I want to start looking into Cybersecurity in 2022. I’m starting a bit late since this is already April but that’s okay. Lately, I’ve been taking time to reflect on where I want to go and what I want to do. I keep having this feeling that I need to decide my next step soon instead of letting the flow take me.
So here are the steps I’ll be taking to get to the end goal of a career in Cybersecurity. I am taking this from an interview on YouTube by Davis Bombal talking to John Hammond located here: 2022 Cybersecurity roadmap: How to get started?
Learn How to Program
Basically, learning to program will make everything else easier to understand and it’s way more fun to start with programming than it is anything else. This can set the stage for the next steps of learning things such as how computers talk to each other and how they interact through networks.
The recommendation was to learn Python as this language is used quite often in Cybersecurity. It’s easy to read and write. There are a lot of concepts that are able to be learned from Python. It is labeled as a scripting language though and not as a compiled language. The second language to learn was Golang. This was because Golang there is a “crazy amount of concurrency” along with other benefits that I don’t personally know. I am interested in seeing how Golang could be learned in my career.
Play Capture the Flags (CTF)
One of the best ways to learn something is to make it a game or competition. That’s how I personally learn and remember the best. My motivation to learn something goes through the roof if it means I can solve a challenge that awards me points and shows me ahead of another guy. This doesn’t work for everyone, but I think most people would get find it very motivating.
The suggestion was to start with Pico CTF as that is the most beginner-friendly. Following that, there are other sites that gamify the learning process such as Hack the Box, Try Hack Me, and for Linux, Over the Wire.
Over the Wire, was also mentioned to be very important in the case you do not know a lot of Linux.
Make sure to show your work as you go through the CTFs and other sites. This can be through a blog or GitHub. It helps a lot when talking to potential employers as you can show your skill.
Work Through a Certification
The discussion in the interview was surrounding the Offensive Security Certified Professional
(OSCP) as a certification to go for. I believe this was because Josh was a big proponent of the offensive security section of cybersecurity. I think it could be fun to look into.
The path to that certification starts with Security+ though. This is a basic certification that gives a more broad understanding of the most up-to-date concepts that should be understood in cybersecurity.
The next step depends on your level of understanding. It was mentioned to look into Network+, another CompTIA certification, or to try E-Learn’s Junior Penetration Testing (EJPT) which would then be followed up with the OSCP.
Through this route, you can make a big step in your cybersecurity career and it will help you get noticed for your work. Certifications don’t guarantee a job but they help a lot with showing your work.
Decide What Path You Want to Go Next
The final advice was to make sure to keep your eyes and ears open to opportunities that interest you specifically. There will always be friends, co-workers, and others who will get hyped up about a specific section of cybersecurity but make sure that you are interested in that as well. If you find something else more interesting such as defending against hackers or cryptography, make sure to follow that path even if you are going against the grain.
Resources Mentioned
John Hammond Playlist: https://davidbombal.wiki/johnhammond
// OSCP from Offensive Security //
https://www.offensive-security.com/
// GO by example //
// Hack The Box //
HTB Academy: https://davidbombal.wiki/htbacademy
HTB: https://davidbombal.wiki/htb
// Try Hack Me //
// Pico CTF //