The most common and frequently asked question to cybersecurity expert by newbies is how do I get started into cybersecurity? Where can I learn cybersecurity? and many other more questions.
What newbies should understand is that there is no systematic order , there is no step-by-step process, there is no roadmap which a person can advise you on how to get started.
Cybersecurity as an industry which is very diverse that each person you ask has a different story on how and why they got started and that is the beauty of this industry. Each cybersecurity expert you will meet will have a different background, will have a different story, and will most certainly have a different educational history.
There are people who have really strived in the industry and they are very skillful, but they do not have any cybersecurity degree nor certifications, when it comes to educational background, we have people who transitioned from different fields which are not computer science or related degree’s like engineering, psychology, librarians, and many other industries but they are currently the best cybersecurity experts.
To answer most newbies question, getting started can be very complicated because there are a lot of information out there about cybersecurity and if you do not know how to navigate through the irrelevant information most of the time you end up being stranded or not even getting started at all.
To Help all newbies out, here are some useful information which will help you navigate through the false positive to the reputable sources of learning materials which will give you a clear perspective on where you want to go with your career.
One piece of advice to the newbies, after finishing reading this, do more research, connect with experts from the industry and just have fun with your learning journey.
FACTS & MYTH’S
First, I would like us to discuss about the myths that are out there about this industry so that we can clear out the air.
Myth 1: There is only one cybersecurity career path.
Answer: There is a variety number of cybersecurity roles from which a person can choose from. It is not just about coding or breaking code. There are jobs that require a background in legal, sales, marketing or accounting that would be of benefit to help you land the right job.
Myth 2: You need a degree to get a cybersecurity job.
Answer: as much as this could be true but it is not always correct, there are a lot of people in the industry who do not have a cybersecurity degree.
Myth 3: It is too hard to get into cybersecurity.
Answer: It really starts with HR. They often rely on Applicant Tracking Systems (ATS) to weed out the number of unsuitable resumes that are applying for a position by filtering based on keywords. What that ends up doing is filtering out the right candidate. Here are few suggestions that could get you in the industry.
- Network – interact and talk with everybody and anybody, word of mouth is powerful.
- Join different communities.
- Volunteer doing projects.
- Ask for internship or volunteering jobs.
- Blog about technical things or start a YouTube channel and just showcase your skills does not have to be in cybersecurity specifically.
- Attend different events in your community or if your financially well off then attend international events like defcon etc.
- Never stop learning, there are a lot of things to learn out there or improve on your current skill set, there is always different ways to achieve the same result, go and do different online courses and attend online webinars.
Myth 4: You must be good in programming to get into cybersecurity.
Answer: It is an advantage to have programming skills but not everybody in the industry can code, there others who can read and understand the codes but cannot code themselves, so that should not discourage you if you are not a programmer
Myth 5: Big tech companies offer the best jobs while small do not.
Answer: There are plenty of available jobs at small tech-based companies that offer competitive salaries and benefits. Working for a small company has its advantages: you are more than just a component in a well-run machine. Just because a company is small does not mean that it is not precise and effective at acting; even big companies (such as Facebook and Google) have major data breaches that can go undetected for months.
Myth 6: You need to be a computer genius.
Answer: this was true back in the days but today there are different roles of cybersecurity which may not need technical skills and these skills are mainly focused on analytics and business.
Myth 7: All cybersecurity experts are computer geeks and do not have a social life.
Answer: this may not always hold true, yes some are computer geeks but do have social life, some cybersecurity experts are very socially intelligent who in the technical world are called social engineers.
Myth 8: I need to know everything about cybersecurity.
Answer: No, it is good to have a basic understanding of everything, but you do not need to know everything. There are a lot of cybersecurity paths and it would be wise if you just pick one and strive to become good at it, some paths even do not require you to have any technical background to even get started. Before choosing your path identify your strength and your passion.
CAREERS IN CYBERSECURITY
Newbies should understand that cybersecurity is not a single career like others example accounting, there are different career paths in cybersecurity that a person could pursue. There are two categories of career paths in cybersecurity which includes.
