Happy New Year, everyone! As we begin a new decade and I reflect on the last quarter century of networking and security I thought it would be cool to see how the tools of the trade for pre-sales Systems Engineers in the network security field have changed and which tools the SE’s SE will need to be proficient with in 2020.
As an SE in the 90’s and early 2000’s I remember carrying a heavy laptop bag filled with now obsolete dongles, serial converters, null-modem cables, ethernet patch cables and crossover cables, screw drivers, papers and excerpts of manuals. I probably couldn’t get through TSA with that bag these days!
Networking and security has changed so much from those years. My early days were spent learning the opaque details of Windows NT and the black art of IPv4 subnetting (and CIDR!). I was obsessed with linux, OSPF, and BGP and made sure I understood the details of how encryption and key exchanges work for IPSEC VPNs.
Obviously all of those foundational skills have served all of us well, but in the past few years we’ve seen the security industry change quite dramatically. Stateful inspection firewalls have given way to Defense in Depth and Zero Trust, which includes so much more. (EDR, NDR, IPS, VM/Cloud/Micro Services, UEBA, Deception, SOAR… whew!) To that end, here are a few tools that I have added to my toolbox in the past few years that I look for SEs to at least have some familiarity with on my high-performing teams.
Cloud Providers
Every SE should have accounts in all of the major cloud providers. Each has its own flavor, advantages, and APIs. Cloud accounts are perfect for setting up temporary labs to test out a configuration or a quick POC. You never know which combination of providers your customers will be using these days so you really need to be familiar with at least these:
- AWS (including EC2, VPCs, S3, Route53, and even Lambda)
- Azure (believe me, your customers will be using it)
- GCP (GKE is a great way to get familiar with Kubernetes!)
The good news is that all of the providers have free signups and the monthly bill is usually very low for lab usage.
Integrations and Automation
A lot of SEs have at least some background in scripting and programming and those skills are becoming more important now with everything becoming more connected and integrated. Integrations are the name of the game and if you can make a POC successful by building one yourself in a pinch it will make you that much more valuable to the customer and your company.
Python has become so popular in the past few years that it’s definitely something that I look for in SE candidates, but BASH, and PowerShell skills are still very relevant. Extra credit for learning Go! Here are some of the more important tools to help in this area:
- Proper IDE or text editor (I like Sublime, but there are many options, including old-school
vi
!)- UPDATE: I now tend to use VSCode for most of my Python work, but I still use Sublime for smaller code snippets and as a scratch pad/staging area
git
(open some sort ofgit
account, like github, and share your code)- I’m not a
git
expert, by any means, so I use Sourcetree to keep me sane. (UPDATE: I now tend to use thegit
source control features built-in to VSCode)
- I’m not a
- SOAR Platforms (Phantom, Demisto, FortiSOAR)
- These typically have free community editions
- SIEM (Elastic Search, Splunk, etc.)
- Again, set up the free community editions in your lab
APIs
In line with Integrations and Automation, some of the lower-level skills that will be needed is to understand the different flavors of APIs. You’ll find that RESTful or REST-like APIs are very common these days, which makes things easy, but you’ll definitely need to understand JSON format.
Here are some helpful tools for navigating APIs:
- Online JSON pretty printer and validator
- Online encoder/decoder (Cyberchef)
- Postman – I love using this tool to learn a new API or to share quick python/BASH snippets with a customer.
jq
– one of my favorite command line tools. It’s likesed
orawk
for JSON. Also, a quick and dirty JSON pretty printer/validator at the command line.
Containers and Microservices
Don’t worry, all of your legacy networking skills (OSI 1-7) aren’t obsolete, but a lot of the lower levels are becoming more abstracted and more emphasis is being laid on layer 7 for security.
I think it’s a good exercise to write a small, simple app in Python and package it up as a Docker container running standalone or in a Kubernetes cluster. Extra credit for learning Service Mesh technologies like Istio/Envoy and CI/CD Pipelines and tools like Jenkins.
It’s a big topic and a lot of things are changing rapidly, so this is an opportunity to learn something a bit bleeding edge, but quickly becoming mainstream. The SEs that understand these technologies will be the most relevant in 2020 and beyond as their customers transition to them.
To get started, make sure these tools are in your tool belt:
- Docker Desktop
- Kubernetes Cluster (I use Google GKE, but you can also use something like Amazon EKS or Azure AKS)
Penetration Testing/Hacking
Of course, we can’t forget the basics of security, including pen testing and hacking tools that will enable you to test and demonstrate your technologies and solutions.
netcat
(akancat
ornc
) – this is one of the first command line tools I install on my laptop. It’s a Swiss army knife for network testing.nmap
– another must have at the command line – tried and true for many years.- Kali Linux – here is a nice summary.
- Application security test tools available from the OWASP site.
- Virus Total – just be careful you don’t upload sensitive files or compromise an ongoing investigation by uploading a file the incident responders are still reversing.
There are so many more tools for this section but they will typically be dependent on the type of security products you support.
2020 and Beyond!
There’s no shortage of things to learn and tools in the toolbox, though I have noticed that my laptop bag is a lot lighter these days! What are your favorite tools that I have missed?
nice summary to begin 2020, thanks Kelly
I wanted to also add Ansible and Terraform. I’m starting to see more customer demand for integrations with those tools to automate their workflows.