How to Learn Cybersecurity On Your Own
It is high time for all to start learning cybersecurity. The number of nefarious actors is on the rise in cyberspace. The regulations on information security are still not mature. Cybersecurity defends good actors from malicious attacks and unnoticed crimes perpetrated by threat actors.
The impact of these crimes is manifold and may not necessarily manifest as theft, pilferage, financial loss, or denied access to people’s data but as disruption to their daily lives, mental distress, fear, or propaganda. For example, one can guess and estimate the fallout from a recent “classic intrusion” of Twitter to gain access to the high profile accounts.1
Why is Cybersecurity Important?
People knowingly and unknowingly share a lot of personal data in the new regime of connectedness between machines and devices. This data is available, unchecked, to everyone, from small businesses to large corporations. As users, everyone is all part of unprecedented surveillance from both good and bad actors at the other end.
Moreover, businesses and users have started to move closer to each other to reduce the gaps between demand and supply. The availability of interconnected devices and the supporting environment have resulted in increased interaction among each other. Given such circumstances, individuals' digital footprints are available to consume and sometimes use it for an advantage.
All individuals must secure the information that we share. It is, therefore, vital to help each other in making a secure cyberspace.
How to learn Cybersecurity?
Cybersecurity deals with securing this virtual space, which is composed of computers, devices, technology, and virtual reality. There can be no source better than cyberspace itself to learn cybersecurity. One needs to understand the mix of disciplines such as law, psychology, sociology, organizational sciences, and computer science.2 Below are some of the aspects one might consider when wanting to learn cybersecurity.
One needs to search and save quality resources to learn about cybersecurity. It is possible to get access to paid or free resources on the web. However, before making any monetary investment, one must read reviews. For example, get access to local libraries, notes from friends, free PDFs & books on the internet. It is best to collect as many resources as one can handle.
Those who are just starting can search for organized free curriculums provided by colleges and universities on an education platform such as Coursera, SANS, Cybrary, StationX, Heimdal, and edX.3
One can choose an introductory specialization, such as the course available at https://www.coursera.org/specializations/intro-cyber-security#courses.
There are some similar courses or learning paths designed on platforms such as Cybrary.
One needs to identify self-inclination towards one or both of the two aspects, i.e., attack or defense. The attack simulates the behavior of a bad and malicious actor to prepare better defenses. One must read and learn about red and blue teaming. However, some like to identify themselves with purple too. Individuals sometimes like to develop skills in the areas of both attack and defense.
A red team acts as adversaries. They attack a system by exploiting vulnerabilities in people, process, and technology to gain access.
A blue team with an inside view of the system defends its critical assets by educating people, and regularly assessing the defenses through monitoring, analysis, and audits.
A purple team works to bring red and blue teams together and facilitate cooperation. It helps to strengthen the overall security of the system.4
Collecting resources is more comfortable. However, systematically going through these resources requires a study plan. A plan is usually time-bound. It can help in selecting the appropriate resources as well. With a great goal in mind, one can work backward and draw a learning plan. A learner can choose a learning path or course suggested by a learning platform. For example, Cybrary provides courses such as CompTIA Linux+ and Become a Penetration Tester.
Despite unconventional learning styles, a plan might not usually get executed flawlessly. Expect all myriad changes to it and devise a non-failing strategy to complete the study plan. After identifying the quality resources, it is best to discover what one wants to learn first, further substantiating their inclination towards a specialization in the field.
Some of the helpful learning strategies are:5
- Learn one thing at a time. For example, OSINT, cryptography, password cracking, web application security, hardware security, security design principles, forensics, and privilege escalation can be learned one at a time based on perceived order of difficulty and complexity.
- Learn with perseverance and keep a fixed amount of daily time.
- Make maximum use of free time. Use audiobooks and podcasts. For example, one can select books from a list given at https://bookauthority.org/books/best-selling-cyber-security-audiobooks.
- Learn hands-on - Gain access to online labs. A list of websites that provide free labs is given below.
Labs for Hands-on practice
Concretizing the concepts would always require hands-on practice. However, it isn't easy to access the hardware, software, or technology that one wants to use while learning cybersecurity. One can access labs here on Cybrary.
With the help of these labs, one can practice the concepts of reconnaissance, scanning & enumeration, foothold, exploitation, and post-exploitation as part of penetration testing. One can also access Insider pro labs at Cybrary to augment their learning.
After gaining a little experience in understanding the types and nature of a problem, one can decide to find bugs for the web sites on the bug bounty platforms. These websites provide recognition as well as compensation in return for the reported bugs. These websites are great for adding experience to one’s profile.
- Bugcrowd - https://www.bugcrowd.com/
- HackerOne - https://www.hackerone.com/
- Intigriti - https://www.intigriti.com/
- Synack - https://www.synack.com/
- Yeswehack - https://www.yeswehack.com/
Internet Groups & Forums
One cannot forget that it gives the most knowledge when they copy and learn from others. An enthusiast can learn a lot by following the methods or by taking inspiration to create solutions from others. One might want to visit Discord and Slack groups to interact and learn from other community members. Most of the websites mentioned above have their groups on Slack and Discord.
The most important attribute of an information security personnel is note-taking. It is a habit without which no one can have a successful career in cybersecurity. Note-taking prepares an individual to write various assessment reports, which is an essential requirement of penetration testing, and also, this habit might help save much time during certification exams.
The right amount of motivation balanced with self-identification and interests will help an individual choose the best path to success in cybersecurity. The points mentioned above only touch the surface of this field and are intended for beginners. Individuals can become part of the community at Cybrary and discover their direction, possibly with a Mentor. Those who are interested in cybersecurity take responsible work roles such as cybersecurity analyst, forensic investigator, defense analyst, cybersecurity engineer in the areas of system and network administration, incident response, forensics, offensive system, or application security, and penetration testing.