- This is the career path which requires an individual to have technical knowledge on how computer work, how do they communicate etc. some technical cybersecurity paths may include but not only
- Penetration Tester
- Vulnerability Assessor
- Incidence response
- Digital Forensics Analyst
- Security Engineer, Administrator, Software developer, Architecture
- Expert Witness
- Malware analyst
- Cryptographer
- Bug bounty hunter etc
2. Non-technical. This is the career path that does not require an individual to have technical knowledge of computers. Some of the non-technical cybersecurity paths may include but not only
- Product manager
- Cybersecurity PR/marketing
- Presales/sales support engineer
- Cybersecurity law
- Cybersecurity insurance
- Cybersecurity writing
SKILLS
Due to the diversity of career paths in cybersecurity, depending on what career path you want to take is the set of skills that you are going to have to acquire, but at the same time it is not bad to acquire the basics of everything, here are some of the skills but not limited to that an individual must have to prosper in the industry.
- Building and using virtual machines – they help you learn about different operating system and how to use them and as an expert you are supposed to be versed in more than one operating system. They give you the flexibility to train and research in an isolated environment without affecting your main driver. Want to practice configuring a server use a VM, throwing exploits on a target use a VM etc.
- Learn the Command line – at first glance it may be intimidating for a beginner, but you just must embrace it. The command line is the simplest and most efficient way of interacting with the operating system. The command line gives you the lowest level access to software functionalities that comes with an operating system. Most of the useful tools do not have a user interface so mastering the command line is not an option, it lets you expand your arsenal and gets you more done with less. The recommended command line to start with is bash since it comes with every Linux distribution and PowerShell is the go-to native shell for windows.
- System Administration – system administration involves administering and maintaining of computers, whether a personal device or a server. System administration is about knowing your platform and its variety of tools inside out. Learn by doing, install a virtual server and play with it, even when it breaks you will still be able to install another one. Practice makes perfect.
- Networking – this is the heart of it all, everything that you are going to create its eventually going to run on a network example if you build an application it is going to run on a network, if you send a message from one point to another they are going to be sent through the network. Here you will have to understand how devices interact with each other and how data moves from point A to point B. a good understanding of networking will make you good at troubleshooting. There are two conceptual models that govern computer networking TCP/IP and OSI, understanding these concepts will make you see the matrix and become very skilful at your craft.
- Personal digital security – as technology becomes more intertwined with our lives from interconnected cars to smart refrigerators the vulnerabilities and attack vectors are going to increase more and more, if you want to go deep into cybersecurity there is no good place to start with than yourself from passwords, encryptions to secure communications, you need to stay up to date with the latest security news and best practice’s and finally practising it out yourself.
- Research – one of the most important skills to learn is to know how to research and get answers for yourself, majority of the time while progressing into your career you might end up not having someone to guide you about a particular subject of expertise which will end up forcing you to go to google and do research about it on your own. Another scenario where you will need research is when trying to profile your target. 90% of hacking is not spent on attacking but it spent on the gathering information and the better your research the better your success rate of exploiting your target. As you can see research is an important aspect of cybersecurity.
- Report writing – it may sound like a simple thing but writing a well-structured report is a very difficult thing to do, in anything that you will be doing in cybersecurity at some point it will result in you having to write a report, this could be a report on a penetration test (hacking) you had done or vulnerability assessment that you had performed for a client or even a malware analysis you were doing. You will have to document every step that you had taken, what worked and what did not, what was your success rate, what impact your finding does it have on the business and finally providing some recommendations for the client to follow on to improve their security.
- Others – other skills that you are going to need during your career includes programming. At some point, you’re going to need programming skills that are going to help you in automating tasks and attacks. Another skill could be people skills which are going to be important in performing social engineering.
LEARNING MATERIALS
Getting started into cybersecurity is already a hard enough task to do that a lot of newbies face but also apart from that even getting the right learning material is another aspect that can get people starting out confused. There are a lot of learning materials out there but getting the ones that can really help you kick off your career can be very complicated. There are several categories of which fall under learning materials which include.
- YouTube – there are many channels of cybersecurity out there that teach you different aspects of the industry but one of the most famous ones are the ones that are going to be recommended here, these YouTube channels have been chosen simply because of how well different topics are being explained, these channels are.
- Hackersploit – covers different topics of cybersecurity.
- Null Byte – covers wireless security mostly.
- Ippsec – covers capture the flag from hack the box.
- John Hammond – covers capture the flag.
- Liveoverflow – covers capture the flag.
