sounds about right, but I'd up #1 from "basic computer knowledge" to "sysadmin level enterprise system experience" if you want to truly be an expert. Success in cybersecurity on the blueteam side to me is more being a really good sysadmin that is paid to only think about security.
I've seen people that just jumped into the field with just their fancy cybersecurity degree and by god they can tell me exactly what part of MITRE this control handles (in painful detail) but when rubber meets the road they don't really know how domain controllers work. It sometimes doesn't inspire confidence and since we need main IT to listen to us as security "experts" that really can be a issue if they think we can do anything practical. (they don't let us touch their toys)
Im a computer janitor and i know it, just a fancy one with security written on my door.
No comments yet.