Beginner Guide To Getting Into Cybersecurity

A while ago, I was invited by a local Google Developer Students’ Club to speak about the beginner’s journey into cybersecurity. Every time I come across the slides, I am reminded to turn them into a blog post, so here it is, finally! Please note that the content I share in this article is a copy-paste of the slides, hence the brevity. Each section also includes learning resources and materials.

Summary of My Journey in Cybersecurity

• Started while focusing on the defensive information security path. (digital forensics)
• Dealt with a lot of theoretical work (think of your lectures 😁😁)
• Dealt with a lot of self doubt, thinking I didn’t have proper skills to jump into the technical security side.
• After trying to get these ‘proper skills’ , finally ,made the shift to ethical hacking.
• Actively started working on technical skills in ethical hacking

Issues You Might Deal With In Your Cybersecurity Journey

• Self Doubt
• Imposter Syndrome
• Learning path unclarity and information overload
• Career path unclarity
• Information security opinions and misconceptions (gatekeepers)
• Burn Out

The Learning Path For A Security Career

• You will be constantly learning.
• Ensure you are passionate about cybersecurity.
• Some of the training may be focused on certifications, but you don’t need to take one. However, it is a great addition to landing a job.

Different security fields may have different paths but these are common in almost all fields:

LEVEL 1: FOUNDATIONAL SKILLS

1. Basic IT Skills

• Think of helpdesk IT skills
• Troubleshooting and fixing IT issues
• Many of the skills required are in the compTIA A+ certification.
• Study course work related to such certifications.

2. Networking

1. Networking concepts

• Different networking ports and protocols.
• OSI Model
• Routing and switching
• Network Addressing
• Network topologies
• Wireless technologies
• Network services

2. Networking Infrastructure

3. Network operations

4. Network security

5. Network troubleshooting and tools

3. Linux Skills

• Linux skills are important for ethical hacking
• Debian distribution (kali/parrot)
• Use any other distribution or build you like
• Learn through practice. Don’t depend on tutorials entirely
• You can use Linux for some few days as your primary OS to build on consistency.
• You can install it as a VM using VB/ VMware etc..

4. Coding and Scripting Skills

• Ensure you are able to read code.
• Different levels of developing may be needed for different areas of cybersecurity. The basic requirement is that you are able to read code.
• Most guys in security don’t like coding, in fact some of us fear it 👀
• Start with python programming since its easier then move to any other language of your choice.
• Heath Adams recommends that you learn Python3 instead of Python2.
• Use FreeCodeCamp, Codecademy or 30daysofpython on GitHub for this.

LEVEL 2: FOUNDATIONAL SKILLS

*Note that from here; the learning path will be focused towards the ethical hacking career path <worry not>

• During my learning, I saw the need to start from an offensive learning path before switching to a defensive path.
• During the offensive learning, you will have picked up some hacker methodologies you can use to counter attackers.
• Look for a great ethical hacking course (TCM Security on YouTube, look for vouchers on Udemy)

***ensure you gain proper report writing skills.

LEVEL 3:PRACTICING

• Tryhackme (follow the beginner learning path which has free rooms),
• Hackthebox
• VulnHub
• Pentester Lab
• Portswigger labs

(this is the comprehensive learning path for becoming an ethical hacker by Heath Adams)

LEVEL 4: COMMUNITY SUPPORT

• YouTube (Nahamsec, CyberMentor, John Hammond, David Bombal)
• Twitter
• Blogs and Write-ups
• Discord channels
• Join local security whatsapp Channels/form yours

Additional steps for those who want to focus on other fields apart from ethical hacking

LEVEL 5:PROFESSIONAL NETWORKING

This is not TCP networking lol

• Create a twitter & a LinkedIn Account
• Connect with friends who are in security.
• Form CTF teams and practice. (ctftime)
• Join security discord channels

LEVEL 6: PERSONAL BRANDING

You <insert name> are a brand!

• Create a blog e.g. for writeups
• Start a security related YouTube Channel.
• Be active on Twitter
• Be active on LinkedIn
• Offer to speak in webinars and conferences
• Work on your presentation skills
• Work on your interpersonal skills.

YOU HAVE THE BASICS!

Now that you have gained a proper foundation of the basics of hacking, you can familiarize yourself with different areas;

1. Active directory (important since most companies utilize it)
2. Web Application Hacking
3. Wireless hacking
4. Chase for certifications (optional)
5. Exploit development
6. Privilege escalation

Additional information and resources on these areas can be found here

I always joke that all my presentations must have a meme and it’s now starting to become a thing haha!

REFERENCES TO ALL RESOURCES MENTIONED

• Basic IT Skills
• Networking Courses
• Linux Skills
• Tryhackme beginner learning path which has free rooms.
• Comprehensive learning path for becoming an ethical hacker by Heath Adams
• Additional information and resources on all areas. (for links of all resources, twitter profiles to follow, youtube and discord channels

Some of the resources above have 2 links. Also, that’s all for now. Feel free to leave a comment on other reliable resources.

Margaret Kamau is a tech student, Information Security researcher passionate about everything in tech, especially cybersecurity. You can connect with her on twitter and LinkedIn