- Hak5 – covers news on cybersecurity example new exploits etc.
- Networkchunk – covers networking and ethical hacking topics but not limited to and other variety of computer concepts etc.
- STOK – covers bug bounty.
- Demmsec – covers ethical hacking.
- Eli the computer guy – covers windows administration.
- Nahamsec – covers capture the flag and cybersecurity topics.
2. Online platforms – there are great online platforms that really teach great topics of cybersecurity some of them but not limited to include.
- Cybrary
- Hackersploit
- Null byte
- Udemy – instructors like Hackersploit
- SANS
- EC-Council
- IBM
- CISCO
- FORTINET
- BASIS TECHNOLOGY
- International Cybersecurity Institute
- Offensive security
3. CTF Platforms – among the concerns of newbies while getting started in this industry is how they could practice their skills legally without breaching the ethical conducts of an ethical hacker. CTF’s is one of the great methods which people use to practice on their skills, these are cybersecurity games which cybersecurity experts use to practice their skills and gain more knowledge on how to exploit a target legally. These CTF’s have variety of challenges from cryptography, OSINT, steganography, binary exploitation, forensics, web application penetration testing and many other more which an individual could get themselves acquainted to. Here are some of the popular CTF platforms but not limited to.
- Hack the Box (HTB)
- Try hack me.
- Vulnhub
- Defcon CTF
- SANS CTF
- Google CTF
- OWASP juice shop
- Metasploitable
4. Books – reading has proven to be an effective way of learning to other people and based on that there are many books out there which a person could go to review and some of them include.
- Blue team field manual
- Red team field manual
- The hacker playbook 1, 2 and 3.
- The web application hacker’s handbook
- The basic of hacking and penetration testing
- Attacking network protocol
- The art of invisibility, Ghost in the wires, The art of intrusion and the art of deception by Kelvin Mitnick
- Bash cookbook
- Black hat python
- Digital Forensics with Kali Linux
Mentioned above are not the only books out there that a person could go and read. There are a lot more good books out there, just do more research, and have fun.
The mentioned learning materials are just places that you could explore and get started with your career but do not limit yourself to only what have been mentioned, go further, and do more research, always go beyond.
CERTIFICATIONS
As initially mentioned in cybersecurity there are different career paths, and each career path has its own certification that a person could do to achieve competitive advantage over other candidates. Certifications are very good, but you should not be caught up with the band wagon, what really matters in this field is the deliverable hence skills. The following are certifications which an individual could do based on the career path’s they have chosen.
- Penetration testing – Certified Ethical Hacker (CEH), Certified Penetration Tester (CPT), Certified Expert Penetration Tester (CEPT), CompTIA Pentest +, Offensive Security Certified Professional (OSCP), EC Council Certified Security Analyst (ECSA), Licensed Penetration Tester (LPT) etc
- Auditing Certification – Certified Information System Audit (CISA), Cybersecurity Audit by ISACA, Certified Information Security Manager(CISM), Certified Information System Security Professional (CISSP) etc
- Digital Forensics – Computer Hacking Forensics Investigator (CHFI), Certified Forensics Computer Examiner (CFCE), Certified Computer Examiner (CCE), Cyber Security Forensics Analyst (CSFA) Global Information Assurance Certification (GIAC), Encase Certified Engineer AccessData certified Examiner (ACE) etc
- Network Security – Certified Cloud Security Professional (CCSP), CompTIA+ Security +, Cisco Certified Network Associate (CCNA), Certified Network Defender (CND), Cisco Certified Network Professional (CCNP) etc
Those are some of the certification’s that you could pursue but there are more.
COMMUNITIES
For those who are starting out in cybersecurity joining communities would be the best thing that you will ever do because you are going to meet with different people from the industry and get to learn from them and you may even find yourself getting a mentor, so joining communities should be on your priority lists. Here are some but not limited to cybersecurity communities.
- Defcon
- Blackhat
- ISACA
- Hackersploit
- Hack the box.
- CyberTalents
- Hacker one
- bug crowd
- Internet Security Alliance
- OWASP
- SANS Institute
The mentioned above are international or should we say popular communities but there could be communities in your local area you could also join those or if there is none in your country you could take an initiative to start one.
