In InfoSec, there are many ways to improve on skills. Some people watch videos, some read books, some use practice labs, and some find mentors to guide them on the beginning of their journey in Cybersecurity. The most successful people in Cybersecurity realize is that no one will ever know everything, but they know how to teach themselves anything.
"How do I get started in Cybersecurity?"
There is no single answer that works for everyone, but there is a universal resource that gives everyone a level playing field: Google. Software developers, ethical hackers, and sysadmins all do the same thing when they don't know something, they look it up. They look to see if people have had their question before, or if there is anything similar that can help them. As a beginner, you can do the same. Ask yourself what you want to do, or what job your aiming for and search for the skills associated with with the task. Start at the basics. If you want to learn how to secure your website, search web security techniques. Learn how an attacker would look for vulnerabilities within your site, and learn how a defender would patch them. Then search for the skill set needed to scan for vulnerabilities and patch them. You don't need all the answers, just a few simple questions.
Udemy has lots of free courses
Some College and university teachers have helpful websites
Cybrary has cheap courses as well
Get a degree from Youtube university
"So I've learned the basics of what I want to know, now what?"
You can't understand security of computer assets if you don't understand the computers themselves. Once you learn the basics of how something works, learn about how it's secured, and how those security measures can be circumvented. For example, there are lots of common security mistakes that programmers make. Just because the program works doesn't mean it's secure. This is where the questions become more specific.
"I need help, and google isn't enough!"
Sometimes a random guide online or an outdated YouTube video doesn't help you solve your problem, or learn the skills you're looking for. This is when you have to reach out to people with some level of expertise to explain the concept in a new way, or give you resources that will help you. This all coincides with building your network! You can find people like this all over the internet with the sites you probably already use! Here's some pretty good places to start!
Discord
Slack
Twitter
Youtube
Instagram
Now that you've found people, you have someone to ask these specific questions.
Now that I've gained some skills and met some people, I want more!
There's so many ways to interact with the InfoSec community, and one of the popular ways to do so is attending conventions, or "cons" for short. At these cons, people congregate to learn about different topics in security."Talks" are presentations and demonstrations on what security researchers have been learning. There's also "Villages" or CTFs in which people can participate in to sharpen their skills. There are lots of different cons going in the world all the time. Even if you can't travel to attend the cons, the talks are typically posted somewhere online, or the slides will be tweeted. Some Cons however, only require an internet connection. This year, I attended VirSecCon 2020 and for completely free! Cons expose people to new ideas and disciplines. Now you're given questions you didn't know you had. Finding the answer to these sometimes help you in your own research.
"I have some skills, and a small network in the field. How do I test my skills?"
Capture the flag competitions (or CTFs) are an amazing way to test your skills. CTFs are challenges designed to test the skills of Cybersecurity practitioners or anyone willing to participate!
CTFs are mostly offensive, but can be defensive focused. There are jeopardy style CTFs attack and defense CTFs, PWN challenges and many more! There are also many different styles. There are in person CTFs at cons, but there are also many online CTFs like ones on HackTheBox , CTFtime.org , OpenSOC.io, and more. Some challenges offer lots of help, and some don't. This is what makes CTFs a great stress test to find out what you do and don't know. The best way to improve at these challenges is to look at the answers from past CTFs with similar skill sets. These are known as writeups. Some larger CTFs have prizes like lots of money, or job offers!
There is an entirely different set of guidelines to follow while trying to procure a job in InfoSec (which will be in a later post), but as for the basic skill set and methodology, this is is a short list of things to do to break into the community.
"This stuff is hard!! How do I stay motivated?"
Just because you see other people around you doing different or more advanced things doesn't mean you aren't working hard. Sometimes people understand certain concepts easier, and some have been practicing longer than you have. Don't compare yourself to anyone but the you of yesterday. Everyone's InfoSec journey is unique. Don't be afraid to take help from multiple sources, and don't forget to help people that know less than you about a subject. Every master was once an amateur.
"What would you say to people that are just getting started in InfoSec?"
Don't ask more questions, craft better ones.
It may seem trivial now, but what helps me through any challenge or learning a new concept is that mantra. Sometimes I have to sit back and realize that I'm increasing the volume of my questions rather than increasing the quality of them. Enumeration is always key, and it will lead you to right answer. Learn the vocabulary the subject you're learning so the experts understand you, and do your own research before asking questions. Quality questions yield quality answers.
Top comments (0)