As a student like most of you, I have just joined my first job as a penetration tester. Today, we will discuss the stepping stones to obtain a profession in cybersecurity. Most of the suggestions I will provide are based on what I and my fellow mates have experienced. What is better for a fresh beginner to learn from the viewpoint of a student who has "been there, done that?''.
The first thing to consider is the reason why you are interested in Cybersecurity. Don't do it because hacking sounds cool. Don't do it because you have heard the fascinating jargon. The actual work and tasks of a professional could be a lot different than what you imagine.
To get a correct and actual picture of the reality behind the cybersecurity industry, you must know what happens in the day-to-day life of a cybersecurity professional. The best and easiest way of doing that is to refer to the NICE framework by NIST1. There you can get an exact picture of the roles and tasks that people do in the industry, and you will find the knowledge and skills you need for that particular role.
There are a few things that you should be very clear about. In general, these would be the basic prerequisites for most of the courses or certifications.
- Internet technologies
- Web technologies
- Network technologies
The basics with underlying principles and technologies that are prevalent at the core would form the basis of your tasks.
One Step Further
After you are clear with the basics now you have to dive into a few skills that you will need in your journey.
- Programming - The basic level of programming languages, general knowledge of how the application is working.
- Web stack - General readability of the website development stack (HTML, PHP, SQL, JS, etc.) will prove to be a handy weapon in your arsenal.
- Linux - Develop a good foothold in the Linux environment and be comfortable in using the command line for almost every activity you perform in your PC.
- Assembly and OS - Have a basic understanding of assembly language and working of the operating system. This will be very helpful for system-level security.
Backyard activities (hands-on)
Now, let's get started and put your learning into use. You have to move to some actual practice.
- Virtual Labs - You can set up your lab of virtual machines and play around with them on what you have learned.
- Courses - You can find some very useful online courses based on your decision from NIST roles.
- Videos - You can look for some free resources on the internet and learn to break or protect whatever interests you. (IppSec, Cybermentor, etc.).
- Blogs - There are many awesome bloggers you can follow to learn and perform hacking.
Big Boys Toys
Time to get real.
- Bug bounty - You can read bug reports and POCs of various hunters and play around with actual live websites through a bug bounty platform.
- CTF - Capture the flags are your playground where you can play the actual game of hacking, begin with reading writeups.
- Labs - There are multiple resources offering labs to practice attacks with step by step guidance on how to do it. This proves to be a good way of perpetual learning and it offers a great boost to confidence.
- Certifications - Lastly you can enroll in online courses to obtain certifications. This offers smooth indexed learning along with adding recognition and value to your resume.
Cybersecurity is not a skill: it is a mindset, a lifestyle. Anything you learn will never be wasted. When you start something new, you will crave more and you will be attracted to what you like the most, which will eventually lead you to the best decisions for you. Anything you learn will always help you in your journey in some way or the other, for sure. Risk is everywhere. Security is everywhere.
Sign Up And Start Your Cybersecurity Career:
- "National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework" https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-181.pdf