FREQUENTLY ASKED QUESTIONS
when they are getting started due to the number of uncertainties that they have of this industry. These questions arise because the newbies do not know what path they would want to take so they resolve by asking questions which are their way of trying to figure things out. Here are some of the questions that people who are getting started or want to get started in the industry ask but not limited to.
Question 1: Do I need programming to be in cybersecurity?
Answer: No, there are a lot of career paths in cybersecurity which you could pursue without needing to code a single line of code, but if you into technical things well it could be an added advantage to know programming, but it is not necessary.
Question 2: Do I need a certification?
Answer: not necessarily so, as much as certifications look good on your CV whats more important in cybersecurity is experience and skills, I do not mean do not take any certifications no, do not quote me wrongly, but what am saying that it is not necessary
Question 3: Where can I start?
Answer: start now and start from anywhere, cybersecurity is a diverse industry and there is no clear way or a step-to-step procedure on which you could use as you progress in the industry, if you want to get in the industry just start, there is no correct way or right approach to use, each knowledge and experience you have is beneficial somewhere.
Question 4: Is it possible to land a cybersecurity job without a cybersecurity degree?
Answer: Yes, there are a lot of people in the industry who do not have a cybersecurity degree but still thrive through self-learning, networking and getting mentors, once again don’t quote me wrongly, I don’t mean getting a cybersecurity degree is bad or you should not get a cybersecurity degree no all I mean is that it is not always necessary, there are some people who also get into the industry through certifications only.
Question 5: What skills do I need to get started?
Answer: Any skill that you have is going to beneficial in the industry if its networking, programming, marketing, sales, social skills etc they are all useful skills in the industry. Whats most important is your mindset, the right thinking and ability to analyze a problem from a different perspective or from all perspective.
ADVICE
Cybersecurity is a very interesting and fun field cause you are constantly learning and growing your skills, there is always something for everyone to learn from. For the newbies here is some advice that would help you during your journey.
- Find a mentor.
- Google is your friend. If you do not know a terminology or a certain technology, or how to do something, just google, google is your answer, there are a lot of materials in google which is going to help you.
- Always document. If you learn something new today always go down and write everything that you have done. For example, if you have learnt how to create a virtual lab, document that, it is going to be useful in the long run.
- If there is no opportunity try and create one for yourself. You may find yourself in a country that has no cybersecurity community, well that would be an opportunity for you to take the initiative to start one etc.
- Do not get into cybersecurity because of the money, that should not be your motive, get into cybersecurity because of the passion and interest, if money is your motive you might end up leaving the industry because you will get to a point where things start becoming more and more tough and frustrating.
- Network. Talk to people, learn from people and always be humble. Each person that you meet knows something that you do not know so always try to network and learn from people.
- Understand how things work example learn how computers work, how they transfer information from one point to another etc.
- Do not hesitate to ask questions. Whatever burning question you have or you have not understood a certain topic feel free to ask anybody and everybody from the industry, the beauty of this industry is a lot of people are willing to share knowledge.
- Join communities. You might meet people who have been in the industry for a long time and you could learn from them, what mistakes they made so you do not fall into the same rabbit hole etc.
- Research and research more.
- Be aggressive and eager to learn.
- Do as many personal projects as you can, create or do challenges and learn from them.
- Get on to YouTube channels and learn from there example Ippsec, Hackersploit, Nullbyte and many other channels.
- Online courses are important.
- Online platforms are an important example hack the box and try hack me.
- Every skill you learn and the experience you get is not a waste.
- Practice makes perfect.
- There is no clear route on which you can use to get started. JUST START.
- If you see an opportunity go for it.
- Give back to the community. A lot of professionals in the industry do not like people who do not want to share their knowledge and experience. You could start by teaching people from your community once you have already settled in the industry and got some few good experience on your belt. Pass on the knowledge to others.
- Inspire others
Click on the link below to download PDF file of the article
Excellent guide no more words ,better you put some statistics there
Thank you very much will put that into consideration
Awesome. This is so easy to understand. Most people try to make it sound like u need two heads to do this.
Am glad you got to understand whats needed to get started into cybersecurity
This blog post is well documented with rich content. Mr. Kharim Mchatta is such a wonderful writer
thank you shafii for the kind comments
You explain it well, through this article you lighten up the way to all newbie like me! And you made it easy for me to know excatly what i was looking for!
I have got all the answers for the questions i wanted to ask an expert in cyber security