Cybersecurity is an overwhelming subject. There are hundreds of paths one can take in order to get to one of the various jobs in the area. Pentester, DevSecOps Engineer, Blue Team Specialist are just some of the titles in the Cybersecurity microcosmos, and sometimes it can be really difficult to find the right way into it. This post isn't suppose to write the Ultimate Truth about CyberSec, but rather evaluate my experience breaking the first waves into this really gigantic ocean, and maybe serve as one of many other guidelines a prospect professional in this field should research and consider before making their own choices.
First, let's take a look into the technical or hard skills. These are the techniques and knowledge you gotta learn to stand out in most situations. I like to think that one should always be prepared for the opportunities that might appear, and getting proper knowledge and certifications in these three particular subjects is how you gonna build a strong foundation in Cybersecurity.
But something important to note is that hard skills can be learned at any time. Better than that, it's really good to develop your own soft skills! These are not as common to see in the regular script kid, but they are outstandingly necessary nevertheless. So it's good to learn how to clearly communicate your ideas, how to deal and lead people and how to be ready to develop and evolve everyday.
Right, right. Without further ado, let's jump into practical stuff here.
Over The Wire. This cyber wargame is the perfect starting point to get your feet wet and get a gist of the cybersecurity environment. Their most basic room, Bandit, is what you need to get some hands-on experience. And even though one of the most important skills a cybersecurity professional (and any cybersecurity professional, to be honest) could have is Googling your way around any trouble, I'll also add one of the many fantastic resources provided by John Hammond in this link here, where he explains everything you need to know in a really well-crafted walkthrough.
Linux System Administration. Knowing your work around Linux is an awesome way to troubleshoot problems in servers and cloud computing services, since most of them are Linux based. It's also good to leverage information while attacking a machine in a penetration test assessment. So going through this complete course on Geek's Lesson Youtube Channel is a nice way to start understanding how Linux works.
Offensive Security. Knowing how to run (or build) a network mapping tool, as well as understanding how to gather information and exploit a vulnerability you found are a must in a Cybersecurity technical role. Even if you're not aligned with the Red Team premises in your company, you better understand how the adversaries work, in order to better prepare your defenses or better design and develop your applications before releasing them into production. For that, this complete course from Heath Adams is all you need to get a practical way around hacking situations.
INE Cybersecurity Learning Paths. After acquiring the right to be the official training platform for eLearnSecurity's courses, INE became a mandatory stop in a prospect cybersecurity professional. PTS (Penetration Test Student, one of their learning paths) is the official course for one of the most prestigious entry-level penetration test certificates out there, the eJPT. And the best thing is: It's for free, meaning you only have to pay (as of now) $200 for the exam voucher, while all the learning costs absolutely nothing! That's a really good move for beginners, and considering how important certifications are in this field, no matter what career path you take, this is also an awesome kickstart for you!
FreeCodeCamp. With a free 300 hours curriculum focused on Cybersecurity (and some other 300 hours curriculums for various different subjects as well), FreeCodeCamp can provide you extra materials for you to start developing your own tools and applying some processes to better secure networks and applications.
GitHub. Github is well-known as a code repository and a geek paradise, but you can also find hundreds of repos with new tools, techniques and more resources for you to keep always developing your career and learning more every day. Some of my favorite Cybersecurity-related github repos are:
TryHackMe. In my humble opinion, the best learning resources for beginners. Just subscribe there and search for rooms and start hacking. Learn a lot from them, and if you wanna get a better perspective of what you're learning, you can subscribe to their platform and follow some learning paths, focused on both Offensive and Defensive techniques and situations.
Bug Bounty Hunting. Once you get all your basics done, it's time to put them into practice. But before you get a job, you can legally hack into companies that have a Bug Bounty Program. The path to find a bug is not easy, but you shouldn't go there for the financial reward of it. Take it as a learning experience, where you can probably find some bugs and earn some money in the process. This way you're going to practice your skills in real-world applications, and get a better glimpse on how things are done in the wild. For that, you can register to a bug bounty platform of your choice (like HackerOne or Intigrity), sign up to a program that you found interesting and start hacking! To help you in this journey, I can't recommend enough Katie from InsiderPhD, and her videos must be one of the better resources for beginner's out there.