I’m interested in cybersecurity. Where do I start?
I started asking this question less than a year and a half ago!
The most common response was “It depends. What area of cybersecurity are you interested in?”. That is a hard question to answer when you don’t know enough to even know what the options are!
As Jason Fried writes, learn from someone who is only two steps ahead of you. If you are at the very beginning of your cybersecurity journey, here are some suggestions from one of those someones!
What’s out there?
Start by researching what’s out there! Google searches such as “cybersecurity career mind map” or “cybersecurity certification roadmap” will give you ideas on the careers and paths that others follow.
Read Rafeeq Rehman’s CISO MindMap 2022 to see various career options!
Read Daniel Miessler’s Security Certification Roadmap to learn about some of the certifications out there!
Check out my Reading, Listening, Learning, and Bookmarks pages for some of the books, podcasts, events, and platforms that I have been learning from!
Books
If you like to learn through reading, you can read free books through Libby using your local library, or you can buy bundles of books at affordable prices through Humble Bundle. Plus, they donate a portion of that money to charities!
Libby
Libby is an app that allows you to borrow ebooks and audiobooks from your local library. All you need is a library card to create an account.
There are tons of books available from the Ottawa Public Library. Your selection may be different than mine depending on your library. If you are studying for a certification then search for it on here to see if there is a study guide! It may be an older version, but it’s free and will contain a lot of the content!
Humble Bundle
Humble Bundle | game bundles, book bundles, software bundles, and more
Humble Bundle has many cybersecurity, programming, data, and tech bundles!
These bundles ranged from $21 to $38 and contained approximately 21 books per bundle!
If you download the Humble Bundle app then you can create a watchlist for specific terms (or videogames!) that you are interested in buying at a discounted price. This will notify you whenever there is a bundle that matches one of your search terms.
TryHackMe
TryHackMe is a wonderful place to start learning! It will be beneficial to learn the basics whether you want to be a penetration tester, a SOC analyst, or work in something non-technical such as awareness or governance. These paths will teach you about:
Terminology
Networking
Linux fundamentals
Windows fundamentals
Tools
Vulnerabilities
Cryptography
Web application security
Industry standards and frameworks
And so much more!
It costs $10 usd per month or $90 usd annually. You can try many rooms out for free to see if you like it first.
Paths
Write ups and walkthroughs
Many people who do TryHackMe document their answers and sometimes explanations of how they got to those answers. They share this information through write ups and YouTube walkthrough videos. Google “Tryhackme writeup [insert room name]” or search it on YouTube to find help whenever you get stuck!
If your goal is to be a penetration tester then try to do what you can before looking up the answer, but use write ups and walkthroughs to learn when you are really stuck!
My goal was never to be a penetration tester. I just wanted to learn terminology, tools, and the realm of the possible. So I used the write ups and walkthroughs to speed up my awareness that something existed or was possible instead of spending a lot of time perfecting the skills taught through the rooms!
Read aloud function
Some of the rooms have a lot of content and I had trouble paying attention long enough to get through them. I used the Microsoft Edge “Read aloud” function for those rooms so I could just follow along as the computer read to me!
Motivation
Find people who are two steps ahead! Or people who are following the same path as you!
Many people on Twitter share the TryHackMe rooms they complete. Follow people who are starting TryHackMe at a similar time as you and people who seem to be a year or two ahead! It’s nice motivation to find a community, cheer each other on, share resources, and have people to ask questions to!
Re-evaluate each time you learn a little more and refine what your next goal is!
What’s next for me?
I have started 8 certification courses through the Mossé Cyber Security Institute. The tasks in these courses are hands-on, way over my head, and estimated to take 3,450+ hours total to complete. Follow along here on my blog as I muddle my way through! :)