide your decisions and priorities. Every organization is different, and the key to securing its assets lies in your understanding of it.

Practical Tips

• Ask the Right Questions: Who manages critical processes? What are the current pain points? Who are the team leaders? Who do you report to?
• Be Prepared for Presentations: Use silence as a tool. Don’t overshare or ramble—instead, focus on key points. Give context early in your presentations and communicate in terms of business impact when presenting to management (that’s what matters to them).
• Build Trust: Establish strong relationships with both management and the engineering team. Avoid placing blame and instead focus on understanding their challenges and working collaboratively.

A cybersecurity breach can have far-reaching consequences. This phase focused on handling a simulated ransomware attack. We were tasked with managing a breach, containing the damage, and ensuring recovery.

The Incident Management Process

1. Detect and Report: Early detection is critical. Employees must be trained to recognize and report anomalies immediately.
2. Respond and Investigate: Mobilize the incident management team. Determine the scope and root cause of the breach.
3. Contain the Incident: Isolate affected systems to stop the attack's spread. Use network segmentation and other containment techniques.
4. Eradicate and Recover: Remove malicious files or attackers from your environment. Restore systems using clean backups and verify their integrity before bringing them back online.
5. Document and Post-Incident Analysis: Keep detailed records of actions taken. Conduct a post-incident review to identify what went wrong and how processes can be improved.

Lessons Learned

• Speed is Crucial: The faster you detect and contain an incident, the less damage it can do. Time is everything.
• Clear Communication: Everyone involved needs to be on the same page. Use designated channels for updates and ensure responsibilities are clearly defined.
• Incident Classification: Classify incidents by their severity. For example, critical, high, medium, and low to prioritize responses.

In this phase, we stepped into the role of penetration testers at Yield Cat, a Security Learning Platform. The Yield Cat platform simulates a high-yield bond trading system embedded with numerous security flaws, providing a real-world environment to apply vulnerability management techniques.

We went through the entire vulnerability management process, using various tools to identify weaknesses and assess risks.

We used

• Nmap to scan for open ports and discover active services.
• Wapiti to test for web application vulnerabilities such as SQL injection and XSS.
• Amass for subdomain enumeration and asset discovery.

These tools, among many others, played a crucial role in helping us understand the security posture of the system and identify areas of concern

Steps in Vulnerability Management

• Identify Vulnerabilities: Use automated tools or manually search and scan for common vulnerabilities. Keep an eye on endpoints, infrastructure, and third-party integrations.
• Prioritize: Focus on the vulnerabilities that pose the highest risk. You can’t fix everything at once, so aim to address the top 20% that mitigate the top 80% risks.
• Automation: Automate as much as possible, including detection, alerting, and basic remediation tasks. This reduces human error and speeds up response times.

What Worked

• Small Steps Add Up: Fix one issue, test the improvement, and move on to the next. It’s an iterative process that builds resilience over time.
• Stay Current: Cyber threats evolve quickly. Regularly update your tools and techniques to stay effective.

The phase revolved around understanding and managing risks effectively. Risk management requires identifying threats, assessing their impact, and taking steps to mitigate them.

Steps in Risk Management

1. Identify Risks: Identify all potential risks, from system vulnerabilities to insider threats and external attacks.
2. Classify Risks: Categorize risks based on their likelihood and impact. For example, high-likelihood, high-impact risks should be prioritized over low-likelihood, low-impact ones.
3. Mitigation Strategies: Develop specific actions to address each risk. This might include technical fixes, policy changes, or employee training.

Practical Insights

• Continuous Improvement: Use lessons from incidents and vulnerability scans to refine your risk management processes.
• Clear Responsibilities: Establish a clear chain of command and reporting structure for managing risks.
• Checklist: Have a checklist ready to guide initial efforts, including reporting structures, key contacts, and immediate actions to take.

In this final phase, we focused on creating business continuity plans to keep operations running during and after a security incident. This involved working with management to design strategies that align with the company’s goals.

Core Components of Continuity Planning

• Recovery Time Objective (RTO): Define how quickly critical systems need to be restored to avoid severe disruption.
• Recovery Point Objective (RPO): Determine the maximum acceptable amount of data loss during a disaster. This guides your backup strategy.
• Plan Development: Create a step-by-step guide for restoring operations. This should include communication plans, roles, and alternative workflows for essential functions.

Communicating with Management

• Speak Their Language: Frame continuity plans in terms of financial impact and operational stability. Avoid overly technical explanations.
• Collaborate on Solutions: Work with management to understand their priorities and design plans that address their biggest concerns.
• Get Buy-In: Use real-life examples to demonstrate the importance of continuity planning.

This masterclass was an eye-opening experience, giving me a full week-long opportunity to step into the shoes of a cybersecurity professional. It wasn’t just about learning theories—it was about applying them in real-world scenarios, solving problems on the fly, and collaborating with others in high-pressure situations.

The biggest lesson I walked away with? Technical skills are essential, but soft skills are what truly set great cybersecurity professionals apart. You can always learn to use a new tool or understand a new security framework. However, refining the ability to communicate effectively, manage your time, stay calm under pressure, and work well with a team takes time and effort. How you interact with your team members, leaders, and management in this field can make or break your success.

Sure, mastering penetration testing, risk management, and incident response is critical. Still, your knowledge isn't as impactful if you can’t explain your findings to a non-technical audience or make clear recommendations that drive action. That’s why I’ll focus just as much on improving my communication, adaptability, and decision-making as on sharpening my technical expertise.

I’m incredibly grateful to the CyberMacs team and Bozidar for organizing this masterclass—it was an invaluable experience that will shape how I approach cybersecurity moving forward.