Why Knowing How to Query is an Essential Cybersecurity Skill
1 min read
Summary
There is often an overemphasis on flashy cybersecurity skills such as penetration testing and detection engineering, while essential skills such as the ability to query data are overlooked, the Cybersec Cafe argues in an article.
Knowing how to query data is, in fact, a “distinguishing factor in those who excel from those who merely just keep up”, according to the article, which outlines the use cases for such skills.
Querying is necessary for effectively leveraging expensive but powerful security information and event management (SIEM) systems, making data-driven decisions and understanding user activity, and for parsing and prioritising vulnerability assessments.
The ability to triage alerts and make data-driven decisions is increasingly an expectation for cybersecurity positions, and incident response is a “hard mode” use case that will truly test skills.
The basics of querying revolve around SELECT, FROM, WHERE, LIMIT, ORDER BY and GROUP BY, and a free resource called SQLZoo can help beginners practice.
Learning the underlying SQL principles can help transfer skills to other query languages.