Hey there, amazing reader! Imagine yourself diving into a journey that leads to an exciting and rewarding career in cloud cyber security. I want to share with you my own path, the strategies that worked for me, and some practical advice to help you achieve your goals. Let’s embark on this enlightening journey together!
Start from Zero: The Basics
Many people ask me how to study cloud cyber security and get an entry-level job. They often feel confused about where to start. I was once in your shoes, and I’m here to help you clear the fog and set you on the right path.
Step 1: Begin with Linux and Python
First, start with learning Linux and Python. Here’s how to break it down:
- Linux: Spend 20-30 minutes daily learning Linux. Any distribution will do—Ubuntu, Parrot, CentOS, Kali—all are fine. I personally use Parrot OS installed on my main system, not in a virtual box.
- Python: Dedicate another 20-30 minutes each day to Python. Don’t rush through it; coding is a skill that requires consistent practice over time.
Step 2: CISSP and Vulnerability Assessment
- CISSP: Listen to CISSP recordings and note down the key terms and concepts your trainer emphasizes.
- Vulnerability Assessment: This course is crucial. It includes both theory and practical videos. Make thorough notes, as this will help you immensely in landing a job.
Do this for one month. Remember, consistency is key. Don’t try to complete Python in a week—it’s a gradual process.
Practical Advice on Linux
Many people get confused about which Linux distribution to install. My advice is to install Parrot or Ubuntu directly on your main OS. It’s perfectly fine to learn commands and concepts as you go. Don’t get stuck on which system to use; just focus on learning the concepts and applying them practically.
Moving Forward: Adding More Layers
Step 3: RHEL Course
Now, move on to the Red Hat Enterprise Linux (RHEL) course. The videos are lengthy, but set a daily target of one hour. Use ChatGPT to break down complex topics:
- Prompt Example: “Explain [topic] in detail with examples, practical explanations, real-world scenarios, and how to perform it during my job role.”
Make notes of the concepts and commands you learn. After understanding the theory, focus on the practical aspects by fast-forwarding through the videos.
Step 4: Add Bash and SOC/Elasticsearch
- Bash: Start a short course on Bash scripting, dedicating 30 minutes daily. Use ChatGPT to help with coding tasks and understand the practical applications.
- SOC/Elasticsearch: Begin learning about Security Operations Centers and Elasticsearch. Take live classes if possible, and integrate what you learn into your daily practice.
Building Your Professional Profile
Step 5: LinkedIn Optimization
Create a LinkedIn account and optimize it. Document your daily learning journey and connect with professionals in your field.
Step 6: Web and Network Security
Start the Web Security Testing Guide (WSTG) and network security courses. These are vital for understanding how to secure web applications and networks. Solve labs, read articles, and keep abreast of the latest vulnerabilities.
Deep Dive into Pentesting
Follow the OWASP Top 10 and PortSwigger labs to learn source code review and API pentesting. Complete the apprentice labs on PortSwigger to get hands-on experience.
Practical Experience: Bug Bounties and Real-World Application
Apply your knowledge in real-world scenarios through bug bounty programs. This will help you gain practical experience and understand the real-world impact of your skills. Create a resume highlighting your skills, lab completions, and any findings from bug bounties.
My Personal Journey and Advice
When I started, I completed the AlNafi labs for web and network pentesting, CISSP, and vulnerability assessment courses. I had a well-optimized LinkedIn account and participated in bug bounties, earning hall of fame mentions. Despite facing initial rejections due to lack of experience, I kept applying and eventually landed a job. The key interview questions were about web pentesting, XSS attacks, SQL injection, authentication bypasses, and mitigation strategies.
On my job, I perform black box and white box testing, scan applications, and test Android apps using tools like Nessus.
Final Thoughts
Learning cyber security and getting an entry-level job takes time and dedication. Here’s a timeline based on my experience:
- 6-8 months: For non-IT individuals
- 4-6 months: For CS graduates with basic knowledge
- 3-6 months: For IT professionals studying 4-5 hours daily
Consistency, practical application, and continuous learning are essential. Make proper notes and review them regularly. If you have any questions, feel free to comment below, and I’ll be happy to help.
Thank you, and best of luck on your journey!
I hope this detailed guide helps you on your path to a successful career in cloud cyber security. Remember, every step you take brings you closer to your goal. Keep learning and growing!
Top comments (0)