[go: up one dir, main page]

DEV Community

Ashhad Ali
Ashhad Ali

Posted on

My AiOPS Journey

My AIOps Journey: A Comprehensive Overview

I began my AIOps journey on March 29th, and I am excited to share what I have learned and how it can benefit you. Below, I outline the key areas of focus in AIOps and provide insights into my learning experience.

Core Areas of AIOps

  1. Cyber Security
  2. SysOps
  3. DevOps
  4. Cloud Computing
  5. Artificial Intelligence

Cyber Security

In the realm of cyber security, I have gained hands-on experience in various domains, including web, mobile, and API penetration testing, source code review, and both static (SAST) and dynamic (DAST) application security testing. For vulnerability assessment and penetration testing, I follow the OWASP Top 10, WSTG, and MSTG guidelines and participate in bug bounties. Additionally, I use PortSwigger labs to learn more concepts and techniques. If you want to become a good pentester, follow these two resources: OWASP and PortSwigger articles and research. I already had experience in VAPT, so I covered it quickly. If you are a beginner, it might take around 2 months to understand it, but these websites will make your learning process easier.

If you don’t know how to learn about a vulnerability, here’s a method that works for me:

  1. What is XSS?
  2. How does it work?
  3. Where is it found? (Parameters on a website, etc.)
  4. How to find it?
  5. How to exploit it?
  6. How to mitigate it?

Learn step by step. This method applies to any bug you want to study.

From a theoretical perspective, I have studied CISSP and made some notes of important words my trainer said. Here are a few:

  • Due care and due diligence
  • Types of security audits
  • SOC 2 reporting requirements
  • The importance of defining the scope of security audits
  • CIA (Confidentiality, Integrity, Availability) triad
  • Compliance with local laws
  • Business Continuity and Disaster Recovery (BCDR)
  • Recovery Time Objective (RTO)

Key Takeaways

Here are some key terms I noted during the training that you can use during interviews:

  • Data Set: An individual who is the subject of personal data.
  • Data Owner: The entity responsible for the data.
  • Security as Code: Implementing security measures as code embedded in the organization's fabric.

Additionally, I explored the Graham-Denning Security Model and preventive controls, which emphasized the gradual implementation of security measures. I also focused on top mitigation strategies, including system enumeration, entry point identification, log monitoring, account management security, backup verification, and patch management (both in-house and outsourced).

Practical Skills and Tools

I have developed practical skills in Red Hat Linux, including LUN scanning, disk scanning, logical and extended partition management, backup procedures, security configurations, GREP, IP gateway configuration, process management, and command-line tools like top.

Many people ask how I learned such a big topic with lengthy videos. I used ChatGPT to learn it. First, I asked ChatGPT in my native language, and it answered in Roman Urdu, which made it easy for me to understand the concepts. ChatGPT provided all the commands in order and much more. From videos, I just checked how to practically apply these commands and focused on the teacher's words on using these skills in a job role. If you are a beginner, it might take some time, but it’s worth it.

In coding, I have learned Python basics, Python automation, Python Selenium, and Bash scripting. Again, I used ChatGPT for coding. ChatGPT is the best as it explains everything in deep detail and from every angle. I also watched videos to understand where and how to use these concepts in practice.

Cloud Computing

I have started learning AWS Solution Architect concepts, focusing on creating VPCs, subnets, CIDR blocks, and EC2 instances.

DevOps

My DevOps learning journey includes hands-on experience with Docker. I watched every video completely and did practical exercises side by side. This course is amazing for understanding containerization and exploring orchestration tools.

Top comments (0)